programs stop reponding

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi
Sometimes after using the computer for a while, or sometimes soon after I strat it up; I owuld try to open IE, dreamweaver, etc, any kind of program but none will come up; if I try openning the Task Manager, the green square will appear in the taskbar but not in the desktop. When this occur, i can still shut down the computer normally (sort of)
This use to happen every once in a while, now is every day
Help will be most welcome! thanks.
 
Hi Esteban,

Hi.
Sometimes after using the computer for a while, or sometimes soon after I strat it up; I owuld try to open IE, dreamweaver, etc, any kind of program but none will come up; if I try openning the Task Manager, the green square will appear in the taskbar but not in the desktop. When this occur, i can still shut down the computer normally (sort of).
This use to happen every once in a while, now is every day.
Help will be most welcome! thanks.
Click to expand...

Perform an online scan for viruses with one of the following:
Trend Micro HouseCall:
http://housecall.antivirus.com/pc_housecall/

Panda Active Scan:
http://www.pandasoftware.com/products/activescan/

RAV AntiVirus Online Virus Scan
http://www.ravantivirus.com/scan/

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/license.php

Perform a scan for malware using updated versions of ad-aware and
spybot

Ad-aware
http://www.lavasoftusa.com/support/download/

Spybot S&D
http://www.safer-networking.org/index.php?lang=en&page=download

Good luck
 
----- roger wrote: -----

Hi Esteban,

Hi.
Sometimes after using the computer for a while, or sometimes soon after I strat it up; I owuld try to open IE, dreamweaver, etc, any kind of program but none will come up; if I try openning the Task Manager, the green square will appear in the taskbar but not in the desktop. When this occur, i can still shut down the computer normally (sort of).
This use to happen every once in a while, now is every day.
Help will be most welcome! thanks.
Click to expand...

Perform an online scan for viruses with one of the following:
Trend Micro HouseCall:
http://housecall.antivirus.com/pc_housecall/

Panda Active Scan:
http://www.pandasoftware.com/products/activescan/

RAV AntiVirus Online Virus Scan
http://www.ravantivirus.com/scan/

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/license.php

Perform a scan for malware using updated versions of ad-aware and
spybot

Ad-aware
http://www.lavasoftusa.com/support/download/

Spybot S&D
http://www.safer-networking.org/index.php?lang=en&page=download

Good luck

Roger,

I am having a similar problem, however, my computer will not open IExplorer at all. I have tried several ways of getting this program to open but am unable to accomplish it. I am able to connect to the internet because my MSN IM still connects and my network tray icon says that I am connected. The problem just appeared out of nowhere one day about an hour after I was using it normally. Now all that happens when I try to open these things is that the hour glass appears for a few seconds but nothing else happens. When I try opening the control panel, the desktop disappears for a second then reappears without any change. Please let me know if there is anyway of fixing this problem or at least connecting to the internet to try the above solutions.

Thanks, Kim M.
 
Hi everyon
Ihave the same problem on 2 different computers one only ie 6 quits responding on the other exactly as you describe i have done all the online scans ad adware and spybots nothing helps i can only run non microsopft programs use netscape to get on line i suspect a virus that no one knows how to fix this problem seems to be getting wider spread according to the news groups
 
Try going to internet options..advanced tab..uncheck enable third party
extensions. Boot to safe mode and try it if you have to.
 
Roger,

I am having a similar problem, however, my computer will not open IExplorer at all. I have tried several ways of getting this program to open but am unable to accomplish it. I am able to connect to the internet because my MSN IM still connects and my network tray icon says that I am connected. The problem just appeared out of nowhere one day about an hour after I was using it normally. Now all that happens when I try to open these things is that the hour glass appears for a few seconds but nothing else happens. When I try opening the control panel, the desktop disappears for a second then reappears without any change. Please let me know if there is anyway of fixing this problem or at least connecting to the internet to try the above solutions.

Thanks, Kim M.
Click to expand...
Kim, follow Lance's advice. Go to Control Panel (In safe mode (F8) if
necessary) > Internet Options > Advanced options tab and check 'Unable
third-party browser extensions.'

The problem might be caused by an Explorer extension (malware) that
loads with it and crashes.

Also check this program that deals with BHO (Browser helper objects)
BHODemon, available at
http://www.definitivesolutions.com/bhodemon.htm .

It does not need installing - simply unzip and run the EXE program. It
is easy to use. It will find the hijackware DLL files, and give you
the ability to disable them.

Hope this helps.
 
I am finally done with all the scans. I did have spyware and and one virus; I had to download a "Panda trial version" to eliminate it cause none of the others were able to (including my own norton). If I don't post anything else here is becasue the problem was fixed. thanks roger!
 
Hi Esteban.

Glad to help, and also glad you got your problem fixed :-)
Thank you for your feedback.
 
Hey Guy

This does seem to be a growing issue. My brother is experiencing similar problems on his computer which is how I found this forum.... I get the task of finding and fixing his computer problems. Luckily I use a MAC and no one bothers writing malicious programs for the MAC OS

Anyway, I have downloaded a series of programs, adaware, spybot, Panda etc to cd and will try them on his computer tomorrow (Easter Sunday) or Monday.

