1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

thanks a lot for your help

Discussion in 'Virus & Other Malware Removal' started by kryptonite2083, Jul 25, 2006.

Thread Status:
Not open for further replies.
  1. kryptonite2083

    kryptonite2083 Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    1
    thanks a lot for help on removing the trojan downloader ruin. Much appreciated.:)

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nremd
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38D46B976E19-8748-2504-411A-769A7404{
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    "dmern.exe"=-
    ...

    PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Example ipsec6.exe is legitimate

    »»»»» Search by size and names...
    C:\WINDOWS\SYSTEM32\IPSEC6.EXE

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool

    »»»»»
    Search five digit cs, dm and jb files
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    C:\WINDOWS\SYSTEM32\DMAZE.EXE 61,955 2004-08-04
    C:\WINDOWS\SYSTEM32\DMCID.EXE 61,955 2004-08-04
    C:\WINDOWS\SYSTEM32\DMERN.EXE 61,955 2004-08-04
    C:\WINDOWS\SYSTEM32\DMHOM.EXE 61,955 2004-08-04
    C:\WINDOWS\SYSTEM32\DMMBD.EXE 61,955 2004-08-04
    C:\WINDOWS\SYSTEM32\DMRAL.EXE 61,955 2004-08-04
    C:\WINDOWS\SYSTEM32\DMRBV.EXE 61,955 2004-08-04
    C:\WINDOWS\SYSTEM32\DMTYC.EXE 61,955 2004-08-04
    Other suspects
    Directory of C:\WINDOWS\system32
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486430

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice