|
Ping: Spyware experts
I have two annyoing spyware programs called rundll.exe and rpen. exe. I have run hijackthis and below is my log file. I close these programs out everyitme I boot the computer up. However, I still find that they come up at random times. Can someone take a look at the logfile and see what needs to be deleted? The programs were not running when I did the scan.
Quote:
|
Damn!!! :eek: You're full.
These C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE are 100% spywares/trojans. I deleted 'em a lot of times on PCs. In my opinion the best way to remove this trash is the one that I proposed in this thread, post #7. If you have doubts/questions just ask, no problem. EDIT: Mmmhhh... I've just read the entire log. I gotta tell you: in these cases, IMO, it's better to re-format. Too much stuff to clean. |
I don't know what you are thinking but none of those are trojans. They are all in the correct location. Those are nessecary system files, and deleting them will cause your machine to not work.
|
Quote:
So you've permanantly disabled lots of PC's, eh? Fucking moron. I guess I shouldn't complain too much. Dumbasses like you keep me working. |
You guys beat me to it...
|
Quote:
Anyway, you guys are right: these files are in the right locations. Usually spywares/trojans have the same names as the files above, but they're in the C:\WINDOWS folder and they're not copyrighted by Microsoft. I didn't read correctly. My bad. |
Yeah, back off the guy. He was trying to help and those are common virus files, if not in those locations.
Man, there's a lot of junk there. Weather bug, Ebates, tons of garbage poker items- do you have these all installed and running? O4 - HKCU\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe This one looks suspicious to me- I don't recognize that file. There's a "Magnify.exe" but not magenify. C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE This one looks a little out of place but I haven't used Netscape for a while. The only reason I say that is because it's buried 2 deep in directories- but that may be the correct structure. Easy enough to check if that's the correct place by seeing what that file actually is. SI |
Quote:
While they certainly can get infected with viruses, the files themselves are Windows operating system files. Any IT person worth 2 cents would know this. Telling people to delete files off their computer without knowing what the hell you're talking about is going to raise my ire. I've been down that road WAY too many times (cleaning up the mess left afterwards). |
Quote:
simmer down, asshole. |
Here is what I am looking at deleting:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.119.33.134:8000 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) O3 - Toolbar: (no name) - {520F0E29-3059-4B6D-966F-E96E4462C90B} - (no file) O4 - HKCU\..\Run: [Jyom] C:\WINDOWS\System32\r?ndll.exe O4 - HKCU\..\Run: [Usrr] "C:\Program Files\etea\rpen.exe" -vt ndrv O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) Here is files I am not sure about: O2 - BHO: (no name) - {AC989A12-54FB-7A75-8A64-0CC54F7813E3} - C:\WINDOWS\System32\jxle.dll O2 - BHO: (no name) - {D2306755-ACB0-460C-B84E-BCF67016C83F} - C:\WINDOWS\System32\ecompstui.dll (file missing) O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe Does everything look right? Am I missing anything obvious in the files that I am not sure about. I also had a file named wuaudit that came up every time I booted up the computer. I think Microsoft Anti-spyware got rid of that though. |
Looks like a good call on most of that stuff.
Nwiz.exe is an nVidia utility so you may want to keep that. Similarly, hpztsb04.exe is an HP deskjet utility. Everything else in the top section looks good to get deleted. Just make sure you check once you get rid since some come back. SI |
Before you go into anything too complicated I would definately suggest you try Spybot SD and definately Microsoft Antispyware to clean up what spybot cant. I would surmise that would solve your problems efficiently.
|
GE
You should be fine deleting those files. Also run Ad-Aware and Spybot Serach & Destroy on your system. After running them reboot and run SpywareBlaster. The first 2 will get rid of alot of spyware, and the third one will keep your system very safe, as it runs in the background, but does use system resources. The nice thing with HighjackThis, if you delete one of those entries you find out you really need, you can have the program put it back. Another good program is CCleaner, v1.26.218, is the latest version. It can remove alot of the build up that you have in your registry without having to re-format the HD. It will scan your system and let you know which items it has found that you may have thought you had removed at an earlier time. Also, the Add/Remove portion of Windows doesn't always remove registry links and CCleaner will let you know which programs didn't get removed properly. Those 4 programs should keep you spyware free, and since you already have an anti-virus program you should be all set. John |
You need to spend some time on this computer:
In Safe Mode: Run McAfee Stinger. Run Ad-Aware SE Personal (with latest updates). Run HijackThis (with latest version). **I don't like any poker references. They're all trash. Get rid of them too. |
Neat- learned a new thing today. Never used CCleaner but now I've got 4 programs (along with Adaware, Spybot, HijackThis) in my "anti-spyware" arsenal.
SI |
GE, have you posted this on hxxp://www.castlecops.biz ? If not, post your hijackthis log in the Spyware, Trojans, Oh My! Forum and youll get great assistance.
|
Quote:
Delete all the ones you are not sure about except the hpztsb04.exe, thats your HP Printer taskbar utility. The ones you are looking to delete are all ok to delete. Remember though, this only effects the registry, HiJackThis doesnt actually remove the files. Download Ad-Aware, Spybot S&D, CCleaner, Avast! Antivirus, AVG Anitvirus, Ewido Antivirus. Install and update them all in Windows, then reboot into safe mode. Dont leave safe mode until youve ran all 6 of those programs. You should be aok after that. |
| All times are GMT -5. The time now is 09:35 PM. |
Powered by vBulletin Version 3.6.0
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.