1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Installing a Hotfix

Discussion in 'Virus & Other Malware Removal' started by Junebugbetty, Aug 6, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Junebugbetty

    Junebugbetty Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    4
    I keep getting attacked by a Helkern and researched to find the patch but the instructions that came with it are so hard for me to understand. It took me forever to find out what Service Pack I was even using. I really just need someone to explain what the patch is trying to say or where to find <drive>:\Program Files\Microsoft SQL Server\Mssql I dont have one. I am stumped for the second time. :confused:

    This is the addy where the patch that I am trying to install is located http://www.kaspersky.com/news?id=970183
    If anyone can help I would be so grateful. Thank you
     
  2. Junebugbetty

    Junebugbetty Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    4
    Should I even be using this patch? Why isn't anyone able to help me.
     
  3. Shamou

    Shamou

    Joined:
    Oct 17, 2005
    Messages:
    9,521
    Welcome to TSG Junebugbetty...

    ...someone will come along and help you but you have to give it time... ...a whole lot of people need help... ...and the qualified people are doing their best... but, sometimes you have to wait a little...

    ...good luck with your problem...
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  5. Junebugbetty

    Junebugbetty Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    4
    The helkern has always been repelled by the antivirus software I use
    so I dont think it is on my computer

    Logfile of HijackThis v1.99.1
    Scan saved at 2:48:52 PM, on 8/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
    C:\Program Files\ATnotes\ATnotes.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
    O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc.com/ppcos/isp60/download/ppcwebi.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/insaniquarium/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D901F0C-8F9D-4BF4-9746-AB4D56579A8A}: NameServer = 198.6.100.125 198.6.1.125
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0D901F0C-8F9D-4BF4-9746-AB4D56579A8A}: NameServer = 198.6.100.125 198.6.1.125
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\glkkblpl.dll (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\glkkblpl.dll (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\glkkblpl.dll

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Clickon scanner
    · then select the "Settings" tab.
    · Once in the Settings screen click on "Recommended actions" and then select "Delete".
    · Under "Reports"
    · Select "Automatically generate report after every scan"
    · Un-Select "Only if threats were found"
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. Junebugbetty

    Junebugbetty Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    4
    I dont mean to waste your time, but it really just seems like you are wasting mine. Is there a reason that I have to do that? It doesn't seem like that is going to install that patch that I am asking for help with. I am on dial up so if there is anyway you can help me without me downloading a bunch of different things that would be great if not then thanks for your time.

    This is what I need help with:
    ==========================================================
    How to Apply Microsoft SQL Server 2000 Hotfix 8.00.0636 for Ssnetlib.dll
    ==========================================================

    Please read this file thoroughly before you proceed with any of the hotfix installation steps.

    Hotfixes are intended for interim use until the next service pack is available. When the next service pack becomes available, you should upgrade immediately.

    When you run a hotfix, if conditions arise that require the assistance of Microsoft Product Support Services (PSS), you may be asked to upgrade immediately to a newer hotfix or the next service pack. You may be required to install the upgrade to expedite troubleshooting and problem resolution.


    *****************************************************************
    This hotfix requires the installation of Microsoft SQL Server 2000 Service Pack 2. You MUST install SQL Server 2000 Service Pack 2 before you apply this hotfix. I have Microsoft SQL Server 2000 Service Pack 2*****************************************************************
    This hotfix contains the following files:

    Ssnetlib.dll - Server-side Network Library
    Ssnetlib.pdb - Server-side Network Library symbol file

    If you install this hotfix on a server that is running Microsoft SQL Server 2000 Enterprise Edition with clustering enabled, please use the section titled "Hotfix Installation Steps for SQL Server 2000 Enterprise Edition with Clustering Enabled" for installation instructions. All other environments should use the section titled "Standard Hotfix Installation Steps."

    I dont know where this is? It doesnt exsist on my computer should I create it? In the instructions that follow, the designation <installation path for this SQL Server instance> refers to the path on your disk in which the SQL Server files are installed. This path is typically <drive>:\Program Files\Microsoft SQL Server\Mssql. Note that the Mssql directory may be MSSQL$<Instance Name> for a named instance installation.

    Please contact Microsoft PSS if you have any questions or problems with this hotfix build.


    Microsoft PSS
    Critical Problem Resolution


    ==========================================================
    Hotfix Installation Steps for SQL Server 2000 Enterprise Edition with Clustering Enabled
    ==========================================================

    1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you successfully install SQL Server 2000 Service Pack 2.

    2. Navigate to a node of the cluster where the SQL Server instance is currently not running.

    3. Make a back up copy of the ssnetlib.dll files from the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files if they exist from the <installation path for this SQL Server instance>\Binn\Dll folder.

    4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files into the <installation path for this SQL Server instance>\Binn\Dll folder.

    5. Failover the SQL Server instance to the node in which the new binaries are now installed.

    6. Test the scenario for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.

    7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.

    8. After you verify the hotfix, repeat steps 1 through 3 on the remaining nodes in the cluster.


    =======================================================================
    Standard Hotfix Installation Steps
    =======================================================================


    1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you successfully install SQL Server 2000 Service Pack 2.

    2. Shut down the Microsoft SQL Server and SQL Server Agent services.

    3. Make a back up copy of the ssnetlib.dll files from the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files from the <installation path for this SQL Server instance>\Binn\dll folder.

    4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files into <installation path for this SQL Server instance>\Binn\Exe folder.

    5. Start the Microsoft SQL Server and SQL Server Agent services.

    6. Test the scenario for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.

    7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you think its wasting your time fixing a problem in you hijack log then you are wasting my time - fix it yourself!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489910

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice