ScoobyNet.com - Subaru Enthusiast Forum

Notices
Computer & Technology Related Post here for help and discussion of computing and related technology. Internet, TVs, phones, consoles, computers, tablets and any other gadgets.

msshed32.exe in XP

Thread Tools
 
Search this Thread
 
Old Oct 24, 2004 | 12:15 PM
Share
  #1  
andypugh2000's Avatar
andypugh2000
Thread Starter
Scooby Regular
 
Joined: Jun 2003
Posts: 2,889
Likes: 0
From: Founder of surreyscoobies.co.uk
Default msshed32.exe in XP
Have this pesky file that keeps rearing its ugly head, Im sure its a trojan and everytime i delete it in safe mode it self replicates again The problem is that after half an hour of use the computer stops responding and hangs, also the internet connection stops working.

any ideas?? tried Microsoft but no joy

andy
Reply
0
Old Oct 24, 2004 | 12:23 PM
Share
  #2  
lightning101's Avatar
lightning101
Scooby Regular
 
Joined: Oct 2004
Posts: 39,688
Likes: 0
From: Never do names esp. Joey, spaz or Mong
Default
Download CWShredder, run it and let it fix everything it finds.

Now have HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {5CC18184-534B-4858-9101-AE7945A54E33} - C:\WINNT\system32\iadmf.dll (file missing)
O2 - BHO: (no name) - {6FDA6178-B340-59C1-8251-62557E872A3F} - C:\WINNT\system32\nasaroto.dll
O2 - BHO: (no name) - {7A12A061-1396-4A68-8D0D-920618F280DA} - C:\WINNT\system32\7la.dll
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [gbekcdj] C:\WINNT\system32\ykabljx.exe
O4 - HKLM\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O4 - HKCU\..\Run: [delmsbb] C:\WINNT\delmsbb.exe
O4 - HKCU\..\Run: [Tmnp] C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe
O4 - HKCU\..\Run: [Ivgf] C:\WINNT\system32\?hkntfs.exe
O4 - HKCU\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O21 - SSODL: systemie - {673403C2-B93C-4187-B11B-54B32C31320A} - systemie.dll (file missing)

Reboot into safemode, tap F8 at boot, and delete:

C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe <--file
C:\Program Files\VVSN\ <--folder
C:\WINNT\system32\0m654d.exe <--file
C:\WINNT\system32\ykabljx.exe <--file
C:\WINNT\delmsbb.exe <--file
Reply
0
Old Oct 24, 2004 | 12:29 PM
Share
  #3  
andypugh2000's Avatar
andypugh2000
Thread Starter
Scooby Regular
 
Joined: Jun 2003
Posts: 2,889
Likes: 0
From: Founder of surreyscoobies.co.uk
Default
Originally Posted by lightning101
Download CWShredder, run it and let it fix everything it finds.

Now have HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {5CC18184-534B-4858-9101-AE7945A54E33} - C:\WINNT\system32\iadmf.dll (file missing)
O2 - BHO: (no name) - {6FDA6178-B340-59C1-8251-62557E872A3F} - C:\WINNT\system32\nasaroto.dll
O2 - BHO: (no name) - {7A12A061-1396-4A68-8D0D-920618F280DA} - C:\WINNT\system32\7la.dll
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [gbekcdj] C:\WINNT\system32\ykabljx.exe
O4 - HKLM\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O4 - HKCU\..\Run: [delmsbb] C:\WINNT\delmsbb.exe
O4 - HKCU\..\Run: [Tmnp] C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe
O4 - HKCU\..\Run: [Ivgf] C:\WINNT\system32\?hkntfs.exe
O4 - HKCU\..\RunOnce: [0m654d.exe] C:\WINNT\system32\0m654d.exe /k
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O21 - SSODL: systemie - {673403C2-B93C-4187-B11B-54B32C31320A} - systemie.dll (file missing)

Reboot into safemode, tap F8 at boot, and delete:

C:\Documents and Settings\Administrator.DANG1\Application Data\ersd.exe <--file
C:\Program Files\VVSN\ <--folder
C:\WINNT\system32\0m654d.exe <--file
C:\WINNT\system32\ykabljx.exe <--file
C:\WINNT\delmsbb.exe <--file
You done a google too eh!! tried it, doesnt find it, I think i have now sussed it out by typing in start, run, msconfig, startup and unchecking the box for msshed32 then rebooting in safe, delting the file and hey presto!!

andy
Last edited by andypugh2000; Oct 24, 2004 at 12:33 PM.
Reply
0
Old Oct 24, 2004 | 12:35 PM
Share
  #4  
lightning101's Avatar
lightning101
Scooby Regular
 
Joined: Oct 2004
Posts: 39,688
Likes: 0
From: Never do names esp. Joey, spaz or Mong
Default
Did you remember to switch off system restore ?
Reply
0
Old Oct 24, 2004 | 04:18 PM
Share
  #5  
andypugh2000's Avatar
andypugh2000
Thread Starter
Scooby Regular
 
Joined: Jun 2003
Posts: 2,889
Likes: 0
From: Founder of surreyscoobies.co.uk
Default
bugger, forgot, how do you do that??
Reply
0
Old Oct 24, 2004 | 05:11 PM
Share
  #6  
lightning101's Avatar
lightning101
Scooby Regular
 
Joined: Oct 2004
Posts: 39,688
Likes: 0
From: Never do names esp. Joey, spaz or Mong
Default
right click on my computer - then sys restore tab and disable.
Reply
0
Back to Subforum
Computer & Technology Related
View Next Unread
Video encoding




Advanced Search
Reply Closed Thread Share
Forum Jump

All times are GMT +1. The time now is 04:31 PM.