Thread: Need help removing "mm27nov[1].exe", and other
View Single Post
Old 01-22-2008, 03:48 AM   #6 (permalink)
Angelfire777
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Need help removing "mm27nov[1].exe", and other
Hi,

Quote:
that scan took FOREVER
Hehehe..

Quote:
enjoy the results :
The fix failed because SDFix wasn't installed in its default location..
===========
Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type fix2.bat in the File name and save it to your desktop.

Code:
@echo off
if [%1]==[2B] goto 2B
copy /y "%userprofile%\desktop\SDFix\catchme.exe" %windir%>nul
attrib -s -h -r "%userprofile%\desktop\SDFix\apps"
copy /y "%userprofile%\desktop\SDFix\apps\swreg.exe" %windir%>nul
copy /y "%userprofile%\desktop\SDFix\apps\swsc.exe" %windir%>nul

for %%g in (
"C:\WINDOWS\system32\msnat.exe"
"C:\windows\winsysupd.exe"
"C:\WINDOWS\system32\httskm.exe"
"C:\WINDOWS\system32\sysdamp.exe"
"C:\WINDOWS\system32\iphttphl2.dll"
"C:\uxgq.exe"
"C:\WINDOWS\system32\xpdx.sys"
"C:\DOCUME~1\Tomek\LOCALS~1\Temp\laf9B.tmp"
) do (
catchme -k %%g
)>nul

for %%g in (
"HKLM\software\microsoft\shared tools\msconfig\startupreg\winsysupd"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\httskm"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\CU2"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\CU1"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\Biasheart"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\64 CHIC FAST TRAY"
"HKLM\software\microsoft\shared tools\msconfig\startupreg\04cg0ryk.dll"
) do (
swreg delete %%g /f
)>nul

swreg delete "HKLM\software\microsoft\windows\currentversion\runonce" /v NoIE4StubProcessing>nul
swreg add "HKLM\software\microsoft\windows\currentversion\runservices"
swreg add "hklm\software\microsoft\windows\currentversion\runonce" /v "Kill" /d ""%comspec%" /c %~s0 2B"
pause
"%userprofile%\desktop\SDFix\apps\restartit!.exe" /reboot
exit
:2B
for %%g in (
"C:\WINDOWS\system32\msnat.exe"
"C:\windows\winsysupd.exe"
"C:\WINDOWS\system32\httskm.exe"
"C:\WINDOWS\system32\sysdamp.exe"
"C:\WINDOWS\system32\iphttphl2.dll"
"C:\uxgq.exe"
"C:\WINDOWS\system32\xpdx.sys"
"C:\DOCUME~1\Tomek\LOCALS~1\Temp\laf9B.tmp"
"C:\Documents and Settings\Tomek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-77501b9c.zip"
"C:\Documents and Settings\Tomek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-203caaad.zip"
"C:\Documents and Settings\Tomek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-3cf763ff.zip"
"C:\Documents and Settings\Tomek\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-74249065-2c6607c4.zip"
"C:\Documents and Settings\Tomek\Local Settings\Temporary Internet Files\2314.exe"
"C:\Documents and Settings\Tomek\Local Settings\Temporary Internet Files\Content.IE5\EJFO6KUQ\zgshj[1].htm"
"C:\Documents and Settings\Tomek\Local Settings\Temporary Internet Files\Content.IE5\KP6FOLMB\lsegihwln[1].txt"
"C:\Documents and Settings\Tomek\Local Settings\Temporary Internet Files\go2314.exe"
"C:\Documents and Settings\Tomek\Local Settings\Temporary Internet Files\loadadv601.exe"
) do (
del /a/f/q %%g
)>nul

swsc stop xpdx>nul
swsc stop MSNAT>nul
swsc stop mp32>nul
swsc delete xpdx>nul
swsc delete MSNAT>nul
swsc delete mp32>nul

pause
exit
Locate Fix2.bat on your Desktop and double-click on it.
_______

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Click Start > Control Panel
  • Click Add/Remove Programs
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u4, and install it to your computer.

On your next reply, please include a
  • Fresh DSS main.txt log
  • A detailed description on how's your machine running.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Last edited by Angelfire777; 01-22-2008 at 03:53 AM.
Angelfire777 is offline