Results 1 to 14 of 14
Thread: .
Hybrid View
-
16th August 2004 13:35 #1Registered User
Join Date: Aug:2002
Posts: 1,145
.
- w32/Agent.AB , . 5 , . . - 30 . sqllg.dll windows\system32. . . , .
Hijack sqllg.dll /O20/ , , . . /NTFS/ . , , , , .
???
-
16th August 2004 13:44 #2Gigabyte X570 AORUS Ultra | 5950X | Arctic Liquid Freezer II 240 | Corsair Vengeance LPX 2x8GB 3200Mhz | Samsung 980 Pro 1TB + Samsung 970 Pro 1TB | Gigabyte AORUS GeForce RTX 3080 Ti Master 12GB | Fractal Design Meshify C Dark TG | Corsair AX860i | Samsung U32H850 32" 4K
-
16th August 2004 13:45 #3
-
16th August 2004 13:47 #4Registered User
Join Date: Aug:2004
Location:
Posts: 9
thread-, , . removal tool , .
, .
-
16th August 2004 17:16 #5Registered User
Join Date: Aug:2002
Posts: 1,145
dellater . .
safe mode .
. .
removal tool , .
.
-
16th August 2004 18:42 #6
-
16th August 2004 19:57 #7
-
16th August 2004 20:12 #8Registered User
Join Date: Aug:2002
Posts: 1,145
rm: cannot remove: read-only fileOriginally posted by subn3t
? 4 .
#rm -rf imenafail
could not delete file /mnt/hda5/.....
-
16th August 2004 20:25 #9Registered User
Join Date: Aug:2002
Posts: 1,145
Logfile of HijackThis v1.98.2
Scan saved at 20:19:12, on 16.8.2004 .
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\PDesk\PDesk.exe
D:\Program Files\FSI\F-Prot\F-StopW.EXE
D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
D:\WINDOWS\System32\mgabg.exe
D:\Documents and Settings\\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msc onfig.exe /auto
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [F-StopW] D:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - Global Startup: gwum.lnk = D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
-
16th August 2004 21:02 #10Banned
Join Date: Jan:2004
Location: Montreal
Posts: 373
O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
Hjack ,
HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows .
-
16th August 2004 21:44 #11Registered User
Join Date: Aug:2002
Posts: 1,145
,Originally posted by lada_1500
O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
Hjack ,
HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows .
.
, . - , , .
safe mode HEY_LOCAL_MACHINE\Software\Microsoft\Win dows NT\CurrentVersion\Windows Appinit_DLLs ,
sqllg.dll , (ab)AppInit_DLLs . , - - . - , - . sqllg.dll - : " D:\WINDOWS\System32\sqllg.dll Infection: W32/Agent.AB " 2 7-8 . Hijack , .
-
16th August 2004 22:04 #12Banned
Join Date: Jan:2004
Location: Montreal
Posts: 373
E ( symantec)
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
Rename the subkey:
"Windows"
to
"Windows1"
Wait approximately 5 seconds.
Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows1
In the right pane, double-click the following registry value name:
"AppInit_DLLs"
and delete the following text from the contents of the Value Data box:
%System%\<DLL filename>.dll
Restart the computer.
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
Rename the subkey:
"Windows1"
to
"Windows"
Exit the Registry Editor.
Restart the computer
-
17th August 2004 05:25 #13Registered User
Join Date: Aug:2002
Posts: 1,145
_1500.
. . Windows1 Windows , .
sqllg.dll . 15.04.2004 , 54 , . , Windows , . regsvr32 /u . safe mode , , , troyan remover .
.
-
17th August 2004 10:36 #14




Reply With Quote
...
7th May 2023, 14:24 in