Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

atiupdate - problems

1775 Views 23 Replies 4 Participants Last post by  Flrman1
J
I seem to have atiupdate on my startup menu for Windows 98 and this is really slowing down my computer. I've tried to disable but it won't go away.
Save
Like
Status
Not open for further replies.
1 - 5 of 24 Posts
Flrman1
I don't think the wcuninst.exe & uninstcc.exe files are a problem so leave those.

We'll deal with the Spybot problem later.

Let's see what your Hijack This log looks like now.
Save
Like
Flrman1
This looks like the peper trojan so before I get to the rest in your log do this:

Run this uninstaller to get rid of the peper.a trojan:

http://www.zerosrealm.com/downloads/uninst.exe

*Note: Just click on the uninst.exe and let it run. When it is finished it will just close. There will be no dialogue. Also you must be connected to the internet for the uninstaller to be effective.

Then post another log.
Save
Like
Flrman1
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ao.lop.com/passthrough/index.../www.yahoo.com/

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL

F1 - win.ini: run=C:\WINDOWS\svcpack.exe

O2 - BHO: (no name) - {211BFEA0-0194-11D8-82C3-444553540000} - C:\WINDOWS\SYSTEM\JJAVAEE.DLL

O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O4 - HKLM\..\Run: [[email protected]] C:\WINDOWS\SYSTEM\Jfm38U2.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\ATIUPDATE5.EXE

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_27/QDow.cab

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete:

The C:\WINDOWS\svcpack.exe file
The C:\WINDOWS\ATIUPDATE5.EXE file
The C:\WINDOWS\SYSTEM\Jfm38U2.exe file
See less See more
Save
Like
Flrman1
Let's see another Hijack This log first.
Save
Like
Flrman1
Fix this one again:

O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\ATIUPDATE5.EXE

Restart your computer.
Save
Like
1 - 5 of 24 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top