download.trojan

[Gäst idgadmin]

Hej alla viruskunniga.Mitt AV varnar mig konstant för ett virus som norton kallar: download.trojan. Norton hänvisar till en fil som heter:c:windows\system32\dgjmpsvy.dll Att ta bort eller lägga filen i karantän kan inte norton göra, eftersom programmet nekas åtkomst.

Jag har, trots att jag inte är säker på att det är rätt, försökt att ta bort filen manuellt. detta har dock misslyckats då jag nekas åtkomst.

Finns det någon vänlig själ som kan hjälpa mig?

//Robban

 

[inlägget ändrat 2004-09-11 18:48:34 av 13054]

[927]

 

jag skulle testa scanna i felsäkert läge

 

[Warwolf]

Hej och välkommen till PC Support.

Beroende på vilket operativsystem du kör med så kan du ta bort filen på lite olika sätt.

Om du har Windows 95/98 så kan du starta i DOS-läge och ta bort filen därifrån.

Samma sak kan du göra med alla andra operativsystem men det kräver att du har en Windows 98-startdiskett (ladda ner här http://www.bootdisk.com) och att filsystemet är FAT.

Ett annat alternativ är att starta datorn i felsäkert läge och ta bort filen. Du startar genom att trycka på tangenten F8 upprepade gånger precis innan Windows har startat (precis efter POST). Nu skall datorn starta ungefär som vanligt och det är bara att ta bort filen.

 

---------------------------------------

"Cheating is like masturbation. Feels good while you're doing it but once you're finished it only emphasizes how empty and shallow your life really is."

 

 

[Zipp.]

 

Ladda ner HijackThis och scanna datorn med det.

Skicka hit loggen sen.

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

 

[Gäst idgadmin]

Tack för svaren.

Jag har prövat att scanna i felsäkert läge,jag har prövat att radera filen i felsäkert läge. Och jag har prövat att boota med startdiskett och ta bort filen i ett dosfönster. Inget av det har hjälpt, ...åtkomst nekad.

Jag har scannat med HijackThis, men hur gör jag för att bifoga loggen?

 

[Malou_031]

Hej 13054

 

Gör enligt nedanstående:

 

 

OBS: Det finns en ny version av HiJack This Version 1.98.2

Den kommer zippad. Spara ner zippen till skrivbordet:

 

1: Skapa en mapp direkt under C:Enheten. Döp mappen till något lämpligt (EX: HiJack This).

2: Öppna zippen som du sparat på skrivbordet. Ta tag i HiJack This och flytta över den till den mapp du nyss skapade på C:Enheten.

OBS: Ej kopiera eller skapa genväg:

3: Sedan kasta zippen som du sparat på skrivbordet.

 

http://www.majorgeeks.com/download3155.html

 

Då du gjort ovanstående samt laddat ner HiJack This:

Gör så här:

Bara dubbelklicka så öppnas den. Klicka *scan* och knappen visar *save logfile*. Lägg den någonstans och en textfil kommer upp, kopiera den hit, så får du hjälp att tolka den. Det mesta i logfilen är nödvändiga komponenter, så fixa inget själv.

 

 

MVH/Malou

 

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

[927]

 

det står ju save log

 

[Gäst idgadmin]

 

Hej Malou

 

Jag måste vara korkad, för jag kan inte klistra in logfilen i svarsrutan. Vad gör jag för fel?

//Robban

 

[927]

 

kopierar du inte texten i loggfilen?

 

[Malou_031]

Hej 13054

Det är inte så lätt alla gånger *ler*

 

1: Öppna logg/textfilen -> Redigera -> Markera allt -> Nu blir texten blåfärgad.

2: Högerklicka någonstans i texten -> Välj "Kopiera".

3: Nu går du till svarsrutan där du skriver ditt inlägg -> Ställ markören någonstans i svarsrutan -> Högerklicka och välj "Klistra in"

 

Hoppas det här kan hjälpa dig *ler*

 

MVH/Malou

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

[Gäst idgadmin]

 

Så enkelt det är när man vet....

 

Datorn visste inte vilket program den skulle använda, och uppenbarligen inte jag heller till en början.

Här kommer loggen.

