Whats wrong with my logfile?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by j_Reez, Sep 26, 2004.

  1. j_Reez

    j_Reez Private E-2

    My logfile has some weird things in it that im not used to seing and i have more processes running than normal. Does anyone see anything wrong here and know how to fix it? Ad-aware and CWS shredder dont find anything.
     

    Attached Files:

    j_Reez, Sep 26, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have multiple problems one of which includes the about:blank hijack.

    HijackThis comes last!

    Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    After running all items in the READ ME let us know if you still have problems. Make sure you run everything including the online scanners.

    But just to get you started (since there are some real baddies here):

    Make sure you have viewing of hidden files enabled and system restore disable as indicated in the READ ME FIRST tutorial.
    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below process and End it:
    windllsys32.exe
    f?m??.exe
    ?hkntfs.exe
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {CA0DCDD7-8D31-86B3-7E16-DCA55E4E0869} - C:\WINDOWS\system32\netvk.dll (file missing)
    O4 - HKCU\..\Run: [windllsys32.exe] C:\WINDOWS\System32\windllsys32.exe
    O4 - HKCU\..\Run: [Eolo] C:\Documents and Settings\Jreez\Application Data\f?m??.exe
    O4 - HKCU\..\Run: [Xkh] C:\WINDOWS\System32\?hkntfs.exe
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchmiracle.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6

    Boot in safe mode and use Windows Explorer to locate and delete:
    C:\WINDOWS\System32\windllsys32.exe
    C:\Documents and Settings\Jreez\Application Data\f?m??.exe
    C:\WINDOWS\System32\?hkntfs.exe

    Not come back and post a new HJT log but make sure you have run everything in the READ ME First tutorial including about:Buster.
     
    chaslang, Sep 27, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds