Technology Virus Help
- Thread starter imported_MAKaveli_10
- Start date
One trick you could do which is very clever is this**: Click on properties the SE.dll and change the settings to read only. That way it won't execute itself. Also, for that added effect, try moving it from the windows/temp folder, that may work it treat.
**This sometimes works with quite a few .dll files and sometimes it doesn't. So I'm not promising anything. Good luck.
**This sometimes works with quite a few .dll files and sometimes it doesn't. So I'm not promising anything. Good luck.
Looots of stuff to get rid of. Remove the following.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-everything.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSF281.TMP\swicdad.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Unsure about these, I'll ask around. Leave them for now.
O2 - BHO: Class - {188BCF6F-8B98-2D7A-2B7B-57FB0AF76EAF} - C:\WINDOWS\SYSTEM\APITL.DLL
O2 - BHO: (no name) - {3F39C922-A3B5-11D9-91CC-000F002B9ED0} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/html - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/plain - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-everything.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSF281.TMP\swicdad.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Unsure about these, I'll ask around. Leave them for now.
O2 - BHO: Class - {188BCF6F-8B98-2D7A-2B7B-57FB0AF76EAF} - C:\WINDOWS\SYSTEM\APITL.DLL
O2 - BHO: (no name) - {3F39C922-A3B5-11D9-91CC-000F002B9ED0} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/html - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/plain - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
That's because you have a browser hijacker. Have you removed what I told you to remove?
With regards to the other entries, I would delete them but make a backup.
I've never seen them in a log before and they don't show up in a web search, implying to me that they're not common, benign files.
Malware often generates randomly-named files, and because you are infected with spyware that's probably the case.
With regards to the other entries, I would delete them but make a backup.
I've never seen them in a log before and they don't show up in a web search, implying to me that they're not common, benign files.
Malware often generates randomly-named files, and because you are infected with spyware that's probably the case.
Donate
Any donations will be used to help pay for the site costs, and anything donated above will be donated to C-Dub's son on behalf of this community.
Members online
No members online now.