//Robban

 

Logfile of HijackThis v1.98.2

Scan saved at 22:11:59, on 2004-09-11

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\system32\id2scaps.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\PopOops\PopOops.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program\NORTON~1\navapw32.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program\Internet Explorer\iexplore.exe

C:\hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/2484/'>http://69.50.191.52/2484/sp.php'>http://69.50.191.52/2484/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/2484/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/'>http://login1.telia.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://login1.telia.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=041d&s=search&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/2484/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/2484/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/2484/search.php?qq=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=askcpqemea&c=3C00&lc=041d&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;;login1.telia.com;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [PopOops] C:\Program\PopOops\PopOops.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/se/win/QuickTimeInstaller.exe

O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E483} - http://www.dotcomtoolbar.com/toolbar_nieuw13.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094766252187

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FF69B1A5-5637-4F0A-9BFB-169B2DF1AA0F}: NameServer = 10.0.0.1,10.0.0.2

 

 

 

[927]

 

........

[inlägget ändrat 2004-09-11 22:55:56 av 927]

[inlägget ändrat 2004-09-11 22:58:30 av 927]

[Zipp.]

Ladda ner FINDnFIX.exe

 

http://downloads.subratam.org/FINDnFIX.exe

 

 

Dubbelklicka på FINDnFIX.exe och den installerar mappen FINDnFIX på datorn.

Öppna FINDnFIX mappen och dubbelklicka på !LOG!.bat och låt den scanna färdigt.

När den har färdigt scannat så kommer ut LOG.txt.

Skicka hit LOG.txt loggen.

 

[Gäst idgadmin]

Här kommer loggen.

Hoppas Du kan hjälpa mig.

//Robban

 

Sat 11 Sep 04 23:27:20

 

»»»»»»»»»»»»»»»»»»***LOG!***(*updated *9/1*)»»»»»»»»»»»»»»»»

 

*System:

Microsoft Windows XP Home Edition 5.1 Service Pack 1 (Build 2600)

*IE version:

6.0.2800.1106 SP1-Q324929-Q818529-Q330994-Q828750-Q824145-Q832894

 

 

 

MS-DOS version 5.00.500

 

*command.com test passed!

 

__________________________________

!!*Creating backups...!!

 

The operation completed successfully

23:27:20,21 2004-09-11

__________________________________

 

*Local time:

den 11 september 2004 (2004-09-11)

23:27, Västeuropa, normaltid

*Uptime:

23:27:22 up 0 days, 5:51:49

 

*Path:

C:\FINDnFIX

----------------------------------------------------

»»Member of...: ("ADMIN" logon + group match required!)

 

User is a member of group NIRO\Ingen.

User is a member of group \Alla.

User is a member of group BUILTIN\Administratörer.

User is a member of group BUILTIN\Användare.

User is a member of group \LOKAL.

User is a member of group NT INSTANS\INTERAKTIV.

User is a member of group NT INSTANS\Autentiserade användare.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

User: [NIRO\robban], is a member of:

 

BUILTIN\Administratörer

\Everyone

 

Running in WORKSTATION MODE.

 

SystemDrive is C:

SystemRoot is C:\WINDOWS

Logon Domain is NIRO

Administrator's Name is robban

Computer Name is NIRO

LOGON SERVER is \\NIRO

 

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»

The list will produce a small database of files that will match certain criteria.

Ex: read only files, s/h files, last modified date. size, etc.

The filters provided and registry scan should match the

corresponding file(s) listed.

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Unless the file match the entire criteria, it should not be pointed to remove

without attempting to confirm it's nature!

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!

If in doubt, always search the file(s) and properties according to criteria!

 

The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

 

______________________________________________________________________________

***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***

______________________________________________________________________________

 

......Scanning for file(s)...

*Note! The list(s) may include legitimate files!

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»»»» (*1*) »»»»» .........

»»Read access error(s)...

 

C:\WINDOWS\SYSTEM32\DGJMPSVY.DLL +++ File read error

\\?\C:\WINDOWS\System32\DGJMPSVY.DLL +++ File read error

 

»»»»» (*2*) »»»»»........

DGJMPSVY.DLL Can't Open!

WINF.DLL Can't Open!

 

»»»»» (*3*) »»»»»........

 

C:\WINDOWS\SYSTEM32 winf.dll Wed 2004-04-28 12.42.18 A...R 57 344 56,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57 344 bytes 56,00 K

 

unknown/hidden files...

 

No matches found.

 

»»»»» (*4*) »»»»».........

