-
July 18th, 2008, 06:05 PM
#11
Trend Micro, McAfee, and FProt all have command-line scanners that are on multiple boot CD's (illegally) free for downloading and burning. All that's necessary is checking to see if they have current definitions loaded.* If you run them in a physical environment prior to booting into Windows, you can run all 3 simultaneously with no issues.
* if definitions are not up to date, I believe you can download the references from the respective sites for free and swap out the files on the image using UltraISO or the like.
-
July 21st, 2008, 11:49 AM
#12
Member
The reason that you failed to remove them from msconfig is probably that those two processes are still running while you do that; and they replace that startup registries immediately when you disable it.
All you need to do is restart in safemode and use msconfig to remove the startup process :
1) owjokuch rundll32.exe "C:\WINDOWS\system32\owjokuch.dll",s
2) wmjgenhj rundll32.exe "C:\WINDOWS\system32\wmjgenhj.dll",b
after that, reboot and they should be gone. Next, do a antivirus scan on your pc or manually delete those two files.
Hope it helps.
-
July 24th, 2008, 06:23 PM
#13
Junior Member
I've had the same problems at several of our remote sites. You won't be able to disable them from startup and you can't remove them in safemode. The problem is that it's set to run at startup and then it hooks explorer.exe and lsass.exe. When one process is killed, the other memory resident copies replace it. Here's the easiest way I found to kill it:
-download IceSword from http://www.antirootkit.com/software/IceSword.htm
-using the IceSword file browser, locate those dll files in the sys32 folder
-right-click the dll file and use the "force delete" option. You will most likely have lots of similarly named dll files from approximately the same date range. Study these closely and delete any of them that are malware
-reboot. You will get some "file not found" errors since these dll files are still in startup
-disable these files from startup and reboot again
-profit?
-
July 25th, 2008, 09:01 AM
#14
alternatively if you are able to scan please use an onlien scanning tool from trend or panda
www.activescan.com
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 20th, 2008, 10:03 PM
#15
Junior Member
in safe mode you can do it
Last edited by vikou; August 20th, 2008 at 10:06 PM.
-
August 20th, 2008, 10:10 PM
#16
Junior Member
Upstairs of CIder , the antivirus software which you interoduced is free??
-
August 21st, 2008, 08:38 AM
#17
Yes the online scan will let you know if you are infected and where.
PM me if you need a trial to disinfect.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By al1aprize in forum AntiVirus Discussions
Replies: 10
Last Post: August 21st, 2006, 12:33 PM
-
By ShagDevil in forum General Computer Discussions
Replies: 0
Last Post: July 5th, 2006, 09:11 PM
-
By imported_all_smiles in forum Operating Systems
Replies: 8
Last Post: May 2nd, 2006, 08:36 PM
-
By mrg81 in forum Microsoft Security Discussions
Replies: 7
Last Post: June 30th, 2004, 10:17 PM
-
By TAIWL in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: February 11th, 2004, 05:58 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|