LEB said:
Please help? Issue happened after I downloaded files from Limeware (yes, I
should know better). System: Windows XP Professional Version 2002 SP3,v.3311
below is a list of files that are trying to hijack my system and are blocked
by WinPatrol, but will not delete after running several times spypot,
winpatrol, adware se, instant memory cleaner, safe mode, etc. It changed the
desktop background and I
now have no acces to change it, and have a permanent
blue screen as the background:
C:\WINDOWS\system32\ljJBtrpQ.dll
C:\WINDOWS\system32\iifedArO.dll
C:\WINDOWS\system32\cgmujvqb.dll,s
I ran Spybot once more and the following new files are now appearing aside
from the above:
command /c del C:\WINDOWS\system32\ddcApoLd.dll_old
cmd /c del C:\WINDOWS\system32\ddcApoLd.dll_old
command /c del C:\WINDOWS\system32\iifedArO.dll_old
cmd /c del C:\WINDOWS\system32\iifedArO.dll_old
Thank you in advance.
LEB
Unexplained computer behaviour may be caused by deceptive software
http://support.microsoft.com/kb/827315
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (off-line scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
You can download this tool "AutoRuns for Windows"
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
And remove the entry from here:
Locate this key:
[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look in
the right pane/window and remove the entry for it
"C:\WINDOWS\system32\ljJBtrpQ.dll"
"C:\WINDOWS\system32\iifedArO.dll"
"C:\WINDOWS\system32\cgmujvqb.dll,s "
Run disk cleanup and defrag in safe mode. Then run this command:
sfc /scannow
Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v2.0.2
(
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to:
http://www.thespykiller.co.uk/
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.bleepingcomputer.com/forums/
Or other appropriate
forums for expert analysis, not here.
HTH.
nass