Out of curiosity, are you also experiencing a problem with the rundll32.exe on logging out? I see people also reporting problems with it but do not know if it is related or separate issue from the non-working programs, IE etc...

If anyone wants to exchange info on this issue outside of the forum, my email addy is (e-mail address removed)

It seems to be hard to find all the related topics on the foru

Ti

PS: He did find a download.trojan with his virus scan. Not sure if it relates to the above problem or not since quarantining it did not resolve the issues----- roger wrote: ----

Hi Esteban

Glad to help, and also glad you got your problem fixed :-
Thank you for your feedback

On Sat, 10 Apr 2004 11:16:02 -0700, "Esteban R.
 
Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? Right after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur

Thanks Kim M.
 
Kim,

Well I think I spoke too soon about getting everything fixed. After running all the recommended software, I am unable to get onto some websites such as Google and I am unable to get into any tables on Yahoo games. Is there anyway that I can fix this? Right after I ran adware, I did the recommended quarantine and then when I went to open the threads in this topic it would not display the text. I went back and did a recover which fixed this problem but now I have all the other files that should have been quarantined but are not any longer. Is there a way that I could tell which files should be quarantined so as not to cause this problem to re-occur?

Thanks Kim M.
Click to expand...

You can download Hijack This from here:

http://www.mjc1.com/files/merijn/hijackthis.exe

Go here:
http://mjc1.com/mirror/hjt/

For instructions on how to use it; you have to post the log it makes
so experts tell you what is good and what is malware.

What you will do is a scan of your system and post the results of the
scan so experts can tell you which parts are malware and safe to
delete.

Good luck
 
I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Hi Kim,

Thanks for the feedback.

This:
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
appears to be malware according to this page:
http://www.pestpatrol.com/PestInfo/w/web_p2p_installer.asp

follow the instructions in this page for its removal. But before,
export the registry using Start > run > regedit > File > Export and
create a restore point.

You might also want to post your Hijack This log here:
http://www.cybertechhelp.com/forums/
for more opinions.

That one is the main suspect.

After you have done this, let's see if you can get to Yahoo Games.

Good luck

I finally was able to get HiJackThis to download and here is what it found. Again, thank you soooo much for all the help and I hope you will be able to make some suggestions that will fix the new problems. I am now able to get to Google but Yahoo Games still won't open for the tables and it won't open some websites. I had to go back and restore to yesterday just to be able to download this software but again I still have these other problems that I can't take care of yet (i.e. trojans, etc.).

Thank you, Kim M.

P.S. I can't tell you how grateful I am for all your help, again, THANK YOU!!

Logfile of HijackThis v1.97.7
Scan saved at 3:37:09 PM, on 4/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\PROGRA~1\EzButton\CP888M1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
c:\Temp\Rar$EX12.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Click to expand...
 
Ki

The adaware and such programs will probably identify the Yahoo files as a problem. You may have them quarantined which is why your Yahoo games won't work. Get a copy of Spybot and try it (it was the last one I tried and I wish I had used it first since it gives valuble info on the files identified by it)

Sorry I wasn't able to get back on here before now. It took me longer to "clean" my brother's computer than I expected. I still am not positive as to the exact "culprit" but I think it may have been a dialer program EGHTML. I would quarantine bad files and then they would multiply so I think a dialer must have been downloading as I was cleaning

Anyway, the initial solution by Roger -- uncheck enable 3rd party extensions -- works to let the infected computer's IE work and connect to the net. But it doesn't get rid of the offending items. His IE Homepage was still hijacked to : res://mshp.dll/index#3704

As a side note, you should disable the "System Restore" before using the antivirus scanners. Not sure about before using Adaware and Spybot. I did it on his computer just to be sure

Steps I took in disinfecting his computer: (Yeah it was overkill but I wanted to see what these programs did and how they compared)

1. Ran CWShredder progra
2. Ran Adaware Program (update before running to latest ref file
The Smartscan identified 9 processes, 418 Registry Keys, 32 Reg Values, 305 files and 35 folders as possibly "bad"

Everything identified as "Malware" I removed. I also removed some of the dataminers and "objects" I could determine wasn't needed

3. I rebooted in safe mode and reran Adaware. Had 0 Processes, 65 Reg Keys, 5 Reg Values, 22 files and 4 folders now identified. Many were ok. One I didn't know about was "Promulgate". After he came home, it was deleted also

4. I restarted in Normal Mode and ran the Free online Virus checker from pandasoftwar

5. It identified Trj/Virtumonde.A as being a virus on his machine. Symantec (Norton's antivirus does not identify it as a virus but rather as Adware). I know because I ran his NAV and it didn't identify it so I checked definitions and it lists the file as adware and your normal NAV doesn't deal with it

6. I reran Adware (I had not yet removed Virtumonde) and this time I used custom mode and had it scan everything. It now found 66 Reg Keys, 5 Reg Values, 661 files and 16 folders. The most prevalent object was LOP.com malware

