Help with ishost.exe & ismon.exe, INFESTED!!

Go HERE and download the Pocket Killbox programme. Extract it but don`t run it yet.


You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode, under your normal user name. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O20 - Winlogon Notify: winjtb32 - C:\WINDOWS\SYSTEM32\winjtb32.dll

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter into killbox.

C:\WINDOWS\SYSTEM32\winjtb32.dll

Once your system has rebooted, turn system restore back on.

Post a fresh HJT log and let me know how your system is running.

BTW the Explorer.EXE file is perfectly legit and is nothing to worry about.

Regards Howard

Done & rebooted into normal mode. So far so good for about 15 minutes. No McAfee warnings or adware popups.

Here's the latest logfile.

Have HJT fix this inactive entry from normal mode.

O20 - Winlogon Notify: winjtb32 - winjtb32.dll (file missing)< This was the nasty entry in your previous HJT log.

Other than that, your HJT log is clean.

Regards Howard

Done... thanks so much for your help. You guys are such an asset!!

Thank You!!

I had the same problem, and I was actually getting ready to reload my whole PC. But then I found this post! I followed the instructions exactly as howard_hopkinso put them and everything is back to normal now. That was some nasty stuff. Thanks very much!

Hello and welcome to Techspot.

StlDrew said:

I had the same problem, and I was actually getting ready to reload my whole PC. But then I found this post! I followed the instructions exactly as howard_hopkinso put them and everything is back to normal now. That was some nasty stuff. Thanks very much!

Click to expand...

I`m glad your problem appears to be solved.

If you have any further virus/spyware problems, please open a new thread in our security and the web forum.

Regards Howard :wave: :wave:

This thread is for the use of uneasyrider only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Thanks!

I was effin ticked off when I found this crap on my computer. Thanks to your help, Howard, it appears that I have it taken care of now. Thanks!

This is for ManKea who sent me a private message eariler.

When you use SmitFraudFix you need to be sure to unpack ALL of the files into their own folder - something simple on the C: root that you can find and delete later. Once you do that, go into said folder and run smitfraudfix.cmd. Be sure that you follow the directions to the word from the website you download it from. Nothing bad will happen if you don't, but you'll just end up doing things two or three times because of the way its set up.

If you have any other questions feel free to drop me a line again - but be sure to include your email address next time so I can write you directly and I'll know, for sure, you'll get your question answered.

Good luck!

This thread is for the use of uneasyrider only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.