Printable View
something adds urreeswc.dll and hgGyywxw.dll to autostart and cannot be deleted, i can't browse some sites and use search on google and few others...
[URL="http://robertk.webd.pl/diox/avptool_syscheck.zip"]http://robertk.webd.pl/diox/avptool_syscheck.zip[/URL]
[URL="http://robertk.webd.pl/diox/hijackthis.log"]http://robertk.webd.pl/diox/hijackthis.log[/URL]
Execute the following script
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\mlJCTKcc.dll','');
QuarantineFile('C:\Program Files\Antispyware\Antispyware.exe','');
QuarantineFile('C:\WINDOWS\system32\urreeswc.dll','');
QuarantineFile('C:\WINDOWS\system32\hgGyywxw.dll','');
DeleteFile('C:\WINDOWS\system32\hgGyywxw.dll');
DeleteFile('C:\WINDOWS\system32\urreeswc.dll');
DeleteFile('C:\WINDOWS\system32\mlJCTKcc.dll');
DelBHO('FFFB03AD-A461-4B99-9A23-D3B127D7C995');
DelBHO('12401F00-D6DD-4112-B187-E8681685D182');
DelWinlogonNotifyByKeyName('mlJCTKcc');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/code]
Your computer will reboot.
Upload the quarantined files according to [url=http://virusinfo.info/showthread.php?t=9184]the rules[/url].
Uninstall the program "Antispyware".
Make new logs.
antispyware uninstalled, quarantined files sent
[URL="http://robertk.webd.pl/diox/2/avptool_syscheck.zip"]avptool_syscheck.zip[/URL]
[URL="http://robertk.webd.pl/diox/2/hijackthis.log"]hijackthis.log[/URL]
Task Scheduler jobs - delete the task about Antispyware
Execute the script
[code]begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\DOCUME~1\User\USTAWI~1\Temp\ewdmaudn.sys','');
DeleteFile('C:\DOCUME~1\User\USTAWI~1\Temp\ewdmaudn.sys');
DeleteFile('C:\WINDOWS\system32\hgGyywxw.dll');
DelBHO('0C5B329C-A62E-40C4-ABB0-1459CBE328AA');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('TSW', 3, 3, false);
BC_DeleteSvc('ewdmaudn');
BC_Activate;
RebootWindows(true);
end.[/code]
Your computer will reboot.
Upload the quarantined files.
Make new logs.
scheduler task deleted
[URL="http://robertk.webd.pl/diox/3/avptool_syscheck.zip"]avptool_syscheck.zip[/URL]
[URL="http://robertk.webd.pl/diox/3/hijackthis.log"]hijackthis.log[/URL]
-[URL="http://virusinfo.info/showthread.php?t=9206"]Fix it[/URL]
[CODE]O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
[/CODE]
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
You must install the Service Pack 3.
It's no more any malware signs in your logs.
I dont see anything bad in the logs anymore
Execute the script
[code]
begin
ExecuteWizard('TSW', 2, 2, true);
end.
[/code]
I recommend to delete the program "Bonjour".
Any problems left?
thanks a lot, everything works well now, btw do i still need sp3 if i have legal xp with recent updates? and how to get rid of this "bonjour" thing? i know it's there but don't know how to get rid of it
[QUOTE=dioxxx;268556] do i still need sp3 if i have legal xp with recent updates ?[/QUOTE]Yes, you do. :)
[QUOTE=dioxxx;268556]and how to get rid of this "bonjour" thing? [/QUOTE]Google knows just all: [url]http://www.ajuaonline.com/2007/10/02/how-to-remove-bonjour-service/[/url] ;)
[QUOTE=Rene-gad;268558]Yes, you do. :)[/QUOTE]
downloading immediately ;-D thanks a lot for quick help guys
dioxxx,i think, the best thing it is prevention infection in the future ;)
Don't use an admin account in the internet, make a new, a limited one ;) [url]http://www.microsoft.com/protect/computer/advanced/useraccount.mspx[/url]
Disable active scripting in browser by default, the best and comfortable way to do it - is using firefox+noscript ;)
In these simple steps you can prevent function/installation about 90 percent of the malware ;)
i'm using opera and don't want to switch to ff besides i got infected by my own stupidity downloading crap from unknown sites, anyway i'll think about this account thing, thanks for all your help