ScoobyNet.com - Subaru Enthusiast Forum

Notices
Computer & Technology Related Post here for help and discussion of computing and related technology. Internet, TVs, phones, consoles, computers, tablets and any other gadgets.

msshed32.exe in XP

Thread Tools
 
Search this Thread
 
Old 24 October 2004, 12:15 PM
  #1  
andypugh2000
Scooby Regular
Thread Starter
 
andypugh2000's Avatar
 
Join Date: Jun 2003
Location: Founder of surreyscoobies.co.uk
Posts: 2,889
Likes: 0
Received 0 Likes on 0 Posts
Default msshed32.exe in XP
Have this pesky file that keeps rearing its ugly head, Im sure its a trojan and everytime i delete it in safe mode it self replicates again The problem is that after half an hour of use the computer stops responding and hangs, also the internet connection stops working.

any ideas?? tried Microsoft but no joy

andy
andypugh2000 is offline  
Reply Like
Old 24 October 2004, 12:23 PM
  #2  
lightning101
Scooby Regular
 
lightning101's Avatar
 
Join Date: Oct 2004
Location: Never do names esp. Joey, spaz or Mong
Posts: 39,688
Likes: 0
Received 0 Likes on 0 Posts
Default
Download CWShredder, run it and let it fix everything it finds.

Now have HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {5CC18184-534B-4858-9101-AE7945A54E33} - C:\WINNT\system32\iadmf.dll (file missing)
O2 - BHO: (no name) - {6FDA6178-B340-59C1-8251-62557E872A3F} - C:\WINNT\system32\nasaroto.dll
O2 - BHO: (no name) - {7A12A061-1396-4A68-8D0D-920618F280DA} - C:\WINNT\system32\7la.dll
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [gbekcdj] C:\WINNT\system32\ykabljx.exe
O4 - HKLM\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O4 - HKCU\..\Run: [delmsbb] C:\WINNT\delmsbb.exe
O4 - HKCU\..\Run: [Tmnp] C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe
O4 - HKCU\..\Run: [Ivgf] C:\WINNT\system32\?hkntfs.exe
O4 - HKCU\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O21 - SSODL: systemie - {673403C2-B93C-4187-B11B-54B32C31320A} - systemie.dll (file missing)

Reboot into safemode, tap F8 at boot, and delete:

C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe <--file
C:\Program Files\VVSN\ <--folder
C:\WINNT\system32\0m654d.exe <--file
C:\WINNT\system32\ykabljx.exe <--file
C:\WINNT\delmsbb.exe <--file
lightning101 is offline  
Reply Like
Old 24 October 2004, 12:29 PM
  #3  
andypugh2000
Scooby Regular
Thread Starter
 
andypugh2000's Avatar
 
Join Date: Jun 2003
Location: Founder of surreyscoobies.co.uk
Posts: 2,889
Likes: 0
Received 0 Likes on 0 Posts
Default
Originally Posted by lightning101
Download CWShredder, run it and let it fix everything it finds.

Now have HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {5CC18184-534B-4858-9101-AE7945A54E33} - C:\WINNT\system32\iadmf.dll (file missing)
O2 - BHO: (no name) - {6FDA6178-B340-59C1-8251-62557E872A3F} - C:\WINNT\system32\nasaroto.dll
O2 - BHO: (no name) - {7A12A061-1396-4A68-8D0D-920618F280DA} - C:\WINNT\system32\7la.dll
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [gbekcdj] C:\WINNT\system32\ykabljx.exe
O4 - HKLM\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O4 - HKCU\..\Run: [delmsbb] C:\WINNT\delmsbb.exe
O4 - HKCU\..\Run: [Tmnp] C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe
O4 - HKCU\..\Run: [Ivgf] C:\WINNT\system32\?hkntfs.exe
O4 - HKCU\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O21 - SSODL: systemie - {673403C2-B93C-4187-B11B-54B32C31320A} - systemie.dll (file missing)

Reboot into safemode, tap F8 at boot, and delete:

C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe <--file
C:\Program Files\VVSN\ <--folder
C:\WINNT\system32\0m654d.exe <--file
C:\WINNT\system32\ykabljx.exe <--file
C:\WINNT\delmsbb.exe <--file
You done a google too eh!! tried it, doesnt find it, I think i have now sussed it out by typing in start, run, msconfig, startup and unchecking the box for msshed32 then rebooting in safe, delting the file and hey presto!!

andy
Last edited by andypugh2000; 24 October 2004 at 12:33 PM.
andypugh2000 is offline  
Reply Like
Old 24 October 2004, 12:35 PM
  #4  
lightning101
Scooby Regular
 
lightning101's Avatar
 
Join Date: Oct 2004
Location: Never do names esp. Joey, spaz or Mong
Posts: 39,688
Likes: 0
Received 0 Likes on 0 Posts
Default
Did you remember to switch off system restore ?
lightning101 is offline  
Reply Like
Old 24 October 2004, 04:18 PM
  #5  
andypugh2000
Scooby Regular
Thread Starter
 
andypugh2000's Avatar
 
Join Date: Jun 2003
Location: Founder of surreyscoobies.co.uk
Posts: 2,889
Likes: 0
Received 0 Likes on 0 Posts
Default
bugger, forgot, how do you do that??
andypugh2000 is offline  
Reply Like
Old 24 October 2004, 05:11 PM
  #6  
lightning101
Scooby Regular
 
lightning101's Avatar
 
Join Date: Oct 2004
Location: Never do names esp. Joey, spaz or Mong
Posts: 39,688
Likes: 0
Received 0 Likes on 0 Posts
Default
right click on my computer - then sys restore tab and disable.
lightning101 is offline  
Reply Like
Back to Subforum
Computer & Technology Related
View Next Unread
Video encoding




Advanced Search
Reply Closed Thread Share
Forum Jump

All times are GMT +1. The time now is 06:23 AM.