1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problems with "DJRUNNER2.EXE" HIJACK This File Please!!

Discussion in 'Virus & Other Malware Removal' started by EllisDTrails, Apr 27, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. EllisDTrails

    EllisDTrails Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    54
    Hello guys,

    My first problem is pretty current - I continue to get this erroer pop-up message recently, prompting me to find djrunner2.exe file that is no longer on my system.
    C:\WINDOWS\SYSTEM\BIN\djrunner.exe
    "Windows cannot find "C:\WINDOWS\SYSTEM\BIN\djrunner.exe." Make sure you typed the name correctly, and then try again. To search for click this file, click on the Start button, and then click Search."

    *ALSO* Whenever I try to restart/turn off my computer, I get an "End Program" prompt from windows for a program called "bionho32.exe" I've done a Google search on this, and no results. Any ideas fellas?

    Here is my HiJack file:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:44:23 PM, on 4/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SBC\Connection Manager\CManager.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
    D:\Program Files\WinDates\WinDates.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    D:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\Rtdx112.dat
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
    O2 - BHO: (no name) - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
    O2 - BHO: (no name) - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
    O4 - Startup: WinDates.lnk = D:\Program Files\WinDates\WinDates.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
    O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
    O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: eBay Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Merriam-Webster (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ubopkevd.exe
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://ff.fullaudio.com.edgesuite.net/f/1914/8819/1d/software.fullaudio.com/sbc/3.0.0.36/setup.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/toolbar/webinstall.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26f48fd8afc415c6ab04/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/import/emailimport.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37583.6587268518
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos8.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.m-w.com/tools/toolbar/cabs/m-w.cab
    O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{96DAB499-B95C-4652-BDFA-AE14513D7A22}: NameServer = 206.13.29.12 206.13.30.12

    Thanks!
     
  2. EllisDTrails

    EllisDTrails Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    54
    Hm, anyone?
     
  3. quiffhead

    quiffhead

    Joined:
    Apr 28, 2004
    Messages:
    9
    Hi there, I've been searching the net myself today, as I have exactly the same problem with djrunner2.exe as you. I came across this site linked from somewhere else but I'm at a loss as to what the problem is. I don't even know what the file is or does? All I know is, I keep getting the very same mesage you posted

    "Windows cannot find "C:\WINDOWS\SYSTEM\BIN\djrunner.exe." Make sure you typed the name correctly, and then try again. To search for click this file, click on the Start button, and then click Search."

    So if you do come across a solution please let me know, likewise I shall do the same for you :eek:)
    Out of curiosity, have you recently installed yahoo messenger beta? As this is the most recent thing I've installed & am wondering if it is related?

    Regards
    Jason
     
  4. EllisDTrails

    EllisDTrails Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    54
    Quiffhead - no I have not downloaded Yahoo Messenger beta recently.

    I have done a little research after my post and I found that the cause of this is a program called DJohn (which is also loacted in my C:\Windows\system\bin\bin folder) , which is the work of someone by the name of John the Rippr, a notorious password cracker.
    I found the following information: http://ktulu.com.ar/en/djohn.php

    I don't know how this got on my computer, but it is impossible to delete! I have downloaded programs that delete files permemantly, they continue to reappear when I get that pop-up message from Windows. Anyone know of any way to ger rid of this program?
     
  5. quiffhead

    quiffhead

    Joined:
    Apr 28, 2004
    Messages:
    9
    I just checked my folder C:\Windows\system\bin\bin folder) & theres a whole bunch of stuff in it related to john, like yourself I have no idea how it got on my system but it seems like you are getting closer to the problem.
    On a side note, I'm new here & notice in many threads the use of the term "hijack this" you say it in your innitial post, what does this mean, it is a term I am not familier with?

    Jason
     
  6. quiffhead

    quiffhead

    Joined:
    Apr 28, 2004
    Messages:
    9
    Update...just checked my firewall & there were john files in there shown to be communicating to the net, so I am now wondering if someone has hacked me & has put this john programme on here to try n crack my paswords? It's a long shot sure, I have no idea about this stuff!
     
  7. hylander

    hylander

    Joined:
    Apr 28, 2004
    Messages:
    1
    Hello
    I have just been looking at a machine that that has this same djrunner message popping up. I went into the startup tab in msconfig and the program was there. I have taken the check mark off and rebooted machine. The check mark is still off so waiting to see if that stops it from coming back. Not a permant fix but at least stop the annoyance. Still a bit disconcerting if this is a password cracking program.... :-/

    Thanks
    G
     
  8. EllisDTrails

    EllisDTrails Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    54
    Update: Found the following informtion regarding "John The Ripper" software:

    http://www.pestpatrol.com/pestinfo/j/john_the_ripper.asp

    I've ran PestPatrol a few times now and everything it detected John The Ripper AKA DJohn, DJRUNNER software and I deleting it. However I continue to recieve the annoying pop-up.
     
  9. Codacs

    Codacs

    Joined:
    Apr 29, 2004
    Messages:
    1
    hmm...I got the same problem, delted it, and still it's throwing that annoying error message at me.
    anybody??
     
  10. cutiecat

    cutiecat

    Joined:
    Apr 29, 2004
    Messages:
    7
    I have been getting this pop up for the last couple of days on my laptop at home. I have also been getting an exit message about a .exe file. I will follow the advice from pest patrol when I get home. I am not a tech person at all and welcome any advice. I am also very concerned that my passwords are now cracked, how would I know? :confused:

    If anyone has any further ideas how I can remove this horrible thing please post.

    (y)
     
  11. EllisDTrails

    EllisDTrails Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    54
    Which .exe would the exit message be about?

    Still no luck with deleting DJohn successfully. When I do delete it, it reappears in the BIN file a few laters afterwards.
     
  12. cutiecat

    cutiecat

    Joined:
    Apr 29, 2004
    Messages:
    7
    The .exe was something like 'hhohan32.exe' but I am not totally sure of the spelling. I can check tonight and let you know.

    Is this something that Mcafee will post a patch for as I am subscribed to that anti virus software.

    Thanks
     
  13. Shane_82

    Shane_82

    Joined:
    Apr 29, 2004
    Messages:
    3
    I also came across this problem today. This is what I did:

    When the File Not Found box came up, I Ctrl-Alt-Del to bring up the Task Manager, I then looked at the processes to see if there were any unusual ones running. The 1 I found was called "Rtdx112". I then did a search for it on my system and it found 2 locations. The actual filename is "Rtdx112.dat". I deleted the file at both locations and I havn't received another popup since. Hope this helps.

    -Shane
     
  14. Shane_82

    Shane_82

    Joined:
    Apr 29, 2004
    Messages:
    3
    Nevermind...just got the popup again....
     
  15. quiffhead

    quiffhead

    Joined:
    Apr 28, 2004
    Messages:
    9
    I have deleted all the djohn related files, removed all registry entries, removed the start up related entry & still get the message pop up, then the files I removed reappear! This is doing my head in!!

    Jason
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224485

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice