Thread: Help
View Single Post
Old 08-07-2007, 03:18 PM   #10 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,341
OS: N/A


Re: Help
Do a HijackThis scan & place a check next to these items and select "Fix checked":

O4 - HKUS\S-1-5-20\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [irdmelt] 4E8.tmp (User 'NETWORK SERVICE')

I shall require a fresh log after this


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\LocalService\Application Data\Microsoft\jqtwb.dll"
"C:\Documents and Settings\LocalService\Application Data\Microsoft\qtzqzak.dll"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

nircmd service manual wmi
nircmd service start winmgmt

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________

Question - what have you done for the community today?
sUBs is offline