Very Challenging Worm 2

Discussion in 'Malware Help (A Specialist Will Reply)' started by Vast41, Feb 28, 2006.

Page 2 of 2
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you have your Windows XP CD and is it the same SP level as what is running on your system right now?
     
    chaslang, Mar 7, 2006
    #51
  2. Vast41

    Vast41 Private First Class

    No i don't have a disk anymore, is that a problem i need to know??
     
    Vast41, Mar 7, 2006
    #52
  3. Vast41

    Vast41 Private First Class

    Ok, performed all the steps in post 49 all were not there>>

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP....

    C:\WINDOWS\qyhsotqe.exe
    C:\Program Files\ISTsvc... NEVER could find them before, can't now. Logs are attached.
     

    Attached Files:

    Vast41, Mar 7, 2006
    #53
  4. Vast41

    Vast41 Private First Class

    I meant to say these entrys were not in HJT

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
     
    Vast41, Mar 7, 2006
    #54
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you using MSconfig to control startups? It seems like it. Now those things I ask you to fix are showing in the runkeys.txt log.

    There is no way that that stuff was in one log and not in the next unless you already fixed it previously. But now it shows in runkeys!

    What exactly is it that you are doing???? Are you using msconfig instead of HijackThis to fix lines I gave you????

    What happened to all the other programs that used to be running???? Why are they all missing from the O4 lines and now showing as being controlled by msconfig. I'm starting to wonder whether you are purposely not following instructions.

    Please run msconfig and make sure you have selected Normal Startup then reboot and attach a new HJT log. And DO NOT RUN MSCONFIG ANYMORE unless I ask you to do so.
     
    Last edited: Mar 8, 2006
    chaslang, Mar 8, 2006
    #55
Page 2 of 2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds