Crlt Alt Delete WASNT working and b.exe was in backround

By Fukurou ยท 7 replies
Mar 6, 2006
  1. My computer was acting kinda funny after a Download from a P2P server and I knew I had a worm from the start, I got some help from the people here and from another website and all seem's well now, But if anyone would be kind enough to take a small amount of time and review my HJT log for any strange lookin buggies, I would be very thankful!

    Attached Files:

    • HJT.txt
      File size:
      6.7 KB
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add/remove programme in your control panel, and uninstall anything to do with(if there).

    C:\Program Files\Network Monitor

    Close control panel.

    Open your task manager. Click on the processes tab and end process for(if there).


    Close task manager.

    Run HJT with no other programme open, and have HJT fix the following by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [qwmo] c:\stub_113_4_0_4_0.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6541E7-5753-4477-BB09-77704DAA70DB}: NameServer = Only remove this entry, if it doesn`t belong to your ISP.

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SkFDT0IgQkxPU1NFUg\command.exe (file missing)

    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Locate the above 023 services, double click on them and select stop if they are running. Set the startup type to disabled. Click apply/ok.

    Locate and delete the following bold files(if there).

    C:\Program Files\Network Monitor\netmon.exe

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
  3. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    Well I did everything you instructed, the only is that when I looked at my processes I saw 5 running svchost's...

    made a HJT fresh log, im wondering if I have a repopulating virus...

    Attached Files:

  4. Peddant

    Peddant TS Rookie Posts: 1,446

    5 svchosts is normal.You`ll have to ask Microsoft why it`s normal.
  5. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    alright, just making sure! I also just found out that rundll is a backdoor that isnt needed by my computer, made a System Restore point then Deleted it!
  6. Peddant

    Peddant TS Rookie Posts: 1,446

    As clear as mud -

    "Rundll32.exe is a executable which is neccessary for windows environment. It is always present in c:/windows/system32. It may also some times found in other places which must be a virus. In case of virus it's always in mix, upper and lower case letters combination. RunDLL32 is used to run DLLs as programs.This program is part of Windows, used to run program code in DLL files as if it were an actual program. Rundll32.exe loads and runs 32-bit DLLs.In XP it should not normally appear in the Task Manager,if it does it could be being used by malware...."
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Regards Howard :)
  8. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,350

    Sure couldn't hurt to stop some of those programs from running at startup though. :p
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...