Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Norton detected that my explorer.exe is infected with the w32.spybot.worm virus,
but it can't remove it. How do I go about cleaning this file? One other note,
every time I login to Windows, two Windows Explorer windows open on me.Thanks
Below is the HijackThis log:
Logfile of HijackThis v1.97.7
Scan saved at 9:15:32 PM, on 12/11/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\System32\EXPLORER.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\GuruNet\GuruNet.exe
C:\Program Files\Navnt\navapw32.exe
C:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Microsoft Office\Office\EXCEL.exe
C:\Documents and Settings\George Meister\Desktop\regedt32_test.exe
C:\My Documents\Downloads\HijackThis.exeR3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Winsock2 driver] EXPLORER.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Winsock2 driver] EXPLORER.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/27c19d871cd1a376d100/netzip/RdxIE2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
1. Download, unzip and run Process Explorer and end process (kill) on the following:
C:\WINNT\System32\EXPLORER.exe2. Run HijackThis again and place a check in the box next to the following items.
Next, close all browser Windows, and have HT 'fix checked'.You Must restart your computer in safe mode when you're done.
O4 - HKLM\..\Run: [Winsock2 driver] EXPLORER.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] EXPLORER.exeOnce in safe mode delete:
C:\WINNT\System32\EXPLORER.exeReboot to Windows and run an online scan here, delete any files listed as infected.
0 
 |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
