Thread: Infected
View Single Post
  #5 (permalink)  
Old 25-05-2005, 11:25 PM
HJThis's Avatar
HJThis HJThis is offline
Senior Member
Loyal Contributor
  
Join Date: Aug 2004
Posts: 2,233
HJThis Helps others at D-A-LHJThis Helps others at D-A-L
Send a message via MSN to HJThis
Smile Re: Infected
Hi,Tib

First

Please change the location of HijackThis.exe.
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong

Press control-alt-delete to get into the task manager and end the follow processes if they exist:
winpadg.exe
fymkml.exe
msnpg.exe
rdsds.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [Service Drivers] msnpg.exe
O4 - HKLM\..\Run: [Windows Desktop Daemon] winpadg.exe
O4 - HKLM\..\Run: [Windows Compliant] fymkml.exe
O4 - HKLM\..\RunServices: [Service Drivers] msnpg.exe
O4 - HKLM\..\RunServices: [Windows Desktop Daemon] winpadg.exe
O4 - HKLM\..\RunServices: [Windows Compliant] fymkml.exe
O4 - HKCU\..\Run: [Service Drivers] msnpg.exe
O4 - HKCU\..\Run: [Windows Compliant] fymkml.exe
O4 - HKCU\..\RunServices: [Service Drivers] msnpg.exe

These here don't look like an ISP any idea what they are did
you add them your self if no then fix make sure
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = FOO
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = FOO
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = FOO

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:

Do a file Search for these files here if found delete them
msnpg.exe
winpadg.exe
fymkml.exe
rdsds.exe

Then do a reboot do this here

Go for free online Virus scans here:

http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

after doing all of the above till us how it is & show us new logfile

HGD
Last edited by HJThis; 25-05-2005 at 11:37 PM.
Reply With Quote