damn collage programmers

Discussion in 'malware problems & news' started by Neo, Jan 11, 2004.

Thread Status:
Not open for further replies.
  1. Neo

    Neo Guest

    On Friday I checked my computer for virus and came up with 85 threats in my computer. 84 were worms-dangit-,and 1 was . All these infested almost every applicant on my computer. Well i deleted them so I guess everything is find, but now I receive this message everytime i start my computer: o_O



    C:\WINDOWS\System32\System32.exe

    Windows cannot find 'C:\WINDOWS\System32\System32.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.


    Its a regulary just press okay message but with an x. I just want to know what is System32.exe is and what can I do to protect my computer from worms? :cool:
     
  2. Neo

    Neo Guest

    doh i think the post "SPECIAL: Instructions for disinfecting W32.." relates to my post
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Neo,

    If you could post your HijackThis log following these instructions: http://www.wilderssecurity.com/showthread.php?t=15913
    I should be able to help you get rid of that error.

    Regards,

    Pieter
     
  4. Neo

    Neo Guest

    Here it is, a nice look of all its

    Logfile of HijackThis v1.97.7
    Scan saved at 5:51:12 AM, on 1/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\BRMFRSMG.EXE
    C:\WINDOWS\System32\S3apphk.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Kazaa Lite K++\Kazaa.kpp
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ROLAND~1\LOCALS~1\Temp\Rar$EX02.823\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.davesmotors.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://81.211.105.9/index.php?v=1
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Microsoft Tray] C:\Program Files\Kazaa\My Shared Folder\WinterSports4 (1).exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IM] C:\PROGRA~1\EARTHL~1\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Neo,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://81.211.105.9/index.php?v=1
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

    Then reboot.

    That should do it.

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.