|
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
![]() |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
|
|||
|
|||
|
I already had this posted...but in the wrong spot!
----------------------------------------------- Hi...When looking on the internet yesterday for viruses and Trojan horses that can be contracted from the file sharing program Grokster, I found information on a virus that may be infecting my computer titled Dlder.exe. I found that and deleted it, but still my computer will not cooperate with me and I think there is something I have missed. Can you read this log file and tell me if there is anything else that needs to be deleted? Logfile of HijackThis v1.97.7 Scan saved at 10:57:53, on 14/04/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\INTERACT\GAMING DEVICES\JOYACT.EXE C:\PROGRAM FILES\INTERNET CALL WAITING PC\CALLWAITING.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\DESKTOP\VERN\HIJACKTHIS_1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = URL R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = URL R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O1 - Hosts: 216.93.168.167 auto.search.msn.com O1 - Hosts: 216.93.168.167 sitefinder.verisign.com O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\PROGRAM FILES\PALM\FIRECONVERTERBROWSERHELPEROBJECT.DLL O2 - BHO: (no name) - {1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB} - C:\WINDOWS\SYSTEM\IEBRW.DLL O2 - BHO: (no name) - {A116A5C1-AD77-446C-992A-F56200B112DB} - C:\WINDOWS\SYSTEM\HMEPGE.DLL O2 - BHO: (no name) - {B405EE45-1AA2-410D-A6CF-1A74371DCD62} - C:\WINDOWS\SYSTEM\HOTLINK.DLL O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll O2 - BHO: Support Software - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\SUPPORT SOFTWARE\SS2.DLL O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKLM\..\RunOnce: [test] O4 - HKCU\..\RunOnce: [test] O4 - Startup: InterAct Profile Activator.lnk = C:\Program Files\InterAct\Gaming Devices\JoyAct.exe O4 - Startup: Internet Call Waiting PC.lnk = C:\Program Files\Internet Call Waiting PC\CallWaiting.exe O4 - User Startup: InterAct Profile Activator.lnk = C:\Program Files\InterAct\Gaming Devices\JoyAct.exe O4 - User Startup: Internet Call Waiting PC.lnk = C:\Program Files\Internet Call Waiting PC\CallWaiting.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Translate (HKLM) O9 - Extra 'Tools' menuitem: AV &Translate (HKLM) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM) O9 - Extra 'Tools' menuitem: AV Live (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Add to FireViewer Conduit (HKLM) O9 - Extra 'Tools' menuitem: Add to FireViewer Conduit (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra 'Tools' menuitem: IMI (HKLM) O9 - Extra button: Descargas (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.mysask.com O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - URL O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - URL O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - URL O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - URL O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL Also, when I press Ctrl+Alt+Delete, the task manager is always displaying a program called Explorer that can't be closed even when I'm not using the internet. Thanks for your help. -Sydney |
|
#2
|
||||
|
||||
|
explorer.exe is part of windows, it should always be running. Among other things, explorer is your file browsing system, task bar navigation, etc.
iexplorer.exe is internet explorer now you know. |
|
#3
|
||||
|
||||
|
get and run spybot search and destroy, then if you don't have your own antivirus software, to to trend micro and use their housecall online scan. Those should take care of things.
__________________
--Dave-- U2kgSG9jIExlZ2VyZSBTY2lzLCBOaW1pdW0gRXJ1ZGl0aW9uaXMgSGFiZXM= |
|
#4
|
|||
|
|||
|
http://www.answersthatwork.com/
and look at task list... they have an extensive definitive list of processes |
|
#5
|
||||
|
||||
|
moved...
|
|
#6
|
|||
|
|||
|
Hi haubrich,
Dlder.exe is advertising spyware. Considered to be one of the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities. Reported in the past as a virus. Did you do any of the suggestions the other people posted? You have a lot going on in your log. This is where I would start. Dump the filesharing program, ther are safer alternatives and begin with these: Windows Update has just released new critical updates. Download each one, rebooting when necessary. Please download and UPDATE Adaware (link below). Scan and remove all checked items. Reboot Download and UPDATE Spybot Search and Destroy (link below). Scan and remove all items marked in RED. Reboot Download and UPDATE Spywareblaster (link below). Enable all protectecion Post a fresh log to see how you are doing.. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting! |
![]() |
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Can someone read my HijackThis log file? |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|