Tech Support Forum - View Single Post - Hi-jack this analyser log

Ried · 11-02-2005, 09:57 PM

Hello cleggsy,

Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Do not run it yet.

Please download the recently updated ETRemover

Reboot into Safe Mode.

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\WINDOWS\System32\msconfigx32.exe
C:\WINDOWS\system32\vcshots.exe
C:\WINDOWS\system32\i

Start KillBox.
Go to the File menu, and choose Paste from Clipboard.
*Verify that you've done this properly by clicking the dropdown-arrow next to the Full Path of File to Delete field. The filenames you pasted will be found in there.
Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click [Yes] at the 'Delete on Reboot' prompt. Click [No] at the Pending Operations prompt.

Run ETRemover.exe now. When it's done, follow the prompts, but don't restart yet. Do the below fixes first.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Microsoft Config 32] msconfigx32.exe
O4 - HKLM\..\RunServices: [Microsoft Config 32] msconfigx32.exe
O4 - HKCU\..\Run: [Microsoft Config 32] msconfigx32.exe

Reboot into Normal Mode. Run another scan with Kaspersky and post the results here along with a new HijackThis log.

11-02-2005, 09:57 PM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,609 OS: WinXP and Vista	Hello cleggsy, Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Do not run it yet. Please download the recently updated ETRemover Reboot into Safe Mode. Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C: C:\WINDOWS\System32\msconfigx32.exe C:\WINDOWS\system32\vcshots.exe C:\WINDOWS\system32\i Start KillBox. Go to the File menu, and choose Paste from Clipboard. Verify that you've done this properly by clicking the dropdown-arrow next to the Full Path of File to Delete field. The filenames you pasted will be found in there. Select/tick the following: Delete on Reboot * End Explorer Shell While Killing File * Unregister.dll Before Deleting" if it's not grayed out. Click the RED X button. Click [Yes] at the 'Delete on Reboot' prompt. Click [No] at the Pending Operations prompt. Run ETRemover.exe now. When it's done, follow the prompts, but don't restart yet. Do the below fixes first. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [Microsoft Config 32] msconfigx32.exe O4 - HKLM\..\RunServices: [Microsoft Config 32] msconfigx32.exe O4 - HKCU\..\Run: [Microsoft Config 32] msconfigx32.exe Reboot into Normal Mode. Run another scan with Kaspersky and post the results here along with a new HijackThis log. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."