win2k problem hjtlog posted

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.
R

rimzan

Rimzan
Thread Starter
Joined
Sep 18, 2003
Messages
121
hello guyz,

i have a mechine using 2network cards for internet sharing i use it as a internet server. found couple of virusus like w32randex.gen and cleand it updated the AV run the CWSSHREDER my problem is now when i open the ie explorer it will flash on the screen for few seconds and gone also i cant run any dianostic program like regedit hapen same fate to it aswell. also my AV is now not loading at all .did windows update and instaled the patches before this hapen when windows load can c two dos windows opens and closes in fraction of seconds.

any clue guyz

heres my hjt log but i can c the current running procces in the hjt window but can in the log.

family key loger i instaled it


thanks in advance

rimzan
Logfile of HijackThis v1.97.7
Scan saved at 10:51:04 AM, on 4/13/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\FamilyKeyLogger\cisvc.exe
C:\WINNT\system32\wuapdc.exe
C:\WINNT\system32\wuapdc.exe
C:\WINNT\system32\regedlt.exe
C:\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Program Files\FamilyKeyLogger\cisvc.exe
O4 - HKLM\..\Run: [MBsync] wuapdc.exe
O4 - HKLM\..\Run: [tsx] regedlt.exe
O4 - HKLM\..\RunServices: [MBsync] wuapdc.exe
O4 - HKLM\..\RunServices: [tsx] regedlt.exe
O4 - HKCU\..\Run: [MBsync] wuapdc.exe
O4 - HKLM\..\RunOnce: [tsx] regedlt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38084.2668055556
 
Pancake

Pancake

Joined
Jan 9, 2004
Messages
313
W32/Sdbot-KA is/was an IRC backdoor Trojan and network worm.So you can remove these and see how it goes.

O4 - HKLM\..\Run: [tsx] regedlt.exe
O4 - HKLM\..\RunOnce: [tsx] regedlt.exe

Remove this one from your main files....
C:\WINNT\system32\regedlt.exe

Should you have problems just follow the instruction here..
http://www.us.sophos.com/virusinfo/analyses/w32sdbotka.html
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 336 (members: 5, guests: 331)
Top