Tech Support Forum - View Single Post - NOWFIND will NOT give up

kris84 · 03-24-2005, 04:19 PM

WAAHOOOOOOOOOOOOOOOOOOOOO!!!!!!!! Problem Solved!

Bobrocks, I thankyou so much for your time and assistance on this matter. Without your help I would still have the same problem.

I was infected with Trojan.Bookmarker.C

When you mentioned the xofAo.dll file, I did a quick google search on it, and it came back with ONE result - http://www.geekstogo.com/forum/Blood...t7533-s15.html

It appears this poor bugger has had the exact same problem as me. I went to this page, as it is linked to in the thread.http://securityresponse.symantec.com...kmarker.c.html I followed the instructions with a variation, because I couldnt find a particular subkey that was mentioned on that page.

This is what I done -
renamed mtwirl.dll to mtwirl.bak
renamed Mtwcnl32.dll to Mtwcnl32.bak
I could NOT fing the key mentioned on the symantec site ({3F143C3A-1457-6CCA-03A7-7AA23B61E40F})

HOWEVER When I navigated to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, The "DDE Control Module" was there, BUT WITH A DIFFERENT NAME! It was like {4Asomethin-a-rather}, I cant exactly remember. I took a mental note of that name, then navigated back to HKEY_CLASSES_ROOT\CLSID and searched for that subkey. It was there! So I deleted it. I restarted, and ran HijackThis, and fixed the all the nowfind things that came up. Since then, the system has been running fine.

ALSO There was a new reference to a file called ifgxsrvc.dll in HijackThis. I deleted the reference and aslo renamed the file to igfxsrvc.bak. I think this is an unrelated incident.

Thankyou once again, Bobrocks.

03-24-2005, 04:19 PM	#9 (permalink)
kris84 Registered User Join Date: Mar 2005 Location: Sunshine Coast, QLD, Australia Posts: 7 OS: XP SP1	Problem Solved!! WAAHOOOOOOOOOOOOOOOOOOOOO!!!!!!!! Problem Solved! Bobrocks, I thankyou so much for your time and assistance on this matter. Without your help I would still have the same problem. I was infected with Trojan.Bookmarker.C When you mentioned the xofAo.dll file, I did a quick google search on it, and it came back with ONE result - http://www.geekstogo.com/forum/Blood...t7533-s15.html It appears this poor bugger has had the exact same problem as me. I went to this page, as it is linked to in the thread.http://securityresponse.symantec.com...kmarker.c.html I followed the instructions with a variation, because I couldnt find a particular subkey that was mentioned on that page. This is what I done - renamed mtwirl.dll to mtwirl.bak renamed Mtwcnl32.dll to Mtwcnl32.bak I could NOT fing the key mentioned on the symantec site ({3F143C3A-1457-6CCA-03A7-7AA23B61E40F}) HOWEVER When I navigated to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, The "DDE Control Module" was there, BUT WITH A DIFFERENT NAME! It was like {4Asomethin-a-rather}, I cant exactly remember. I took a mental note of that name, then navigated back to HKEY_CLASSES_ROOT\CLSID and searched for that subkey. It was there! So I deleted it. I restarted, and ran HijackThis, and fixed the all the nowfind things that came up. Since then, the system has been running fine. ALSO There was a new reference to a file called ifgxsrvc.dll in HijackThis. I deleted the reference and aslo renamed the file to igfxsrvc.bak. I think this is an unrelated incident. Thankyou once again, Bobrocks.