TechSpot

TCPIPMON.exe final steps of removal

By Gateway3018
Apr 24, 2007
  1. My laptop got infected with the tcpipmon.exe with all normal symptoms (http://www.adwareaway.net/tcpipmon.htm).

    Followed the Viruses/Spyware/Malware, preliminary removal instructions-steps, and it looks like i got rid of a lot of stuff. Here are four logs, and I would apreciate it if someone could take a look.

    -Gateway.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Unfortunately, I have removed your .doc files due to the risk of viruses.

    Please read this thread HERE, then post the logfiles as either .log or .txt files.

    Regards Howard :wave: :wave:

    This thread is for the use of Gateway3018 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Gateway3018

    Gateway3018 TS Rookie Topic Starter

    Haha, my bad.. Didn't see the "not" in the instructions.. (Please note: HJT and any other logs must not be posted as .doc files. This is due to the risk of viruses etc.)

    Here they are as .txt
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I noticed that your AVG log displays 'No Action Taken' for all the files detected.

    I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

    Also, you are running an outdated version of HijackThis.

    Please go to this thread HERE.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    mmemilon.dll
    PictureViewerEXE.scr
    PictureViewer .EXE


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\mmemilon.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.
    C:\WINDOWS\system32\mmemilon.dll
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\hhkmp.bak2
    C:\WINDOWS\system32\hhkmp.ini2
    C:\WINDOWS\system32\hhkmp.bak1
    C:\WINDOWS\system32\pmkhh.dll.vir
    C:\WINDOWS\system32\nnnlmkl.dll.vir
    C:\WINDOWS\PictureViewerEXE.scr
    C:\Programfiler\PictureViewer .EXE

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post a fresh updated HJT, ComboFix and AVG Antispyware log from normal mode as an attachment into this thread.


    Regards,
    Your friendly Momok =)
     
  5. Gateway3018

    Gateway3018 TS Rookie Topic Starter

    I have now done the following (my actions in purple):

    mmemilon.dll NOT FOUND
    PictureViewerEXE.scr UNINSTALLED
    PictureViewer .EXE UNINSTALLED
    (pictureviewer was a hopeless program i uninstalled recently)

    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\mmemilon.dll (file missing) FIXED
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) FIXED

    C:\WINDOWS\system32\mmemilon.dll NOT FOUND
    C:\WINDOWS\system32\tmp.reg DELETED
    C:\WINDOWS\system32\hhkmp.bak2 DELETED
    C:\WINDOWS\system32\hhkmp.ini2 DELETED
    C:\WINDOWS\system32\hhkmp.bak1 DELETED
    C:\WINDOWS\system32\pmkhh.dll.vir DELETED
    C:\WINDOWS\system32\nnnlmkl.dll.vir DELETED
    C:\WINDOWS\PictureViewerEXE.scr NOT FOUND
    C:\Programfiler\PictureViewer.EXE NOT FOUND

    I also found hhkmp.ini2 and hhkmp.tmp. What do I do with theese?

    (didnt understand if you wanted the hjt-log from safemode or normal, so I made two.)
     
  6. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Please delete those two files too. (from safe mode with all files and folders shown. Don't forget to rehide them after that.)

    Your logs look pretty clean now.

    Turn off system restore (XP/ME only). Learn how to do that HERE.

    This will remove all the remaining nasties from your old restore points.
    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)
     
  7. Gateway3018

    Gateway3018 TS Rookie Topic Starter

    thanks a bundle..

    (yes, I know how I got into this mess.. i was looking for serial keys for a game, and I found them.. ..and a little "something" from the person who put them up)

    I promise to behave from now on. again, thank you for your help.
     
  8. momok

    momok TS Rookie Posts: 2,265

    haha..

    You're welcome =)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...