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\WINF.DLL

SNiF 1.34 statistics

 

Matching files : 1 Amount in bytes : 57344

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

 

»»»»»(*5*)»»»»»

¯ Access denied ® ..................... DGJMPSVY.DLL .....68096 09.09.2004

¯ Access denied ® ..................... WINF.DLL .....57344 28.04.2004

 

»»»»»(*6*)»»»»»

fgrep: can't open input C:\WINDOWS\SYSTEM32\DGJMPSVY.DLL

fgrep: can't open input C:\WINDOWS\SYSTEM32\WINF.DLL

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»»Search by size...

*List of files and specs according to 'size' :

*Note: Not all files listed here are infected, but *may include* the

name and spces of the offending file...

___________________________________________________________________________

Path: C:\WINDOWS\SYSTEM32 Including: *.DLL

 

1199. Winf Dll 57,344 . . R . A 4-28-04 12:42 pm

 

____________________________________________________________________________

*By size and date...

 

 

C:\WINDOWS\SYSTEM32 winf.dll Wed 2004-04-28 12.42.18 A...R 57 344 56,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57 344 bytes 56,00 K

 

No matches found.

 

No matches found.

 

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\WINF.DLL

SNiF 1.34 statistics

 

Matching files : 1 Amount in bytes : 57344

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

SNiF 1.34 statistics

 

Matching files : 0 Amount in bytes : 0

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

SNiF 1.34 statistics

 

Matching files : 0 Amount in bytes : 0

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

 

BHO search and other files...

 

fgrep: can't open input C:\WINDOWS\SYSTEM32\DGJMPSVY.DLL

fgrep: can't open input C:\WINDOWS\SYSTEM32\WINF.DLL

 

 

No matches found.

 

No matches found.

 

--*sp.html in temp folder was NOT FOUND!--

 

*Filter keys search...

REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html' (2)

 

--(*text/html Subkey was NOT FOUND!)--

 

REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain' (2)

 

--(*text/plain Subkey was NOT FOUND!)--

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Checking for AppInit_DLLs (empty) value...

________________________________

!"AppInit_DLLs"=""!

 

Value Matches

________________________________

 

»»Comparing *saved* key with *original*...

 

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

 

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

 

No differences found.

 

»»Dumping Values........

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_DLLs =

DeviceNotSelectedTimeout = 15

GDIProcessHandleQuota = REG_DWORD 0x00002710

Spooler = yes

swapdisk =

TransmissionRetryTimeout = 90

USERProcessHandleQuota = REG_DWORD 0x00002710

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Anv„ndare

(ID-IO) ALLOW Read BUILTIN\Anv„ndare

(ID-NI) ALLOW Full access BUILTIN\Administrat”rer

(ID-IO) ALLOW Full access BUILTIN\Administrat”rer

(ID-NI) ALLOW Full access NT INSTANS\SYSTEM

(ID-IO) ALLOW Full access NT INSTANS\SYSTEM

(ID-IO) ALLOW Full access SKAPARE ŽGARE

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Anv„ndare

Full access BUILTIN\Administrat”rer

Full access NT INSTANS\SYSTEM

 

 

 

»»Performing string scan....

00001150: vk f AppInit_DLLs G

00001190: h vk UDeviceNotSelectedTimeout 1 5

000011D0: ( W 9 0 vk ' zGDIProcessHandle

00001210:Quota" vk 8 Spooler2 y e s eded h

00001250: ` vk =pswapdisk vk

00001290: R TransmissionRetryTimeout h `

000012D0: vk ' USERProcessHandleQuota E ; u]

00001310: 40 H 9u u E E 9u t M u E K@VP u u } E

00001350: t VW M 9u b u ha C 9u

00001390: u f90 7 8 u 9u W Vh? V

000013D0:H VP c 8 E ] j j0 t j _j j t

00001410: E E 3 ) E ; t M 3 + E u e e E E

00001450: } E P , HtJ -+ e j @ Fu t F0j H ' =

00001490:2 H + u j j ? * Fu t W F0 H j ' *

000014D0: H } P u H V* 9E t 9E F* Nm =* Fq t7 E u!

00001510: E f% f= uo M j IX; w` E Fq t E a* ^ 1 H0t

00001550: 1 H t 1 H 3 PPPP u >^ P u B #s * * e

00001590: } ) M HQWV u u W c E E P Q ) u B

000015D0: =+ Fq ` 3 9] t# F`; t$ @ SP 9E

 

---------- WIN.TXT

fùAppInit_DLLsÖ?æG

--------------

--------------

$01180: AppInit_DLLs

$011AF: UDeviceNotSelectedTimeout

$011FF: zGDIProcessHandleQuota

$01298: TransmissionRetryTimeout

$012E8: USERProcessHandleQuota

--------------

--------------

No strings found.

