I've run HijackThis 1.99 and below is the log it created. If someone could help me identify the malware I could probably find instructions for it's removal.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.24.74.3:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSIE: Internet Explorer v6.00 SP2 (.2180)Ĭ:\Program Files\Network Associates\Common Framework\FrameworkService.exeĬ:\Program Files\Network Associates\VirusScan\mcshield.exeĬ:\Program Files\Network Associates\VirusScan\vstskmgr.exeĬ:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEĬ:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exeĬ:\Program Files\Analog Devices\SoundMAX\spkrmon.exeĬ:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeĬ:\Program Files\RealVNC\VNC4\WinVNC4.exeĬ:\Program Files\Network Associates\VirusScan\SHSTAT.EXEĬ:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exeĬ:\Program Files\Network Associates\Common Framework\UpdaterUI.exeĬ:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeĬ:\Program Files\Webroot\Spy Sweeper\SSU.EXEĬ:\Program Files\Mozilla Firefox\firefox.exe
Runemate icon pdf#
O2 - BHO: Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *. O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll #Runemate bot keeps popping up pdf C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc.
Runemate icon driver#
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - c:\oracle\ora92\BIN\ONRSD.EXE O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\oracle\ora92\bin\omtsreco.exe #Runemate bot keeps popping up driver You may want to print this or save it to notepad as we will go to safe mode.įix these with HiJackThis – mark them, close IE, click fix checked O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:ĭouble-click on Killbox.exe to run it.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file.
Runemate icon full#
#Runemate bot keeps popping up fullĬontinue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. Note: It is possible that Killbox will tell you that one or more files do not exist. Please give feedback on what worked/didn’t work and the current status of your system Not all temp files will delete and that is normalīoot and post a new hijack log from normal NOT safe mode START – RUN – type in %temp% - OK - Edit – Select all – File – Deleteĭelete everything in the C:\Windows\Temp folder or C:\WINNT\temp If that happens, just continue on with all the files.
0 kommentar(er)
