Tech Support Forum - View Single Post

tetonbob · 02-26-2005, 02:21 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\SYSTEM\nhcginaxu.exe
{A2CDF2EA-4F11-4778-920E-0033BAFA7C1D}.dat
{B577DF33-655C-480F-AD6F-370AAD60D45E}.dat

Open C:\WINDOWS\WININIT.BAK for editing with Notepad, delete these lines:

[Rename]
NUL=c:\_RESTORE\TEMP\A0169280.CPY
NUL=c:\_RESTORE\TEMP\A0169279.CPY

and save the file.

Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here.

02-26-2005, 02:21 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,203 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\WINDOWS\SYSTEM\nhcginaxu.exe {A2CDF2EA-4F11-4778-920E-0033BAFA7C1D}.dat {B577DF33-655C-480F-AD6F-370AAD60D45E}.dat Open C:\WINDOWS\WININIT.BAK for editing with Notepad, delete these lines: [Rename] NUL=c:\_RESTORE\TEMP\A0169280.CPY NUL=c:\_RESTORE\TEMP\A0169279.CPY and save the file. Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here.