 

--------------

--------------

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

.............

A handle was successfully obtained for the

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.

This key has 0 subkeys.

The AppInitDLLs value exists and reports as 2 bytes, including the 2 for string termination.

 

[AppInitDLLs]

Ansi string : ""

0000 00 00 | ..

-----------------------

 

»»»»»»Backups list...»»»»»»

23:29:37 up 0 days, 5:54:04

-----------------------

Sat 11 Sep 04 23:29:37

 

 

C:\FINDNFIX keyback.hiv Sat 2004-09-11 23.27.22 A.... 8 192 8,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 8 192 bytes 8,00 K

 

C:\FINDNFIX\KEYS1 winkey.reg Sat 2004-09-11 23.27.22 A.... 287 0,28 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 287 bytes 0,28 K

 

*Temp backups...

 

"C:\Documents and Settings\robban\Lokala inst„llningar\Temp\Backs2\"

keyback2.hi_ 2004-09-11 8192 "keyback2.hi_"

winkey2.re_ 2004-09-11 287 "winkey2.re_"

 

2 items found: 2 files, 0 directories.

Total of file sizes: 8 479 bytes 8,28 K

-D---- JUNKXXX 00000000 23:27.22 11/09/2004

A----- STARTIT .BAT 00000060 23:27.22 11/09/2004

 

________________________________________________________________________________

***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'

AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!

MINIMAL REQUIREMENTS INCLUDE:

_________XP HOME/PRO; SP1; IE6/SP1

_________2K/SP4; IE6/SP1

________________________________________________________________________________

»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»

-----END------

Sat 11 Sep 04 23:29:38

 

 

 

 

[Zipp.]

 

Datorn kommer att starta om så om du har något extra öppet så stäg det

 

Öppna FINDnFIX mappen

Öppna KEYS1 mapp

Dubbelklicka på FIX.bat och datorn startar på nytt.

 

När datorn har startat på nytt så leta efter DGJMPSVY.DLL klicka på filen och välj Klipp ut.

Sen går du till FINDnFIX mappen och öppnar junkxxx mappen och Klistra in filen dit.

Om nånting frågas så svara Ok.

Sen klicka på RESTORE.bat och ut kommer log2.txt.

Sicka hit log2.txt logg.

 

[Gäst idgadmin]

 

Hej Zipp

Jag följde dina instruktioner, men nekades åtkomst när jag skulle klistra in filen i junkxxx

 

//Robban

 

[Malou_031]

Undrar vart hjälpen tog vägen någonstans?????

 

MVH/Malou

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

[Zipp.]

 

Stäng av Norton Auto-Protect först och pröva sen igen.

 

[Gäst idgadmin]

 

Hej malou

jag vet inte.

Men problemet har jag kvar.

 

//Robban

 

[Malou_031]

Hej 13054

Jo, det förstår jag mycket väl att du har.

 

Jag avvaktar ett tag till så får vi se vad som händer *ler*

 

MVH/Malou

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

[Gäst idgadmin]

 

Hej Zipp Det funkade när jag stängde auto-protect. Här kommer loggen.

//Robban

Sun 12 Sep 04 20:50:12

 

»»»»»»»»»»»»»»»»»»***LOG2!(*updated *9/1*)***»»»»»»»»»»»»»»»»

 

*System:

Microsoft Windows XP Home Edition 5.1 Service Pack 1 (Build 2600)

*IE version:

6.0.2800.1106 SP1-Q324929-Q818529-Q330994-Q828750-Q824145-Q832894-Q867801-Q823353

 

 

___________________________________________

!!Restoring backups!!

 

The operation completed successfully

 

The operation completed successfully

20:50:10,81 2004-09-12

___________________________________________

 

*Local time:

den 12 september 2004 (2004-09-12)

20:50, Västeuropa, normaltid

*Uptime:

20:50:13 up 0 days, 0:06:08

 

*path:

C:\FINDnFIX

Running in WORKSTATION MODE.

 

SystemDrive is C:

SystemRoot is C:\WINDOWS

Logon Domain is NIRO

Administrator's Name is robban

Computer Name is NIRO

LOGON SERVER is \\NIRO

------------------------------------------

 

 

This log will confirm if the file was successfully moved, and/or

the right file was selected...

 

Scanning for file(s) in System32...

