Found artm_new.dll but can't remove HJT log attached

Status
Not open for further replies.

pafindr

Posts: 8   +0
Hello
I'm having trouble getting rid of the artm_new.dll
I know that it's in c:\documents and settings\all users\documents\settings but I can't get in there to remove it. The folder don't seem to exsist.
I'm running XP Pro SP2
I've used Ewido, Ad-aware, Spyware Blaster, Spybot, and have PCcillin for virus protection. Thanks for your help
 
Hello and welcome to Techspot.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter into killbox.

C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Rename HIjackThis.exe to HijackThis1991.exe and post a fresh HJT log.

Regards Howard :wave: :wave:

This thread is for the use of pafindr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Yes, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of pafindr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
It's Baaaack!!!

Why did it come back? I haven't downloaded anything. :(
Is there something hidden that is recreating it?
 
Your latest HJT log is still clean.

Can you please tell me what you mean by it comes back?

I need the exact filepath to whatever it is you`re talking about.

Regards Howard :)
 
oops wrong file

Here's the new log
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
plus I found a few bad files.
Services.exe, lsass.exe, win.exe. When I run Ewido I keep coming up with Trojans;
Trojans.small, Dropper.Agent.apb, Adware.DeluxwCommunications
 

Attachments

  • hijackthis3.txt
    6.9 KB · Views: 7
The C:\WINDOWS\SYSTEM32\WgaLogon.dll file is perfectly legit. It`s the new Windows genuine advantage software.

Your HJT log is clean.

Please post a fresh Ewido log.

Regards Howard :)
 
One more problem. It's started a little after I got hit with the artm_new.dll. Internet Explorer 7 will not load any pages. The error I get is:

Internet Explorer cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Check your Internet connection. Try visiting another website to make sure you are connected.

Retype the address.

Go back to the previous page.

More information

This problem can be caused by a variety of issues, including:

Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
If this is an HTTPS (secure) address, click tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.

I was getting help at the microsoft web site but they seem to be stumped. The thread is
http://www.microsoft.com/communitie...&p=1&mid=25ea7db9-be6d-46ed-8e55-ddffc6c16d17
I would appreciate help with this
 
The only suggestion I have is uninstall IE7 and go back to IE6. See if that helps.

You could also try using Firefox and see what happens.

Regards Howard :)
 
I tried uninstalling IE7 but it didn't work.
I have Opera and it works fine. I tried FireFox and it also works. Everything but IE is in working order.
I checked and rechecked for viruses or spyware, everything looks clean.

Any clue?
 
Sounds to me like some of your OS files might have been damaged.

Try doing a Windows repair as per this thread HERE. If that doesn`t help, I`m out of ideas.

Regards Howard :)

This thread is for the use of pafindr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hey!!!!
I got it working again. I found that it was under the deny list in my firewall so I just allowed it and BOOM it started working.
Thanks a lot for your help I really appreciate all your help with this.
 
Status
Not open for further replies.
Back