jls6898
2009-12-18, 01:22
I am trying to remove trojan Opachki.ru from an xp home machine. I have tried Spybot S&D and msconfig.exe to remove the startup entries "notepad" pointing to rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0". and startup entries with a file name "." pointing to c:\documents and settings\%user name%\start menu\programs\startup\.. they keep comming back with new ones every time i restart
here is the RootAlyzer log but I can't seem to delete the files.
File:"Invisible to Win32","C:\WINDOWS\Temp\ntload.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\notepad.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\config\systemprofile\ntload.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk"
File:"Unknown ADS","C:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe:{4FD0FDD9-F596-CBFB-F5D0-D4D4FF2F6BDB}:$DATA"
File:"Invisible to Win32","C:\Documents and Settings\NetworkService\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\LocalService\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\Start Menu\Programs\Startup\scandisk.dll"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\Start Menu\Programs\Startup\scandisk.lnk"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\Local Settings\Temp\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\Default User\Start Menu\Programs\Startup\scandisk.dll"
File:"Invisible to Win32","C:\Documents and Settings\Default User\Start Menu\Programs\Startup\scandisk.lnk"
here is the RootAlyzer log but I can't seem to delete the files.
File:"Invisible to Win32","C:\WINDOWS\Temp\ntload.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\notepad.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\config\systemprofile\ntload.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll"
File:"Invisible to Win32","C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk"
File:"Unknown ADS","C:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe:{4FD0FDD9-F596-CBFB-F5D0-D4D4FF2F6BDB}:$DATA"
File:"Invisible to Win32","C:\Documents and Settings\NetworkService\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\LocalService\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\Start Menu\Programs\Startup\scandisk.dll"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\Start Menu\Programs\Startup\scandisk.lnk"
File:"Invisible to Win32","C:\Documents and Settings\Lenz Boys\Local Settings\Temp\ntload.dll"
File:"Invisible to Win32","C:\Documents and Settings\Default User\Start Menu\Programs\Startup\scandisk.dll"
File:"Invisible to Win32","C:\Documents and Settings\Default User\Start Menu\Programs\Startup\scandisk.lnk"