 

»»»»»»» (1) »»»»»»»

\\?\C:\WINDOWS\SYSTEM32\WINF.DLL +++ File read error

C:\WINDOWS\System32\WINF.DLL +++ File read error

 

»»»»»»» (2) »»»»»»»

WINF.DLL Can't Open!

 

»»»»»»» (3) »»»»»»»

 

C:\WINDOWS\SYSTEM32 winf.dll Wed 2004-04-28 12.42.18 A...R 57 344 56,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57 344 bytes 56,00 K

Unknown/hidden files...

 

No matches found.

 

»»»»»»» (4) »»»»»»»

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\WINF.DLL

SNiF 1.34 statistics

 

Matching files : 1 Amount in bytes : 57344

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

 

»»»»»(5)»»»»»

¯ Access denied ® ..................... WINF.DLL .....57344 28.04.2004

 

»»»»»(6)»»»»»

fgrep: can't open input C:\WINDOWS\SYSTEM32\WINF.DLL

 

»»»»»»» Search by size And Date...

 

*List of files specs according to size:

*Note: Not all files listed here are infected!

____________________________________________________________________________

Path: C:\WINDOWS\SYSTEM32 Including: *.DLL

 

1201. Winf Dll 57,344 . . R . A 4-28-04 12:42 pm

 

____________________________________________________________________________

 

C:\WINDOWS\SYSTEM32 winf.dll Wed 2004-04-28 12.42.18 A...R 57 344 56,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57 344 bytes 56,00 K

 

No matches found.

 

No matches found.

 

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\WINF.DLL

SNiF 1.34 statistics

 

Matching files : 1 Amount in bytes : 57344

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

SNiF 1.34 statistics

 

Matching files : 0 Amount in bytes : 0

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

SNiF 1.34 statistics

 

Matching files : 0 Amount in bytes : 0

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.DLL

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

BHO search and other files...

 

fgrep: can't open input C:\WINDOWS\SYSTEM32\WINF.DLL

 

 

No matches found.

 

No matches found.

 

 

No matches found.

 

--*sp.html in temp folder was NOT FOUND!--

 

*Filter keys search...

REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html' (2)

 

--(*text/html Subkey was NOT FOUND!)--

 

REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain' (2)

 

--(*text/plain Subkey was NOT FOUND!)--

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»»*»»» Scanning for moved file... »»»*»»»

 

 

 

C:\FINDNFIX\JUNKXXX dgjmpsv.333 Sun 2004-09-12 20.20.04 A.... 68 096 66,50 K

dgjmpsvy.333 Sun 2004-09-12 20.31.40 A.... 68 096 66,50 K

 

2 items found: 2 files, 0 directories.

Total of file sizes: 136 192 bytes 133,00 K

 

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\FINDNFIX\JUNKXXX\DGJMPSV.333

Sniffed -> C:\FINDNFIX\JUNKXXX\DGJMPSVY.333

SNiF 1.34 statistics

 

Matching files : 2 Amount in bytes : 136192

Directories searched : 1 Commands executed : 0

 

Masks sniffed for: *.*

 

**File C:\FINDNFIX\JUNKXXX\DGJMPSV.333

**File C:\FINDNFIX\JUNKXXX\DGJMPSVY.333

 

A----- DGJMPSV .333 00010A00 20:20.04 12/09/2004

A----- DGJMPSVY.333 00010A00 20:31.40 12/09/2004

 

Analyzer v1.36 by Boogie Copyright © 1997 ESP Team

Files: C:\FINDNFIX\JUNKXXX\*.*

Ä

DGJMPSV.333 MS Windows 95 / Windows NT Exe

DGJMPSVY.333 MS Windows 95 / Windows NT Exe

Ä

 

 

Volume: None * DDIR * 8:52 pm | Sun, 9-12-04

Ser #: F4E0-99DB DOS Ver. 5.00 4% Used space

Path: C:\FINDNFIX\JUNKXXX All files selected

 

1. Dgjmpsv 333 68,096 . . . . A 9-12-04 8:20 pm

2. Dgjmpsvy 333 68,096 . . . . A 9-12-04 8:31 pm

 

No. of files: 2 | List size: 136,192

Disk size: 976.5 M | Actual spc: 260,096

Bytes free: 979,716,608 | Wasted space: 123,904

 

c:\findnfix\junkxxx\dgjmpsv.333

--a-- W32i - - - - 68,096 09-12-2004 dgjmpsv.333

c:\findnfix\junkxxx\dgjmpsvy.333

--a-- W32i - - - - 68,096 09-12-2004 dgjmpsvy.333

A C:\FINDnFIX\junkxxx\dgjmpsv.333

A C:\FINDnFIX\junkxxx\dgjmpsvy.333

 

CHK-SAFE.EXE Ver 2.51 by Bill Lambdin Don Peters and Robert Bullock.

