majnunaBABE Posted November 30, 2007 Report Share Posted November 30, 2007 (edited) SINCE POSTING THIS 20 MINUTES AGO I MANAGED TO FIX MY EXPLORER PROBLEM...I HAD THE IDEA OF RECOVERING THE VIRUS FILES AND RE-DELETING THEM AND APPARENTLY IT WAS A GOOD IDEA, BECAUSE IT WORKED...DONT KNOW WHY. HOWEVER I STILL HAVE THESE 2 PROBLEMS:I CONTINUE TO GET "UNSPECIFIED POTENTIAL SECURITY FLAW" ERROR WHEN OPENING MY DOCUMENTS OR RIGHT CLICKING THE DESKTOP AND RUNDLL32.EXE IS MISSING...any ideas??Thanks so much!old post:Explorer.exe keeps restarting and eventually shuts down all together. If I open it back up it continues to do the same thing. My rundll32.exe has magically disappeared also. I ran Spybot Search & Destroy, AdAware which found about 115 problems/malware/spyware and VundoFix, which found and deleted a file, I didnt save a log of that file name tho ...anyhoo after rebooting my problem persisted.update: when trying to right click on the desktop or open my documents computer says: Unspecified potential security flaw. Would you like to continuePlease help! I'll love you foreverThanks Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:34:40 PM, on 11/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO4 - Startup: .protectedO4 - Global Startup: .protectedO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 2408 bytes Edited November 30, 2007 by majnunaBABE Link to post Share on other sites
Andro1d Posted December 1, 2007 Report Share Posted December 1, 2007 Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------[*]Double click on combofix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Link to post Share on other sites
Recommended Posts