TechSpot

Peculiar little bug

By Bollen
Jul 4, 2006
  1. I'm having the most annoying problem with something called BGATES[1].exe it keeps coming back no matter how many times I block it or erase it using different anti-spyware or anti-virus applications. I've tried everything on this site, so please. Can anyone help!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. Bollen

    Bollen TS Rookie Topic Starter

    Hello and thank you for your quick reply. Actually I've read many of your threads before I posted this one trying to find a solution. I also followed all the steps suggested in the "instructions before you post" page. the result was: Housecall-trendmicro: Found nothing. Kaspersky: Didn't work after 3 attemps. Begin2Search / Coolwebsearch: Nothing once againg. My Lavasoft found nothing, Spybot found nothing. The ewido found something and it put it quarantine but the problem persisted. The report keeps coming from McAfee virusScan 8.0.0. In my desperation I blocked C:\Documents and settings\Claude\Local Configuration\Internet Temporal files and also C:\WINDOWS\Temp\win7.tmp.exe 'cause it kept popping up. I don't know if I did wrong but as long as I've been writing this reply nothing has happened.
    One more thing my xp is in Spanish, I don't know if this will make a difference.
    Once again thank you.
    PD: OK the problem just came back, snif!
     
  4. Peddant

    Peddant TS Rookie Posts: 1,644

    Howard wants an HJT log.You must provide one. :)
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Go and read this thread HERE.

    Then, post a fresh HJT log into this thread.

    Regards Howard :)
     
  6. Bollen

    Bollen TS Rookie Topic Starter

    I'm so sorry! I thought I did.
     
  7. Bollen

    Bollen TS Rookie Topic Starter

    It was my Java script, it wasn't enable. Sorry again.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.ncl.ac.uk:8080<only fix this, if you don`t know what it is, or you have not set this proxy yourself.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F149AB5-42DF-4C69-8B62-379881B6B451}: NameServer = 128.240.229.18 128.240.229.34<Only fix this, if it doesn`t belong to your ISP.

    O20 - Winlogon Notify: winvhw32 - C:\WINDOWS\SYSTEM32\winvhw32.dll

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\SYSTEM32\winvhw32.dll

    Once your system has rebooted, turn system restore back on and post a fresh HJT log.

    Regards Howard :)
     
  9. Bollen

    Bollen TS Rookie Topic Starter

    Thank you! That was a very quick reply. Only one question before I proceed. I use Newcastle University conexion so it does require proxies. I don't know about the IP but I'm afraid of deleting these since I will be left without internet conexion. the address is ncl.ac.uk, of this I'm sure. The rest I don't know.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I`ve just checked your 017 entry and it does belong to Newcastle University. So leave it. This also means that the proxy is probably safe as well.

    Regards Howard :)
     
  11. Bollen

    Bollen TS Rookie Topic Starter

    Ok! That was a ver long and slow procedure but I think I got it. Here's the new HJT log.
     
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Well done, we`re nearly there now.

    Have HJT fix this entry in normal mode.

    O20 - Winlogon Notify: winvhw32 - winvhw32.dll (file missing)

    Click the fix checked button.

    Close HJT.

    I see you are running a completely unpatched version of Windows. This is a hugh security risk.

    Run Windows updates and install at least sp1 and preferably sp2.

    Other than the above inactive entry, your HJT log is clean.

    Regards Howard :)
     
  13. Bollen

    Bollen TS Rookie Topic Starter

    One last question.

    Thank you so much! You are an angel. Unfortunately I can't update my Xp cause it's a very old version that I used to have on another computer that blew up (long story, dodgy machine). So Microsoft considers it a ****** cause you are not suppose to use it in more than one computer, but it's too much expense to buy a new computer and a new XP. Anyway, should it be enough with firewalls and adware/spyware protection? I also did all the procedures recommended in another thread I found here somwhere.
    My last questions, if you don't mind. Can I remove HJT and the Killbox now from my system? And should I disable the "Show hidden file and folders" again?
    Thanks for your patience and if you ever need any help with something concerning music I'll be glad to help you out.
    Regards.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Yes you can remove HJT and Killbox.

    Programmes you need on your system. Ewido/Spybot/Ad-aware se/Spywareblaster/Firewall/Antivirus programme.

    As far as your Windows goes, you should contact Microsoft and tell them what happened. They may be able to help you.

    Regards Howard :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.