MD5 Message Digest Algorithm by RSA Data Security, Inc.

 

File name Size Date Time MD5 Hash

________________________________________________________________________

DGJMPSV.333 68096 09-12-104 20:20 2613f9159cf2af041ba9b04282e601f4

DGJMPSVY.333 68096 09-12-104 20:31 2613f9159cf2af041ba9b04282e601f4

 

CRC-Cyclic Redundancy Checker, Version 1.20, 08-Feb-92, rtk

 

C:\FINDNFIX\JUNKXXX

DGJMPSV.333 : crc16=3957 crc32=F18E0BC2

DGJMPSVY.333: crc16=3957 crc32=F18E0BC2

 

File:

CRC-32 : F18E0BC2

MD5 : 2613F915 9CF2AF04 1BA9B042 82E601F4

 

File:

CRC-32 : F18E0BC2

MD5 : 2613F915 9CF2AF04 1BA9B042 82E601F4

 

 

#######################################################

*Known files are...

--------------------

File: ((56k; (57,344 bytes)

CRC-32 : D5C9FB2E

MD5 : C185B36F 9969D3A6 D2122BA7 CBC02249

--------------------

File: ((35k; (35,840 bytes)

CRC-32 : 33081C8B

MD5 : 1DE9A8E2 4C826006 7A479B09 577D9CAE

--------------------

File: ((21k; (21,504 bytes)

CRC-32 : 2258F59E

MD5 : EFEE2CB3 B342A351 51802356 9637F8E6

#######################################################

»»Permissions:

C:\FINDnFIX\junkxxx\dgjmpsv.333 NT INSTANS\SYSTEM:F

BUILTIN\Administratörer:F

BUILTIN\Användare:R

 

C:\FINDnFIX\junkxxx\dgjmpsvy.333 NT INSTANS\SYSTEM:F

BUILTIN\Administratörer:F

BUILTIN\Användare:R

 

Directory "C:\FINDnFIX\junkxxx\."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT INSTANS\SYSTEM

Allow 0000000B -co- 10000000 ---A ---- ---- \SKAPARE ÄGARE

Allow 00000003 tco- 001F01FF ---- DSPO rw+x BUILTIN\Administratörer

Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Användare

Allow 00000002 tc-- 00000002 ---- ---- -w-- BUILTIN\Användare

Allow 00000003 tco- 001200A9 ---- -S-- r--x BUILTIN\Användare

Allow 00000000 t--- 001F01FF ---- DSPO rw+x NIRO\robban

Allow 00000013 tco- 001F01FF ---- DSPO rw+x BUILTIN\Administratörer

Allow 00000013 tco- 001F01FF ---- DSPO rw+x NT INSTANS\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NIRO\robban

Allow 0000001B -co- 10000000 ---A ---- ---- \SKAPARE ÄGARE

Allow 00000013 tco- 001200A9 ---- -S-- r--x BUILTIN\Användare

Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Användare

Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Användare

 

Owner: NIRO\robban

 

Primary Group: NIRO\Ingen

 

Directory "C:\FINDnFIX\junkxxx\.."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x BUILTIN\Administratörer

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT INSTANS\SYSTEM

Allow 00000000 t--- 001F01FF ---- DSPO rw+x NIRO\robban

Allow 0000000B -co- 10000000 ---A ---- ---- \SKAPARE ÄGARE

Allow 00000003 tco- 001200A9 ---- -S-- r--x BUILTIN\Användare

Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Användare

Allow 00000002 tc-- 00000002 ---- ---- -w-- BUILTIN\Användare

 

Owner: NIRO\robban

 

Primary Group: NIRO\Ingen

 

File "C:\FINDnFIX\junkxxx\dgjmpsv.333"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT INSTANS\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administratörer

Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Användare

 

Owner: BUILTIN\Administratörer

 

Primary Group: NT INSTANS\SYSTEM

 

File "C:\FINDnFIX\junkxxx\dgjmpsvy.333"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT INSTANS\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administratörer

Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Användare

 

Owner: BUILTIN\Administratörer

 

Primary Group: NT INSTANS\SYSTEM

 

C:\FINDnFIX\junkxxx\dgjmpsv.333;NT INSTANS\SYSTEM:F

C:\FINDnFIX\junkxxx\dgjmpsv.333;BUILTIN\Administrat”rer:F

C:\FINDnFIX\junkxxx\dgjmpsv.333;BUILTIN\Anv„ndare:RX

C:\FINDnFIX\junkxxx\dgjmpsvy.333;NT INSTANS\SYSTEM:F

C:\FINDnFIX\junkxxx\dgjmpsvy.333;BUILTIN\Administrat”rer:F

C:\FINDnFIX\junkxxx\dgjmpsvy.333;BUILTIN\Anv„ndare:RX

 

 

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Checking for AppInit_DLLs (empty) value...

