Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bad Infection Any better suggestions

Status
Not open for further replies.
ebarratt

ebarratt

Programmer
Apr 10, 2002
53
US
Ok so I was on a service call today for an OS Service. Client had 105 processes running on a windows xp machine completely updated with sp 2 and all. Most of them were viri/spyware. I completely cleaned the machine out of all traces of spyware and tuned it up perfect. I did run into one complication with a spyware program. It would load up in windows logon service in normal and safe mode. I could not delete the file or remove the entry in registry: Local Machine / Software / Microsoft / Windows NT / Current Version / Winlogon / Notify. It would immiately recreate the value I just removed. Everytime I removed the registry entry it would recreate itself under one of these 3 file names: j8n20i5oe8.dll 148mlel11hq.dll chkrds.dll. DLL Compare also showed these programs as the culprit. Is there anyway to remove these files from loading up in the windows logon service so you can delete them without runninng a program like winternals or BartPE? Any advise would be great.

Errol barratt

Errol Barratt
 
Sort by date Sort by votes
it sounds like l2me?


Download L2mfix from one of these two locations:

for 9x




W2k & XP



Save the file to your desktop and double click l2mfix.exe. Read and Accept the agreement. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijack this log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are
asked to do so!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
774
Yoko Littner
Yoko Littner
2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
428
2ffat
2ffat
kjv1611
  • Locked
  • Question
AdwCleaner - Any Good? 1
Replies
2
Views
147
kjv1611
kjv1611
kjv1611
  • Locked
  • Question
POS Malware Infections Detection and Protection
Replies
0
Views
105
kjv1611
kjv1611
SantaMufasa
  • Locked
  • Question
How can I get rid of "PC Fix Speed", a particularly nasty PC malware infection. 2
Replies
18
Views
302
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top