TheMatrixHasYou.exe (hijackthis log)

Status
Not open for further replies.
Ok so a few days ago I gt a virus on my computer while downloading something as I accidentally accepted the connection on pc-cillin, I immediately started getting virus warnings fro pc-cillin which came back with the result of the quarentine being unsuccessfull. I then immediately done a full virus scan and it successfully removed the 15-20 files it found.

I though all was OK until I noticed yesterday I have termcaps.exe as a running process, I did asearch on this process butit came ack with nothing, I then had to go. After starting up the computer again I now have the process TheMatrixHasYou.exe, I did a search as normal to find that the is no information on this file. What is it? And what is termcaps.exe?

I was also wondering if there was anything else wrong with my system?

Thanks in advance for any help I get, it will be greatly appreciated
 

Attachments

  • hijackthis.txt
    7.8 KB · Views: 8
Hello and welcome to Techspot.

Go HERE and follow the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:
 
Ok done. One of the scanners found 30 items or so that could not be deleted, they were all in the system32 folder.

TheMatrixHasYou.exe process isnt on the process list because i ended it, however i could not end termcaps.exe
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Locate the following services. Double click on them, if they are running select stop. Set the startup type to disabled. Click apply/ok.

XAMPP
termcaps

Click start run and type regsvr32 /u C:\WINDOWS\SYSTEM32\directpt.dll and press the enter key. Note: The space btween the 2 and the forward slash and again inbetween the u and C.

Do this for the following as well.

C:\WINDOWS\SYSTEM32\msupdate32.dll

C:\WINDOWS\SYSTEM32\yvpp01.dll

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

termcaps.exe

Close task manager.

Run HJT with no other programmes open. have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [termcaps] C:\WINDOWS\system32\termcaps.exe

O4 - HKLM\..\RunServices: [termcaps] C:\WINDOWS\system32\termcaps.exe

O4 - HKCU\..\Run: [termcaps] C:\WINDOWS\system32\termcaps.exe

O20 - Winlogon Notify: directpt - C:\WINDOWS\SYSTEM32\directpt.dll

O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll

O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)

O20 - Winlogon Notify: yvpp01 - C:\WINDOWS\SYSTEM32\yvpp01.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\SYSTEM32\yvpp01.dll
C:\WINDOWS\SYSTEM32\msupdate32.dll
C:\WINDOWS\SYSTEM32\directpt.dll
C:\WINDOWS\system32\termcaps.exe

Reboot into normal mode and turn system restore back on.

Now go and run the Ewido scan in the instructions I gave you, as well as any other applications, you haven`t run.

Post a fresh HJT log, only after doing the above.

Regards Howard :)
 
There is no system restore tab in the window that comes up when I click system, when i tried to see if this all works without turning system restore off (I remember turning it off ages ago anyway) the regsvr32 /u [dll location] all gave me an error message saying that they were found but could not be removed or something like that.

Oh and also when you say "Run HJT with no other programmes open. have HJT fix the following, by placing a tick in the little box next to(if there)." i was just wondering if i could have notepad open with the list of files in there?
 
I don`t know why you`ve got no system restore tab. Very strange.

What happens if you right click my computer and select properties? Do you see a system restore tab then?

Yes having notepad open will be ok.

Provided you typed the regsvr32 /u command properly and didn`t forget the spaces, there shouldn`t be a problem. Unless of course the .dll files aren`t there.

Post a fresh HJT log when you have done.

Regards Howard :)
 
make sure the system restore service isnt disabled.

start->run->type: services.msc->system restore service, and make sure its on "automatic"
 
altheman said:
make sure the system restore service isnt disabled.

start->run->type: services.msc->system restore service, and make sure its on "automatic"

Very good point. I didn`t think of that lol.

Regards Howard :)
 
Status
Not open for further replies.
Back