________________________________

!"AppInit_DLLs"=""!

 

Value Matches

________________________________

 

»»Comparing *saved* key with *original*...

 

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

 

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

 

No differences found.

 

»»Dumping Values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

DeviceNotSelectedTimeout = 15

GDIProcessHandleQuota = REG_DWORD 0x00002710

Spooler = yes

swapdisk =

TransmissionRetryTimeout = 90

USERProcessHandleQuota = REG_DWORD 0x00002710

AppInit_DLLs =

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Anv„ndare

(ID-IO) ALLOW Read BUILTIN\Anv„ndare

(ID-NI) ALLOW Full access BUILTIN\Administrat”rer

(ID-IO) ALLOW Full access BUILTIN\Administrat”rer

(ID-NI) ALLOW Full access NT INSTANS\SYSTEM

(ID-IO) ALLOW Full access NT INSTANS\SYSTEM

(ID-IO) ALLOW Full access SKAPARE ŽGARE

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Anv„ndare

Full access BUILTIN\Administrat”rer

Full access NT INSTANS\SYSTEM

 

 

 

00001150: d vk UDeviceNotSelecte

00001190:dTimeout 1 5 ( W h vk ' zGDIProce

000011D0:ssHandleQuota" 9 0 vk Spooler2

00001210: y e s eded vk =pswapdisk h

00001250: X vk R TransmissionRetryTimeout vk

00001290: ' USERProcessHandleQuota h X

000012D0: vk f AppInit_DLLs G

00001310: M i c r

00001350:o s o f t . W i n d o w s . C o m m o n - C o n t r o l s , p r

00001390:o c e s s o r A r c h i t e c t u r e = " x 8 6 " , p u b l i c

000013D0:K e y T o k e n = " 6 5 9 5 b 6 4 1 4 4 c c f 1 d f " , t y p e

00001410:= " w i n 3 2 " , v e r s i o n = " 6 . 0 . 2 6 0 0 . 1 5 1 5 "

00001450:C : \ W I N D O W S \ W i n S x S \ M a n i f e s t s \ x 8 6 _

00001490:M i c r o s o f t . W i n d o w s . C o m m o n - C o n t r o l

000014D0:s _ 6 5 9 5 b 6 4 1 4 4 c c f 1 d f _ 6 . 0 . 2 6 0 0 . 1 5 1 5

00001510:_ x - w w _ 7 b b 9 8 b 8 a . M a n i f e s t x 8 6 _ M i c r

00001550:o

 

---------- NEWWIN.TXT

fùAppInit_DLLsÖ?æG

--------------

--------------

$0117F: UDeviceNotSelectedTimeout

$011C7: zGDIProcessHandleQuota

$01270: TransmissionRetryTimeout

$012A0: USERProcessHandleQuota

$012F0: AppInit_DLLs

--------------

--------------

Microsoft.Windows.Common-Controls,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.2600.1515"C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a.Manifest

x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a

comctl32.dll

ToolbarWindow32

6.0.2600.1515!ToolbarWindow32

comctl32.dll

ComboBoxEx32

6.0.2600.1515!ComboBoxEx32

comctl32.dll

msctls_trackbar32

6.0.2600.1515!msctls_trackbar32

comctl32.dll

msctls_updown32

6.0.2600.1515!msctls_updown32

comctl32.dll

msctls_progress32

6.0.2600.1515!msctls_progress32

comctl32.dll

msctls_hotkey32

6.0.2600.1515!msctls_hotkey32

comctl32.dll

msctls_statusbar32

6.0.2600.1515!msctls_statusbar32

comctl32.dll

SysHeader32

6.0.2600.1515!SysHeader32

comctl32.dll

SysListView32

6.0.2600.1515!SysListView32

comctl32.dll

SysTreeView32

6.0.2600.1515!SysTreeView32

comctl32.dll

SysTabControl32

6.0.2600.1515!SysTabControl32

comctl32.dll

SysIPAddress32

6.0.2600.1515!SysIPAddress32

comctl32.dll

--------------

--------------

d.... 0 Sep 11 23:27 .

d.... 0 Sep 11 23:27 ..

