1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I'm about to give up MARTFINDER

Discussion in 'Virus & Other Malware Removal' started by awaken1977, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. awaken1977

    awaken1977 Thread Starter

    Joined:
    Apr 21, 2004
    Messages:
    3
    Hi!
    A while ago IE started setting homepage to:
    http://martfinder.com/index.htm?aff=6600

    I understand that I have been infected with some sort of annoying cookie or programme that keeps changing the registry(and the default homepage in IE). I have searched the net for solutions and tried spybot, hijackthis, spywareblaster and adaware. I have tried removing weird entries in the registry and deleting suspicious programmes. Though nothing helps. "MFS Search" keeps coming up as my homepage. My computer also seems to run slower than before.. don't know if this is related to martfinder though.

    Here's a copy of latest hijack this report. I would be really greatful if anyone could help me and tell me what I need to remove. I'm about to format my whole PC, althogh I think that might be overreacting a bit ;)

    Logfile of HijackThis v1.97.7
    Scan saved at 05:06:15, on 22.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
    C:\PROGRA~2\Mouse\Amoumain.exe
    C:\Programfiler\QuickTime\qttask.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Programfiler\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\Programfiler\CyberScrub Trial\Cybscrub.exe
    C:\Programfiler\CyberScrub Trial\silent.exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Christer\Skrivebord\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://martfinder.com/index.htm?aff=6600
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 6\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 6\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~2\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~2\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\RunOnce: [CyberScurb] "C:\Programfiler\CyberScrub Trial\silent.exe" /R
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\windows\win.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37869.3091435185
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://flash.vg.no/codvg/cabs/cssweb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O19 - User stylesheet: C:\WINDOWS\win32.bmp

    end of logfile
    -------

    By the way, does this intruder cause any other security issues that I should be aware of?

    Thanks in advance! Chris
     
  2. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    Ok. Please do the following & we will see if we can get it sorted for you.
    Download CWShredder from here & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running CWShredder.

    Reboot after doing this & post another log please.
     
  3. awaken1977

    awaken1977 Thread Starter

    Joined:
    Apr 21, 2004
    Messages:
    3
    Here's the new logfile! Hope there's some change from the last one ...

    -Chris

    Logfile of HijackThis v1.97.7
    Scan saved at 13:22:40, on 22.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
    C:\PROGRA~2\Mouse\Amoumain.exe
    C:\Programfiler\QuickTime\qttask.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Programfiler\Java\j2re1.4.2_01\bin\jusched.exe
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\Documents and Settings\Christer\Skrivebord\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://martfinder.com/index.htm?aff=6600
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 6\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 6\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~2\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~2\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\windows\win.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37869.3091435185
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://flash.vg.no/codvg/cabs/cssweb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O19 - User stylesheet: C:\WINDOWS\win32.bmp
     
  4. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    CWShredder should have nuked martfinder. Did you have all windows closed??
    Anyway, try it this way.
    Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://martfinder.com/index.htm?aff=6600

    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\windows\win.exe

    O19 - User stylesheet: C:\WINDOWS\win32.bmp

    If Martfinder returns after a reboot, do the same again in safe mode.
     
  5. awaken1977

    awaken1977 Thread Starter

    Joined:
    Apr 21, 2004
    Messages:
    3
    Hi again!
    Thanks for all your help so far :) I really didn't have a clue what to look for.... I did what you said and now my homepage finally appeared after rebooting. Though I'm not sure whether the problem has been solved. Time will show! I've posted another logfile from HJT, which shows my system now. I sure hope I've managed to clean up martfinder. Do you know though whether martfinder is a security issue in terms of using online banking and so on? I'm worried about personal information being released of course. And do you have any advice on how I can protect myself from future incidenses?
    Once again, thanks ever so much for your help, don't know what I'd done without!


    Logfile of HijackThis v1.97.7
    Scan saved at 17:34:39, on 23.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
    C:\PROGRA~2\Mouse\Amoumain.exe
    C:\Programfiler\QuickTime\qttask.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Programfiler\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\win32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Christer\Skrivebord\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 6\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 6\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~2\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~2\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37869.3091435185
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://flash.vg.no/codvg/cabs/cssweb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Make sure you have all the relevent security updates from MS and you should be safe enough.

    This one needs fixing with HijackThis:
    O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe

    Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Locate and delete:
    C:\WINDOWS\win32.exe

    I would also check Norman A/V`s updates because it should have spotted that one.
    ;)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222792

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice