Advice needed please ..

Hi

I have been struggling for yonks with various spyware and virus issues for for days, but think i have more or less sorted it ... I HOPE

I managed to get shot of Downloader.Agent.2BN and 2BM by doing AVG scan in safe mode and as spybot and adaware would not complete scans, I went to regedit and deleted some obvious things and also got hjt to fix some.

I have now noticed that the 4 infected files are back in my startup HJT also shows them. What i would like to know is if these are safe for me to let hjt fix. Here are the names of them

C:\WINDOWS\SYSTEM\APPIT.EXE
C:\WINDOWS\ADDCX.EXE
C:\WINDOWS\NTES32.EXE
C:\WINDOWS\SYSTEM\APILE32.EXE

According to Startup Inspector for windows these files dont exist

I dont know if this is relevant, but PC takes about 20 mins to boot up and makes a heck of a noise. Seems to take the longest when it gets to this part of startup.

C:\ > Rem [Header]
code prepare code page
code prepare function completed

Are these essential to getting windows up and running? scuse my ignorance .. i am somewhat PC knowledge *challenged*

Any help would be appreciated please.

 

I do not believe those files to be essential at boot up. You might want to try Easy cleaner.
http://majorgeeks.com/download414.html

It cleans the registry and a couple of other folders on your computer. It also has a better view of what starts when your computer boots, and allows you to disable these items.

 

Thanks for your reply

Will the Easy Cleaner remove them safely? When I did scan with AVG last nite it said they were critical files or something. Doing scan in safe mode earlier today did move them to vault. From my latest hjt log all else seems pretty clear. I did a good clean with CC Cleaner.

 

Hi

I am using windows 98SE. and in my limited knowldege, have not found any option to disable any system restore. I am a bit of a PC *virgin* so am learning things as I go along by trial and error. At this rate I will soon be joining the ranks of geek

I have been sat here trying to pluck up the courage to just hit delete of those files Have installed easy clean and so far most of it is greek, but as i am persitent by nature, i will get the hang of it sooner or later



on a side note ..... as far as i know YONKS is a South African saying ... which I am

 

I have found it easy to boot into safe mode and manually remove the files when they are stated as being critical. Some virus when in effect can not be deleted because they are open. Boot into safe mode by continually pressing F8 at startup

 

Might I suggest to try Stinger.exe also. I don't know if it will fix the problem but it can't hurt. I would say go with chaslang on this.

 

Hi

YES!! YES!! I kept on getting popups saying only the best and my homepage kept on changing to About Blank. I have done a search in regedit and deleted what i could find. I plucked up the courage and did a fix with HJT.... Log is looking much better, am now running AVG to see if i am clear. Will let u know as soon as it is completed.

 

Did ya downlad Stinger? It actualy finds viruses on your system than other AV overlook. It's very helpful trust me.

 

ok, thanks .. will install it as soon as AVG is done. It better had be totally IDIOT PROOF though

How on earth this got on my pc in the first place is beyond me .... my motto is ..... surfing without protection is like having unsafe sex !!

I am in North West .... Blackpool ... i know .... SHAME Yonks = Ages

 

No matter how protected you think you are stuff will still make it onto your machine. Somethings lie dorment for sometime before they make themselfs known.

 

Hi

I will download that as soon as AVG is through scanning. If AVG shows that I am clear does it mean the critter is gone .... FOREVER?

I did try and do a scan with S&D and it stopped running when trying to scan for something called Adgoblin...PC sounded like a tractor, lights on CPU were like a disco and it just stopped scanning..his happened every time i tried. Adaware also stopped b4 scan was finished. I did run CW shredder before running them.

Just a thought ... wud it not be easy to see what is on pc by me putting HTJ report (in text form) ?

 

It would help.

 

Right Guys ... AVG has given me an all clear .... for now at least. I will however follow the other advice to ensure it stays like that ... as soon as i have had a JD and Coke ... or three

Thanks you have all been most helpful *insert kisssmiley*

 

I thought it might ... that is why i subtly suggested it

Here u go

Logfile of HijackThis v1.98.2
Scan saved at 22:51:51, on 27/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\AOL 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btopenworld.com/templates/btwebcontrol.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4394/mcfscan.cab

 

Ok it isn't looking to bad now. The mmtask.tsk I might be alittle lerry of. Did you download and run Stinger?

 

Hi I have done a bit more *house cleaning* since this report using my initiative and have a better report..can i post it? I also downloaded all critial windows updates.

 

I realised the mmtask.tsk is a valid windows process. I have run several scans and results are system is clean.

Thanks everyone for help and advice I have learnt a heck of a lot in the process of eliminating these critters.

 

Done thanks