Tech Support Forum - View Single Post

Herk · 05-30-2005, 08:20 PM

Hello Andy128

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

Please download nailfix at http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to the desktop but do NOT run it yet.

Download ewido security suite from here… http://www.ewido.net/en/download/

Update it’s database from here.. http://www.ewido.net/en/download/updates/

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time). (they shouldn't be - but double check):

C:\WINDOWS\system32\2ht4tljp.exe
C:\aight.exe
C:\WINDOWS\system32\seccp32r.exe
c:\windows\system32\rsvikct.exe
C:\Program Files\CxtPls\CxtPls.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

CxtPls

Please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run Ewido and let it clean the PC.

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O4 - HKLM\..\Run: [X6HW] C:\windows\system32\X6HW.exe
O4 - HKLM\..\Run: [WinScMngr] C:\WINDOWS\winsmc.exe
O4 - HKLM\..\Run: [2ht4tljp] C:\WINDOWS\system32\2ht4tljp.exe
O4 - HKLM\..\Run: [Lsass] C:\aight.exe
O4 - HKLM\..\Run: [p4mX37l] seccp32r.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [vtgwxph] c:\windows\system32\rsvikct.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. (if no directory, just do a search for them)

C:\WINDOWS\Nail.exe
C:\WINDOWS\systb.dll
C:\windows\system32\X6HW.exe
C:\WINDOWS\winsmc.exe
C:\WINDOWS\system32\2ht4tljp.exe
C:\ aight.exe
C:\WINDOWS\system32\seccp32r.exe
C:\WINDOWS\wupdt.exe
c:\windows\system32\rsvikct.exe
C:\WINDOWS\svcproc.exe
C:\Program Files\CxtPls

Reboot your System in normal mode.

If you have a fast internet connection (Broadband), run an online scan at Trend Micro or RAV Antivirus.
Please select the “autoclean” option when using Trend Micro.

Download FindIt’s to your desktop
Unzip/extract the files inside . Open the folder and run FindIt's.bat and wait for a text to open. It will take a while ... be patient ... then post the results here please, along with a fresh Hijack This log.

05-30-2005, 08:20 PM	#2 (permalink)
Herk Registered User Join Date: Feb 2005 Location: Georgia Posts: 584 OS: XP	Hello Andy128 Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked. Please download nailfix at http://users.pandora.be/bluepatchy/nailfix.zip Unzip it to the desktop but do NOT run it yet. Download ewido security suite from here… http://www.ewido.net/en/download/ Update it’s database from here.. http://www.ewido.net/en/download/updates/ Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time). (they shouldn't be - but double check): C:\WINDOWS\system32\2ht4tljp.exe C:\aight.exe C:\WINDOWS\system32\seccp32r.exe c:\windows\system32\rsvikct.exe C:\Program Files\CxtPls\CxtPls.exe Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: CxtPls Please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal. Run Ewido and let it clean the PC. Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll O4 - HKLM\..\Run: [X6HW] C:\windows\system32\X6HW.exe O4 - HKLM\..\Run: [WinScMngr] C:\WINDOWS\winsmc.exe O4 - HKLM\..\Run: [2ht4tljp] C:\WINDOWS\system32\2ht4tljp.exe O4 - HKLM\..\Run: [Lsass] C:\aight.exe O4 - HKLM\..\Run: [p4mX37l] seccp32r.exe O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe O4 - HKLM\..\Run: [vtgwxph] c:\windows\system32\rsvikct.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe *Please remember to close all other windows, including browsers then click Fix checked.* Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. (if no directory, just do a search for them) C:\WINDOWS\Nail.exe C:\WINDOWS\systb.dll C:\windows\system32\X6HW.exe C:\WINDOWS\winsmc.exe C:\WINDOWS\system32\2ht4tljp.exe C:\ aight.exe C:\WINDOWS\system32\seccp32r.exe C:\WINDOWS\wupdt.exe c:\windows\system32\rsvikct.exe C:\WINDOWS\svcproc.exe C:\Program Files\CxtPls Reboot your System in normal mode. If you have a fast internet connection (Broadband), run an online scan at Trend Micro or RAV Antivirus. Please select the “autoclean” option when using Trend Micro. Download FindIt’s to your desktop Unzip/extract the files inside . Open the folder and run FindIt's.bat and wait for a text to open. It will take a while ... be patient ... then post the results here please, along with a fresh Hijack This log. __________________ Spybot S&D\| Adaware SE\|Spyware Prevention