**** msn - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 03-09-2006, 01:02 PM   #1 (permalink)
True Techie
 
Join Date: Nov 2005
Posts: 114
Default **** msn

i have trouble with this exe file...called hellmsn.exe its impossible to remove....please help
__________________

i_learn is offline  
Old 03-09-2006, 01:05 PM   #2 (permalink)
True Techie
 
Join Date: Nov 2005
Posts: 114
Default

here is the hijack this log..........
Logfile of HijackThis v1.99.1
Scan saved at 11:33:34 PM, on 3/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Satyamurthy\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {B9170363-EAAE-B502-D108-BC3EC02073B7} - C:\WINDOWS\System32\bnwpl.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {ECEEEA2C-E00A-3999-9081-7E7C859A5931} - sound64.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: Win32 Classes -
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://usa-scripts.downloadv3.com/bi...ML/EGDHTML.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/in/games1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A34EBFE-58D4-446E-877A-0E2032493ADB}: NameServer = 85.255.113.117,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE2A61A9-82B4-40CB-A85E-AEB0801220FD}: NameServer = 202.63.173.66 202.63.164.18
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\l66o0gj3e6o.dll (file missing)
O20 - Winlogon Notify: winjit32 - C:\WINDOWS\SYSTEM32\winjit32.dll
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
__________________

i_learn is offline  
Old 03-09-2006, 01:18 PM   #3 (permalink)
Monster Techie
 
Join Date: Mar 2006
Posts: 1,533
Default

i dont see any hellmsn in this log you probably alredy got rid of it somehow , but i do see some other things that you need to remove
restart in safe mode (press F8 til youll see a menu and select "safe mode") run hijackthis scan again and tick these items and click "fix checked" and "yes"
R3 - URLSearchHook: (no name) - {B9170363-EAAE-B502-D108-BC3EC02073B7} - C:\WINDOWS\System32\bnwpl.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {ECEEEA2C-E00A-3999-9081-7E7C859A5931} - sound64.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\l66o0gj3e6o.dll (file missing)
O20 - Winlogon Notify: winjit32 - C:\WINDOWS\SYSTEM32\winjit32.dll
O16 - DPF: Win32 Classes -

when done search & delete these files
bnwpl.dll/sound64.dll/ 66o0gj3e6o.dll/winjit32.dll and restart and make a new log copy & paste it

now for an offtopic issue , what are you thinking?? from what i see in this log your not using any antivirus/firewall thats very dangerous , also i suggest youll install service pack 1 or 2
jeremy is offline  
Old 03-09-2006, 02:24 PM   #4 (permalink)
Master Techie
 
Join Date: Jul 2004
Posts: 2,932
Default

Yeah, seriously. I see you got Ad-Aware, but that's not going to get any viruses really. If yer not going to use an AV, don't even bother trying to keep things clean. You could spend your life sorting things out.

I mean, this is like writing in saying you're having trouble with dirt in your carburetor, but you aren't using an air filter. *smacks head*
__________________

-----------------------------------------------
Don\'t hate the player...Hate the game...
ShoobieRat is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:32 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.