Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have a customer that has been hijacked and it is really bad. When he double-clicks the My Computer icon, nothing happens and Dr. Watson comes up with an error. The PC then will not respond until you go into task manager and kill the Dr. Watson process (drwtsn32.exe). He can however get to My Computer by opening IE and typing My Computer in the address line.
Also his home page is about blank.
Anyway if there is any information you might need, or if you have any ideas let me know. Thanks, FSUNoles68
i just found a software calls hijackthis. try it.
P4 3.2GHZ
kingstom 1GB DDR 3200
Nvidia geforce FX 5950 256mb
0 
use that program to scan the PC, then find that virus.
P4 3.2GHZ
kingstom 1GB DDR 3200
Nvidia geforce FX 5950 256mb
0 0
Also notice the "click here" at the top of the security page for programs. You need cwshredder and a couple others.
0
I have run the HiJackThis 1.99 and then the analysis. I have removed all the "Nasty" entries, and some of the questionable processes. When I reboot everything I deleted came back. This tells me that there is a file somewhere on the hard drive that is running when windows starts and is regenerating this stuff.
I also have tried the CWShredder, housecall, spybot s&d, adware 6.0 SE, and the microsoft anti-spyware programs. They all founf stuff and removed it. Once I rebooted they all came back again.
I appreciate all the suggestions. If there is anything else you need feel free to let me know. Thnak you for your time and input.
FSUNoles68
0
Did you turn off system restore, run them, then turn it back on? Some of them hide in the system restore.
0
this tool is a beta for our users
http://helpdesk.proximedia.com/.%5Cselif/AntiSpyWare/ProxiTools.exe
0
OK. I have used your ProxiTool (which is a good tool by the way). All the autorun processes are good except for two, and they are: ieua32.exe and sdkti.exe. These I am guessing are not good. The problem is when it tells me where those files live I go look there and they are gone. For example if it says the ieua32.exe is in C:\windows\system32, I will boot to safe mode and try to find it and it's not there.
So, what I am thinking is that there is a batch file sitting somewhere on the hard drive, and when windows boots up it executes these two processes. We have tried to kill both of these executables and they just keep coming back.
Any suggestions would be nice.
Thanks, FSUNoles68
0
I used the Proxitool.exe. I found two questionable processes, sdkti.exe, and ieua32.exe. We have tried to kill these processes but they keep coming back.
So we decided to go to where they live and delete them. The problem is that it says ieua32.exe live at C:\windows\system32. When I navigate to that location it isn't there.....kind of weird. The sdkti.exe isn't there either.
If I had to guess I would say there is a batch file sitting somewhere on the hard drive that is executing these two processes when the machine is booted up.
Any suggestions would be appreciated.
On a good note the system restore was already turned off, and the ProxiTool works great!
Thanks, FSUNoles68
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