7. I installed and ran Spybot. It identified the Egroup dialer as still being present even though I had sought to remove it using Adaware. Spybot is useful because it has a function to identify exactly what the program is that it suspects is a problem so you can decide if it is or isn't

I removed all files I knew from the defs were not needed

8. I manually removed the Virtumonde infectio

9. Rescanned and his computer was clean

10. Enabled 3rd party extensions and the computer still had no problems

Ti
 
I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found. If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim
 
Kim

I sent you an email with the program

Ad_awar
Spybot Search and Destro
hijackthi
pandasoftware free internet virus scanne

which I used to remove the pest from my brother's comnputer and they are all free and can be downloaded from the net

Ti

PS: If anyone actually identifies the precise pest I'd love to know. My brother had too many on his computer for me to isolate which one was the culprit for this problem
 
Hi Kim,

I downloaded the PestPatrol software and located the malware file but now the program is telling me that I have to purchase the licensed version to be able to quarantine of delete the file. I really don't want to spend the $40 to get this problem fixed...is there any way that I can delete or quarantine it for free? I know it sounds like I am cheap but I had just purchased a copy of the "revered" Norton Internet Security just to find that it is not protecting me from the 6 odd trojans that have been found. If I sound bitter, it's because I am now. Until now, I just ASSumed that Norton knew about every virus and trojan known to man but you can now see where that got me...Thanks, Kim
Click to expand...

You don't have to buy the software. Especially when you can use
ad-aware and spybot which are free to do your routine scans for
malware.

To get rid of this specific malware, you can do it yourself, manually,
if you follow the instructions of this page:
http://www.pestpatrol.com/PestInfo/w/web_p2p_installer.asp

You only have to delete some registry keys:

HKEY_CLASSES_ROOT\clsid\{1d6711c8-7154-40bb-8380-3dea45b69cbf}
HKEY_CLASSES_ROOT\webp2pinstaller.installer
HKEY_CLASSES_ROOT\webp2pinstaller.installer.1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution
units\{1d6711c8-7154-40bb-8380-3dea45b69cbf}

Make a copy of it before you start (Start > Run > regedit > File >
Export) and create a restore point for added safety.

Good luck
 
I was able to follow the directions on the pestpatrol page and delete the files from the registry keys. I also posted my HiJack This log and this was what they posted back so far..

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS1
R3 - Default URLSearchHook is missin
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.co

Am I supposed to delete these as well or not? I have posted the same question back to the site but have not yet received a reply. I am re-running the virus scans and adware and so far I still have these trojans

File: C:\Documents and Settings\citrus\Local Settings\Temporary Internet Files\Content.IE5\OV5RMUNL\dw[1].exe
Virus: Tool:PornDialer.EA Status: Infected

File: C:\Temp\bii.cab->biprep.exe
Virus: TrojanSpy/Win32.BiSpy.A Status: Infected

File: C:\Temp\biprep.exe
Virus: TrojanSpy/Win32.BiSpy.A Status: Infected

File: C:\WINDOWS\system32\benceed.dll
Virus: TrojanDownloader:Win32/Rameh.A Status: Infected

I am hesitant to delete or quarantine these files because of all the problems I ran into the last time I did so. Is there any way of telling if a file is required or not? Thank you,everyone, again for all the help.

Kim M

P.S. I am now able to get into Yahoo games and Google so most of the bugs seem to be fixed.
 
Hi Kim,

Comments inline.

I was able to follow the directions on the pestpatrol page and delete the files from the registry keys. I also posted my HiJack This log and this was what they posted back so far...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

Am I supposed to delete these as well or not? I have posted the same question back to the site but have not yet received a reply. I am re-running the virus scans and adware and so far I still have these trojans:
Click to expand...


Let's wait until you receive a reply.
File: C:\Documents and Settings\citrus\Local Settings\Temporary Internet Files\Content.IE5\OV5RMUNL\dw[1].exe
Click to expand...
Virus: Tool:PornDialer.EA Status: Infected

File: C:\Temp\bii.cab->biprep.exe
Virus: TrojanSpy/Win32.BiSpy.A Status: Infected

File: C:\Temp\biprep.exe
Virus: TrojanSpy/Win32.BiSpy.A Status: Infected
Click to expand...

These files in temporary folders are not used by the system and so
safe to delete.
File: C:\WINDOWS\system32\benceed.dll
Virus: TrojanDownloader:Win32/Rameh.A Status: Infected
Click to expand...

I don't have this file in my system. If you're apprehensive about
deleting it, change its name and move it to a folder of your choosing
(like Pest folder or so) and wait for a few days, if your system works
fine, then delete it.

I am hesitant to delete or quarantine these files because of all the problems I ran into the last time I did so. Is there any way of telling if a file is required or not? Thank you,everyone, again for all the help.
Click to expand...

If a file is in a temporary folder, it's not used by the system and
should be safe to delete. Files in the System32 folder are different,
though, and require searching the name of the file in google and
making sure they are not a system file.

P.S. I am now able to get into Yahoo games and Google so most of the bugs seem to be fixed.
Click to expand...

Good, then we are on the right track

Good luck
 
Back
Top