Results 1 to 8 of 8

Thread: Hellz Little Spy - Help please

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2008-06-27, 22:20 #1
    lollypop
    lollypop is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    5

    Angry Hellz Little Spy - Help please

    Hello friends! I have a problem with this little keyloger. Spyboot find this malware in my pc and it says it's a registry key modified.The registry key is something with windows logon dll. When i click fix button and restart my pc nothing is working.I can't log in in my pc because logon file missing.It is possible that spyboot delete logon dll? Everytime i have to reformat my pc and after reformat the malware is in the same place in spyboot list.I try to follow the registry key (as show in spyboot) before click fix, but that key does not exist there exactly how the program say.
    I make a scan in my pc with nod 32 antivirus, the sistem is clean, and this:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:48:28 AM, on 6/27/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\NOD\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    D:\NOD\egui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\cwshreeder\SpyNoMore\SNM.exe
    D:\WINZIP\wzqkpick.exe
    D:\cwshreeder\hijackthis_sfx\HijackThis.exe

    O4 - HKLM\..\Run: [egui] "D:\NOD\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\NOD\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - D:\NOD\ekrn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    What should i do in this case?Thank you very much!
    Last edited by Blade81; 2008-06-30 at 09:35. Reason: Removed log from codebox
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules