Re: Hijackthis log. I found one nasty. What is it ?

Forums » Up and Running » Security » Security » Hijackthis log. I found one nasty. What is it ?


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Why stupid F-Prot has two icons in the system tray »
« Best firewall for dialup on older computers

TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA

Re: Hijackthis log. I found one nasty. What is it ?

R1 is for Internet Explorers Search functions and other characteristics. I don't think wmplayer.exe belongs there. There are also several nasites with the same file name.

Use Windows Search (Start > Search > For Files or Folders), to search for each instance of wmplayer.exe

Please submit each instance of wmplayer.exe to the following link for a scan and post the results, along with the full path for any instance that was found to contain malware.

»virusscan.jotti.org/

In the meantime:

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

The two items you fixed were malicious entries that had replaced your default Windows Related links buttons. If you want to restore the Microsoft "Related Links" here is a tool to fix it. »www.mvps.org/winhelp2002/alexa.zip
Unzip, place "related.htm" into your "\WINDOWS\Web" folder Right-click on "RestoreAlexa.reg", select: Merge, and reboot.

Please restart your system and post a new HijackThis log
--
Proud ASAP member since 2005

permalink · 2005-07-03 22:22:42 · Print ·

email scope

join:2005-03-06
Canada

Re: Hijackthis log. I found one nasty. What is it

Logfile of HijackThis v1.99.1
Scan saved at 7:28:47 PM, on 7/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx Home\SAGUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Dell PC\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »update.microsoft.com/windowsupda···42952226
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
-------------

wmplayer.exe //ICWLaunch
Is gone. I already fixed it. I didn't know I should submit it. That other poster said it was fine.

There's no use in me submitting anything now. It's gone !

permalink · 2005-07-03 22:33:32 · Print ·

ronob
I'M Fixin It

join:1999-10-18
Fort Lauderdale, FL

Re: Hijackthis log. I found one nasty. What is it

said by email scope

:

wmplayer.exe //ICWLaunch
Is gone. I already fixed it. I didn't know I should submit it. That other poster said it was fine.

There's no use in me submitting anything now. It's gone !

"Use Windows Search (Start > Search > For Files or Folders), to search for each instance of wmplayer.exe

Please submit each instance of wmplayer.exe to the following link for a scan and post the results, along with the full path for any instance that was found to contain malware.

»virusscan.jotti.org/ "
--
I've been to the end of the internet!

permalink · 2005-07-03 22:45:43 · Print ·

your comment..

Forums » Up and Running » Security » Security	Why stupid F-Prot has two icons in the system tray » « Best firewall for dialup on older computers


Friday, 04-Dec 13:19:42	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF