logs for inspection
- Thread starter tomrca
- Start date
- Status
momok
Posts: 2,127 +6
Hi,
Your logs are clean. However, I'm just concerned about your Lexmark printer. It created a folder Lx_cats in your C:\ directory, and I found several sites in google warning of spyware added by Lexmark, with that folder being a telltale sign.
Here's a link for more information. Link.
Regards,
Your friendly momok =)
This thread is for the use of tomrca only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Your logs are clean. However, I'm just concerned about your Lexmark printer. It created a folder Lx_cats in your C:\ directory, and I found several sites in google warning of spyware added by Lexmark, with that folder being a telltale sign.
Here's a link for more information. Link.
Regards,
Your friendly momok =)
This thread is for the use of tomrca only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
tomrca
Posts: 924 +3
as will see, i have just removed "Backdoor.Hupigon.dtj" this was seated in "O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing).
i forget at the moment, but do i need to go into safe mode to complete this fix.
thanks, i do know about the lex printerbut i am not over bothered about that. as you know thats not a great problem really.
i forget at the moment, but do i need to go into safe mode to complete this fix.
thanks, i do know about the lex printerbut i am not over bothered about that. as you know thats not a great problem really.
momok
Posts: 2,127 +6
Hi,
I sort of missed that one out! Sorry about that..
By the way, there's no need to enter safe mode for that since the original file has been removed.
Just go to start > run > services.msc
Search for COM+ System Application Manage and disable the service from starting if you see it.
Then go to regedit and search for COM+ System Manager and delete the entry associated with it. Your system should be clean then.
I would also suggest clearing your AVG Antispyware quarantine folder, and then turning off and on system restore to set a new clean point for your system.
Regards,
Your friendly momok =)
This thread is for the use of tomrca only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I sort of missed that one out! Sorry about that..
By the way, there's no need to enter safe mode for that since the original file has been removed.
Just go to start > run > services.msc
Search for COM+ System Application Manage and disable the service from starting if you see it.
Then go to regedit and search for COM+ System Manager and delete the entry associated with it. Your system should be clean then.
I would also suggest clearing your AVG Antispyware quarantine folder, and then turning off and on system restore to set a new clean point for your system.
Regards,
Your friendly momok =)
This thread is for the use of tomrca only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
COM+ System Application Manage (COM+ System Manager)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Dllhost.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Common Files\System\Dllhost.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
COM+ System Application Manage (COM+ System Manager)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Dllhost.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Common Files\System\Dllhost.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
tomrca
Posts: 924 +3
hi howard & momok.
none of the files existed. the only trace found was in services and regedit.
after deleting the file path in registry, it left "COM+system manager Acapella Ltd.(no file)". it wouldn't allow anymore deletions. although there was the COM+system manager in the pane on the left, i did not attempt to delete it. after saying this, as there is no processes supported by COM+system manager, is this services deletable? if so how?
none of the files existed. the only trace found was in services and regedit.
after deleting the file path in registry, it left "COM+system manager Acapella Ltd.(no file)". it wouldn't allow anymore deletions. although there was the COM+system manager in the pane on the left, i did not attempt to delete it. after saying this, as there is no processes supported by COM+system manager, is this services deletable? if so how?
howard_hopkinso
Posts: 21,238 +17
Please post a fresh HJT log.
Regards Howard
This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Lol, you should stop that service again as it`s nasty.
Have HJT fix the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: COM+ System Manager - Accapella Ltd. - (no file)<Notice the Dllhost.exe file is no longer there.
Other than the above, your HJT log is clean.
Just stop the service again and you should be good to go.
Regards Howard
This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Have HJT fix the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: COM+ System Manager - Accapella Ltd. - (no file)<Notice the Dllhost.exe file is no longer there.
Other than the above, your HJT log is clean.
Just stop the service again and you should be good to go.
Regards Howard
This thread is for the use of tomrca only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
BlizzGone: Blizzard cancels 2024 convention but promises an eventual return- GodisanAtheist replied