....a 68096 Sep 12 20:20 dgjmpsv.333

....a 68096 Sep 12 20:31 dgjmpsvy.333

 

4 files found occupying 133120 bytes

 

 

===============================================================================

136,192 bytes 13,619,200 cps

Files: 2 Records: 31,990 Matches: 0 Elapsed Time: 00:00:00.01

 

VDIR v1.00

Path: C:\FINDNFIX\JUNKXXX\*.*

---------------------------------------+---------------------------------------

.

..

---------------------------------------+---------------------------------------

4 files totaling 136192 bytes consuming 260096 bytes of disk space.

6638080 bytes available on Drive C: No volume label

 

...File dump...

 

 

Detecting...

C:\FINDnFIX\junkxxx

dgjmpsv.333 ACL has 3 ACE(s)

SID = NT INSTANS/SYSTEM S-1-5-18

ACE 0 is an ACCESS_ALLOWED_ACE_TYPE

ACE 0 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN

SID = BUILTIN/Administratörer S-1-5-32-544

ACE 1 is an ACCESS_ALLOWED_ACE_TYPE

ACE 1 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN

SID = BUILTIN/Användare S-1-5-32-545

ACE 2 is an ACCESS_ALLOWED_ACE_TYPE

ACE 2 mask = 0x001200a9 -R -X

ACL done...

 

 

dgjmpsvy.333 ACL has 3 ACE(s)

SID = NT INSTANS/SYSTEM S-1-5-18

ACE 0 is an ACCESS_ALLOWED_ACE_TYPE

ACE 0 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN

SID = BUILTIN/Administratörer S-1-5-32-544

ACE 1 is an ACCESS_ALLOWED_ACE_TYPE

ACE 1 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN

SID = BUILTIN/Användare S-1-5-32-545

ACE 2 is an ACCESS_ALLOWED_ACE_TYPE

ACE 2 mask = 0x001200a9 -R -X

ACL done...

 

Finished Detecting...

=========================================

68096 C:\FINDnFIX\junkxxx\dgjmpsv.333 Administratörer

68096 C:\FINDnFIX\junkxxx\dgjmpsvy.333 Administratörer

136192 C:\FINDnFIX\junkxxx (DIR Total)

 

Owner No. Files Total Size

=========================================

Administratörer 2 136192

________________________________________________________________________________

***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'

AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!

MINIMAL REQUIREMENTS INCLUDE:

_________XP HOME/PRO; SP1; IE6/SP1

_________2K/SP4; IE6/SP1

________________________________________________________________________________

»»»»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»»»

Sun 12 Sep 04 20:52:24

-----END-----

 

 

 

[Zipp.]

 

Öppna FINDnFIX mappen.

Öppna FILES2 mappen.

Klicka på ZIPZAP.bat och den fixar resten och gör en zippad kopia av filen i samma mapp som heter junkxxx.zip och öppnar din E-mail.

Sen dra med musen junkxxx.zip:en i mailen och skicka den till adressen som finns där.

 

Men stäg av Nortons Email scanning före du skickar iväg mailen.

 

Skicka med den här link med mailen

 

http://pcsupport.idg.se/viewmsg.asp?EntriesId=397238

 

 

Sen starta om datorn och ta bort FINDnFIX mappen.

 

 

Efter det gör du om hela proceduren likadant med filen

 

WINF.DLL

 

 

 

 

 

 

 

 

[Gäst idgadmin]

 

Hej zipp

Jag vet inte hur jag kan tacka Dig, ditt tålamod är beundransvärt med en datornovis som jag.Jag har skickat iväg zip:en som Du bad mig göra.Hur fungerar det här med att ge poäng, ska jag markera på ditt inlägg. Berätta hur jag gör så ska du få så många poäng jag kan ge dig.

Stort tack även till alla andra som engagerade sig i mitt problem.

 

//En nu mera virusfri Robban

 

 

[Zipp.]

 

Har du gjort allting likadant med WINF.DLL filen som du gjorde med DGJMPSVY.DLL ?

 

I så fall skicka en ny Hijack logg den måste också putsas

 

[927]

 

om du installerar ett program som heter spywareblaster 3.2 så är chansen står att du slipper liknade problem