Temp\se.dll/sp.html - BJ & chaslang discussion

Re: Could someone pls look at my hijackthis log?

BJ,

Tyrus already stated that the READ ME was run.

About:Buster & Hsremove while useful for somethings, will not fix the problems in this log.

 

Re: Could someone pls look at my hijackthis log?

That's okay but but Tyrus said he did the steps. Also HSremove does not address about blank issues accept for when it is an HSA related about:blank hijack which this is not. Also About:Buster does not work on this type either.

 

Re: Could someone pls look at my hijackthis log?

It is a type of about blank but not the type About:Buster works on. You have to read info on about:buster to know this. It only works on certain types. The ones that look more like a typcial HSA hijack. It does not hurt to run AB! There could be other stuff hidden in there too that you just cannot see yet. You cannot always see everything. I even tried using AB embedded in some other steps on some of these se.dll infections lately. I did it just to see if the new AB database improved anything. Mutliple runs with AB found absolutely nothing.

The below lines are also not typical of an HSA style hijack. Notice the DLLinstall too and it is loaded with rundll32.

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\KENNETH\LOCALS~1\Temp\se.dll,DllInstall
O18 - Filter: text/html - {A9B1F227-239D-41D9-B9FD-1B0F3F7DA47C} - C:\WINDOWS\system32\nhccca.dll
O18 - Filter: text/plain - {A9B1F227-239D-41D9-B9FD-1B0F3F7DA47C} - C:\WINDOWS\system32\nhccca.dll

You may find that when trying to fix this, it will keep coming back after reboot and a connect to the internet. You may also find things get worse (more problems appear).

This may be a case for Kapersky AV and possibly a run of the updated MS Antispyware. Symantec AV finds se.dll but does nothing to help fix the problem. I have a feeling that explorer.exe is infected (that's where Kapersky comes in).

 

Re: Could someone pls look at my hijackthis log?

I'll remove down to message #3 . I would like you to work thru this thread. Good experience. Some of these are easier than others. I don't know why but that is typical of these infections. Sometimes they are easier when they are found early before they spread themselves out too much.

So after you read and respond to this I'll delete our exchange. I could also move them to another thread if you want to keep it around for any reference.

 

Re: Could someone pls look at my hijackthis log?

Tyrus is already back! Look at the HJT log in the first post and pick it up from there.