Tech Support Forum - View Single Post - HIJack Log help with neededware and yazifind

Ried · 07-12-2005, 07:22 PM

Hello,

Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Reboot into Safe Mode.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\Documents and Settings\ErnieLai.ERNIE\ApplicationData\Sskcwrd.dl l
C:\Documents and Settings\Ernie Lai.ERNIE\Application Data\Sskknwrd.dll
C:\Documents and Settings\Ernie Lai.ERNIE\Application Data\Sskuknwrd.dll
C:\installer_MARKETING35.exe
C:\Program Files\Windows MediaPlayer\wmplayer.exe.tmp
C:\SSK3_B5 Verticlick8.exe
C:\WINDOWS\system32\npsfmd.exe
C:\WINDOWS\system32\npsfmdndw30103lib.dll
C:\WINDOWS\system32\WinStat11.dll

Using Windows Explorer, delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Documents and Settings\ErnieLai.ERNIE\ApplicationData
C:\installer_MARKETING35.exe
C:\Program Files\Windows MediaPlayer\wmplayer.exe.tmp--careful here, look at the full name and delete this exact file
C:\SSK3_B5 Verticlick8.exe
C:\WINDOWS\system32\npsfmd.exe
C:\WINDOWS\system32\npsfmdndw30103lib.dll
C:\WINDOWS\system32\WinStat11.dll

Reboot into Normal Mode. Run another scan with Panda ActiveScan and post those results here along with another HijackThis log.

07-12-2005, 07:22 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,886 OS: WinXP and Vista	Hello, Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Reboot into Safe Mode. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\Documents and Settings\ErnieLai.ERNIE\ApplicationData\Sskcwrd.dl l C:\Documents and Settings\Ernie Lai.ERNIE\Application Data\Sskknwrd.dll C:\Documents and Settings\Ernie Lai.ERNIE\Application Data\Sskuknwrd.dll C:\installer_MARKETING35.exe C:\Program Files\Windows MediaPlayer\wmplayer.exe.tmp C:\SSK3_B5 Verticlick8.exe C:\WINDOWS\system32\npsfmd.exe C:\WINDOWS\system32\npsfmdndw30103lib.dll C:\WINDOWS\system32\WinStat11.dll Using Windows Explorer, delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Documents and Settings\ErnieLai.ERNIE\ApplicationData C:\installer_MARKETING35.exe C:\Program Files\Windows MediaPlayer\wmplayer.exe.tmp--careful here, look at the full name and delete this exact file C:\SSK3_B5 Verticlick8.exe C:\WINDOWS\system32\npsfmd.exe C:\WINDOWS\system32\npsfmdndw30103lib.dll C:\WINDOWS\system32\WinStat11.dll Reboot into Normal Mode. Run another scan with Panda ActiveScan and post those results here along with another HijackThis log. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 07-12-2005 at 07:24 PM.