Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
9 Posts
Discussion Starter · #1 ·
Hi Guys,

My regedit window won't stay open and I can't install NAV. I have run Ad-Aware. This is computer #3 of 4 that got hit by the Beagle virus, it ran through my network. Can you check out the log and advise?

Logfile of HijackThis v1.97.7
Scan saved at 3:46:24 PM, on 3/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ken Farabaugh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37985.5033333333
 

·
Registered
Joined
·
826 Posts
Check the following entry from HJT and click on fix

O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe

Then delete the file:
C:\WINDOWS\System32\winupd.exe

You may need to enable view hidden/system files - instructions below
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, if "access denied" or some other error comes up while you try to delete the file, you may need to delete it in safe mode - instructions below:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

PS: Extremely clean HJT log...
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top