Tech Support Forum - View Single Post

greyknight17 · 07-02-2004, 08:23 AM

Do an online virus scan at TrendMicro or RAV Antivirus.

End the following processes:

exBceSL.exe
qlsodbcs.exe

Suspicious (wait for someone who knows what this is before doing anything with it):

O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP795c.dll

Check and fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolquiz.com/trivia/
F0 - system.ini: Shell=
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zeivfsl] "C:\WINDOWS\System32\zeivfsl.exe"
O4 - HKLM\..\Run: [exBceSL] C:\WINDOWS\System32\exBceSL.exe
O4 - HKLM\..\Run: [qlsodbcs] C:\WINDOWS\System32\qlsodbcs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/...torLauncher.cab

Reboot into Safe Mode (hit F8 key until menu shows up). Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Do a search for the following and delete them if they exist:

zeivfsl.exe"
exBceSL.exe
qlsodbcs.exe
C:\Program Files\Lycos – delete whole folder

Reboot and post a new HJT log file.

07-02-2004, 08:23 AM	#3 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,327 OS: Windows 98 & Windows XP Home/Pro My System	Do an online virus scan at TrendMicro or RAV Antivirus. End the following processes: exBceSL.exe qlsodbcs.exe Suspicious (wait for someone who knows what this is before doing anything with it): O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP795c.dll Check and fix the following: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = , R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = , R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = , R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolquiz.com/trivia/ F0 - system.ini: Shell= O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [zeivfsl] "C:\WINDOWS\System32\zeivfsl.exe" O4 - HKLM\..\Run: [exBceSL] C:\WINDOWS\System32\exBceSL.exe O4 - HKLM\..\Run: [qlsodbcs] C:\WINDOWS\System32\qlsodbcs.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/...torLauncher.cab Reboot into Safe Mode (hit F8 key until menu shows up). Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Do a search for the following and delete them if they exist: zeivfsl.exe" exBceSL.exe qlsodbcs.exe C:\Program Files\Lycos – delete whole folder Reboot and post a new HJT log file.