Computer Tips -Tech Info

Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network. (There is no network card in this machine.) It’s important when working on an infested PC to leave it isolated so that it can’t continue to spread viruses or spam or whatever it may be doing. Assume if it’s infested with something that it could be spewing out bad stuff. If you must, isolated it and prevent it from routing to the outside world… the safest is usually to leave the cable unplugged for the initial look over.

Left net cable off, Booted and looked – installer icon in system tray which disappeared before I could get a tooltip for it. Looks spywareish… webshots (didn’t they bundle with spyware at some point?) Looking at msconfig – jawa32 looks suspect. SurfSidekick 2 (ssk.exe), ssdpsrv.exe (???), ylgril.exe, C:Program FilesVBouncerVBouncerInner.exe /S, C:WINDOWSSYSTEMpuswxc.exe, c:windowssystemsaie.exe, C:WINDOWSGuqvqmm.exe, C:WINDOWSXecrtyr.exe, C:WINDOWSaqadcup.exe, C:WINDOWSgoidr.exe, C:Program FilesCommon Filesslmssslmss.exe,C:PROGRA~1BMCENT~1BMLauncher.exe.(?)

So, in the above I’ve highlighted the running processes or startup entries that I don’t recognize right off, or don’t seem normal.

Running hijack this… and analyzing… (Log was included in previous post.)
Several BHO’s
jawa32.exe looks to be a trojan backdoor.agent.bg ??
Looks fairly infested… installing AVG and updating.

Got spybot S&D, ad-aware and bhodemon in the wings…. just in case…

AVG failed install… It gave an error accessing the registry…

Local machine: installation failed
Initialization:
Error: Checking of state of the item registry key HKLMSOFTWAREMicrosoftWindowsCurrentVersionAvg7RunOnceParams failed.
The configuration registry database is corrupt. (1009)

Time to use a working networked pc…

Popularity: 1% [?]

   Send article as PDF   

• Hard drive testing utilities Windows users know chkdsk, linux users know fsck... users of each MIGHT have heard of SMART. These are different ways of TESTING hard drives. Well, there's also a utility called TestDisk that looks promising for recovering data... Here's the clip from their site. "free data recovery software! It was primarily......
• Windows Police Pro Yes folks, it's Windows Police Pro, the gift that keeps on giving apparently. It's crawled back into Googles top searches tonight. If you want to see how to remove it look at Windows Police Pro Removal, you may be interested in Who is behind Windows Police Pro and probably will......
• C:\windows\system32\kernels64.exe not found On the next boot I was greeted with the above message C:\windows\system32\kernels64.exe not found please make sure the path......correct.... blah blah blah. Back to msconfig. Everything there now looks clean. I check the running processes, again everything there looks clean I don't see anything that I've been fighting. So, I......

• Fix Windows Registry Error For many people who do not know that their computer has on it, a registry cleaner can be a great idea. Oftentimes, people have computers for a year and two, and then begin to experience slower speeds when they are using it. This is not usually a problem with the......
• World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
• Pc Repair Using Registry Cleaners How can you speed up your pc when it starts slowing down? For you to fix this issue, you need to understand why it happens. Generally, slow operations on a PC are caused by a problem within the windows registry. This is the devote the pc system where all of......

Similar Posts

• Disinfecting a PC… part 3
• Disinfecting a PC… part 1
• Disinfecting a PC… part 10
• Disinfecting a PC… part 4
• Task manager has been disabled by your administrator

This entry was posted on Thursday, December 15th, 2005 at 1:07 am and is filed under Computers, Security, Spyware, Tech Support, Viruses, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.