Executing cmd or regedit from Run crashing explorer XPP SP3 Lockups and hangs frequent. Google searches were pointing to adds no matter what was searched for earlier in this month.
See attached logs
regards,
-dave
Executing cmd or regedit from Run crashing explorer XPP SP3 Lockups and hangs frequent. Google searches were pointing to adds no matter what was searched for earlier in this month.
See attached logs
regards,
-dave
Execute this script in avz:
Please upload quarantine in accordance to App #3 of our rules, by link: http://virusinfo.info/upload_virus_eng.php?tid=41561Код:begin QuarantineFile('C:\WINDOWS\Downloaded Program Files\ieatgpc.dll',''); QuarantineFile('C:\WINDOWS\system32\BrMuSNMP.dll',''); end.
Let us know, when you done.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Files have been uploaded. I believe they are commercial products but maybe not. - ieatgpc.dll = Webex - BrMuSNMP.dll = Brother printers please advise. regards, -dave
Nothing malicious was found in your files
Do you remember after what it is start ? Perhaps this malefaction caused by some program that you did installed lately?
Lets try another thing: please download in my signature special avz, disable antivirus, lunch you browser and make with special avz-> virusinfo_syscure.zip
Attach it to next post on this topic.
Use ccleaner portable to clean your system.http://www.ccleaner.com/download/bui...ading-portable
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Well some other searching on the subject found an article on bleepingcomputer.com which led to another site that suggested checking the drivers32 section of the registry for suspect "aux"(n) entries.
In my case using Ultimate Boot CD (couldn't run regedit even after renaming in safemode) I found
Note the ".." in the data which means go up twice in the directory structure, that would inidcate the root of 'c:\' however the file was actually found in the "WINDOWS" directory in this instance so it was executed by being in the path variable. I understand by the second article that this may be placed in other directories and of course the name is randomized in some fashion - so a general search should find out where it actually is. The only attribute set was archive. The modify date was from 4/08 and the creation date was 8/04. Clever.Код:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "aux2"="C:\\WINDOWS\\system32\\..\\qpja.nik"
Would you like me to upload to quarantine by zipping and adding virus password?
regards,
-dave
ref:
1. http://www.bleepingcomputer.com/forums/topic209960.html
2. http://miekiemoes.blogspot.com/2008/...rchengine.html
use an avz to copy this suspicious file, avz will put a password automatically.
read app#2 of the rules
uploading by http://virusinfo.info/upload_virus_eng.php?tid=41561 , as you did it before.
nevertheless, i would like to see a log from special avz.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D