Tech Support Forum - View Single Post - Wrapperouter, seedcorn, uci

skate_punk_21 · 07-10-2005, 09:52 AM

Downloads
Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. If you have trouble updating, you may do it manually at http://www.ewido.net/en/download/updates/ DO NOT RUN IT YET

Download Killbox

Run Downloaded Program #1
Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\system32\PSof1.exe
C:\WINDOWS\system32\uci.exe
C:\WINDOWS\system32\seedcorn.exe
C:\WINDOWS\RMAgentOutput.dll
C:\WINDOWS\System32\nmahll.exe

Boot Into Safe Mode
Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Run Downloaded Program #2
Next Run a "Complete System Scan" in Ewido. Save the log from the Ewido scan so that you can post it later.

Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nmahll.exe reg_run

Please remember to close all other windows, including browsers then click Fix checked.

Boot Back Into Normal Mode

Post:
1. Ewido Log
2. New HijackThis Log

How are things going now? Any problems??

07-10-2005, 09:52 AM	#10 (permalink)
skate_punk_21 1337 C0D3R Join Date: Mar 2005 Location: Canada Posts: 1,460 OS: Server 2K3/XP Pro/XP MCE/Win 98/Ubuntu Linux/BackTrack 2 My System	Downloads Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. If you have trouble updating, you may do it manually at http://www.ewido.net/en/download/updates/ DO NOT RUN IT YET Download Killbox Run Downloaded Program #1 Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\WINDOWS\system32\PSof1.exe C:\WINDOWS\system32\uci.exe C:\WINDOWS\system32\seedcorn.exe C:\WINDOWS\RMAgentOutput.dll C:\WINDOWS\System32\nmahll.exe Boot Into Safe Mode Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Run Downloaded Program #2 Next Run a "Complete System Scan" in Ewido. Save the log from the Ewido scan so that you can post it later. Start HijackThis Fix Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nmahll.exe reg_run *Please remember to close all other windows, including browsers then click Fix checked.* Boot Back Into Normal Mode Post: 1. Ewido Log 2. New HijackThis Log How are things going now? Any problems?? __________________ Have I Helped you? Please Consider a Donation to TechSupportForums Last edited by skate_punk_21; 07-10-2005 at 10:10 AM.