Home > Here S A > Here's A Problem That I Can't Get Rid Of (w/ HijackThis Log)

Here's A Problem That I Can't Get Rid Of (w/ HijackThis Log)

Kol April 6, 2010 Vinz Hi all, I had problems with wmpscfgs on my win7 ultimate x64, even if I was running mbam and antivr personal 10; I found wmpscfgs.exe in it is group policy setting - gpedit.msc -> user config -> Admin Templates -> System -> prevent access to registry editing tools -> make it disabled or not configured. 2. Good luck. by zeebell / October 10, 2008 11:36 AM PDT In reply to: I never ran Avira AntiRootkit...... this contact form

This file was approximately 30Kb and after removing it while in the "Safe" mode and rebooting, the pop-ups disappeared. I went into msconfig and unchecked all startup apps. This is the reason why Microsoft Security Essentials was complaining that your startup executable files are viruses. Logfile of HijackThis v1.98.2 Scan saved at 12:26:07 AM, on 9/10/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe

I went to all my frequently visited sites and lo and behold, it's right here in our own backyard!Julea Flag Permalink This was helpful (0) Collapse - LOL - that was But the virus will just come back after a reboot. Message Insert Code Snippet Alt+I Code Inline Code Link H1 H2 Preview Submit your Reply Alt+S Related Articles Alternative to Windows Indexing - 3 replies How does "real time collaborative coding" Open up regedit and go to: HKLM->Software -> Microsoft -> Windows -> CurrentVersion –> Run Look for Adobe_reader entry with data: "%ProgramFiles%\Internet Explorer\wmpscfgs.exe".

I'm about all scanned out for today -- yikes, never spent so much scanning in my life and it's been an education!One utility I've not tried is Hijack This -- I Reboot and that's it! just thought i would warn you all, i think that my warning would only affect those that actually use Windows Media Player. You first need to kill the corresponding process of the infected file if they are running in task manager, manually remove the existing .exe file which is around 39KB only and

I wrote a rule to stop wmpscfgs.exe in ie's dir using the Local Security Policy of the Administrative Tools so my 2 cents: 1.reboot in safe mode (no bad process will Never found something better explained :-) Tomorrow I will reinstall that thing with a running sysdiff to check out what it really changes. Be sure to adhere to our posting rules. windows-virus This article has been dead for over six months.

On my machine (XP) the virus infected rundll32 (which always runs at windows startup). As to where it comes from : I've caught the bastard from WTSO.net Quite some of the videos there are infected with this and a couple of other virusses. March 6, 2010 Gooch ANiz, i had the regedit locked out as well. It will then create a copy of itself with the same filename as your executable file so that when someone executes your file, the virus will be executed first then your

This is what worked for me, so hopefully it will work for others. look at this site Waiting for things to happen. 0 OPDiscussion Starter raphaeln 11 Years Ago This has solved the problems!!! I just got a new router thinking that was the problem well now I am second guessing myself becuase it is doing the same thing again. Delete them.

So Where should I go from here I am still getting attacked by hackers. 0Votes Share Flag Collapse - How much time? by Marianna Schmudlach / October 10, 2008 2:10 AM PDT In reply to: This is strange! Even after replacing rundll32 with the correct version the virus still overwrote this with the corrupt version. a.

Short URL to this thread: https://techguy.org/298851 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? April 17, 2010 Jenkins This was one hell of a nasty trojan, never seen anything like it before. I had a horrible time with this virus for a number of hours. by Tig2 · 10 years ago In reply to Here are some steps to ta ...

by zeebell / October 10, 2008 4:07 AM PDT In reply to: You can :) You know, I've been coming to cnet for several years (I think about 10) and you Because you have to visit each one of them literally because this virus hijacks almost every application in the RUN list above. Ah, well, I'll keep trying!Thanks for all the help, everyone!

I tried this (and i'm running win7) only the virus is somehow blocking my acces into regedit.

Post the results back here. Is there anything else that I could try to get rid of the virus. I removed all of these to be safe and have had no problems. If you need it reopened, please send a PM to one of our Mods.

March 4, 2010 aNiZ Any more advice for people who are denied access to regedit? Then just run this whenever the task manager won't come up for you. Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. March 19, 2010 dustnc Also for those of you who are having problems getting into safe mode, try selecting safe mode with command prompt.

Started by countbleck, June 20, 2010 12 posts in this topic countbleck 0 Newbie Members 0 4 posts Posted June 20, 2010 · Report post I understand this is a The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Staff Online Users More Activity All Activity My Activity Streams Unread Content Content I Started Search More Back to top #7 C177BPilot C177BPilot Topic Starter Members 4 posts OFFLINE Local time:03:53 PM Posted 16 February 2008 - 11:09 PM Thanks for all your help, Teacup!Hijackthis log after

Advertisement The_Reaper Thread Starter Joined: Nov 19, 2004 Messages: 4 Well the problem is that pop-ups are always popping up even if I am not browsing the internet, also about 6 If you want, just copy and paste the individual lines to the command prompt to save typing them in. =============== Run HiJackThis, click "Scan", then check(tick) the following, if present: R1 I got rid of it again. Please note that your topic was not intentionally overlooked.

Thanks again for the help and i hope i dont have to format to fully get rid of this pesky bugger :| -Jenkins April 19, 2010 The.Hanyeé This nasty little bugger Uncheck the rest. by zeebell / October 10, 2008 10:51 AM PDT In reply to: Thanks and Kudos to you Marianna!