[Resolved] Help needed with worm/trojan and parasit programs!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

alexrwl

Thread Starter
Joined
Oct 5, 2003
Messages
20
oh yeah and description and version BundleWare.com - think i mentioned that earlier
 
Joined
Dec 9, 2000
Messages
45,855
Shutdown and restart pressing the f8 key promptly to get the "boot menu".

Select the option for Safe Mode with Command Prompt. This will not load Explorer.

When the command shell opens enter:

del c:\windows\system32\*0111.dll

I don't think you will get an error message with that.

To exit, do a ctrl-alt-del and shutdown/restart from the Task Manager.

On rebooting I would do a full registry search for 0111.dll and delete all references.

You must always start a registry search with the file tree completely collapsed.

Another method that migh work without restarting is to open the Task Manager and terminate Explorer. Then click File > New Task> Run and run cmd to open a command shell and enter the del command from there. Restart Explorer by running explorer from the Task Manager > File > Run
 

alexrwl

Thread Starter
Joined
Oct 5, 2003
Messages
20
thanks rog for you help my closing explorer and running command prompt i managed to get rid of it

I also have a few .dll files in the system32 file that I am unsure if are connected to the parasite programs and would like to know if it is safe to delete them:

P2P Networking v123.cpl - i think this should go
btiein.dll - again i think this something to do with the spam programs
UDConn.dll - this one i am not sure is anything

lastly is it safe to delete all the files in \local settings\temp?

thanks for the help

Alex
 
Joined
Oct 9, 2001
Messages
9,396
P2P.....definately delete.
btiein....Ditto.
UDConn...........cant find anything on that one...Could possibly be part of your net connection so i would leave that one....unless Rog or Derek know more.

And..yes,its safe to delete the temp files.

Alex............It took a while and i think we ALL learned something here.
You take care.
;)
 

alexrwl

Thread Starter
Joined
Oct 5, 2003
Messages
20
yeah i think its all sorted now thanks Steve and rog for your help

Alex
 
Joined
Aug 12, 2004
Messages
1
Here is how I fixed this issue. I'd like to thank the posters above for their input as it helped me to arrive at the solution.

1.) Download pskill.exe from here http://www.sysinternals.com/files/pskill.zip
2.) Extract it to your desktop
3.) Open the task manager and locate the two oddly named executables
4.) Create a batch file that looks like so:

cd C:\Documents and Settings\Administrator\Desktop
pskill nguts.exe <---- syntax to tell pskill to kill the process
pskill lgw0.exe <---- syntax to tell pskill to kill the process
del C:\WINDOWS\System32\nguts.exe <-- path to oddly named exe
del C:\WINDOWS\System32\lgw0.exe <-- path to oddly named exe

5.) Run the batch file
6.) Use Hijack This to "fix" the final oddly named exe
6.) Drink a beer cause you just rid your machine of this crap :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top