 85242 |
 35212 |
|
|
||
|
|
|||||||
| Welcome to the Exploding Garrmondo Weiner Interactive Swiss Army Penis. |
|
GFF is a community of gaming and music enthusiasts. We have a team of dedicated moderators, constant member-organized activities, and plenty of custom features, including our unique journal system. If this is your first visit, be sure to check out the FAQ or our GFWiki. You will have to register before you can post. Membership is completely free (and gets rid of the pesky advertisement unit underneath this message).
|
 |
|
|
Thread Tools |
 Member 445 Level 24.23 Mar 2006 
|
Sounds like the latest Antivirus 2008 variation that just starting going around. I can see the files in your log. O4 - HKLM\..\Run: [88ae9fcb] rundll32.exe "C:\WINDOWS\system32\whtmbhyt.dll",b for example.
Download and run Malwarebytes Anti-Malware Jam it back in, in the dark. 
|
Member 445 Level 24.23 Mar 2006
|
You're going to have to wait for a Malwarebytes update. It looks like you got a brand new variation that is not databased yet. I would give it to at least mid week and see if an update comes through and run it again.
I'm pretty sure its an Antivirus variation though and these guys are the only ones right now that are on top of this malware. For now you can try and remove the following from your Run registry location: O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe O4 - HKLM\..\Run: [88ae9fcb] rundll32.exe "C:\WINDOWS\system32\whtmbhyt.dll",b O4 - HKCU\..\Run: [smartsetmsg] C:\WINDOWS\system32\sledyfqv.exe Reboot then go and delete those files yourself. There's nowhere I can't reach.
|
Member 445 Level 24.23 Mar 2006
|
Then go to start -> run and type 'regedit' Navigate to -> HKey_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run Locate the key in the right panel with the data "C:\WINDOWS\system32\sledyfqv.exe" and delete it. Navigate to ->HKey_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run Locate the key in the right panel with the data "rundll32.exe "C:\WINDOWS\system32\whtmbhyt.dll",b" And delete it. Reboot (In Safe Mode to be...well safe). Delete the folder C:\Program Files\Rapid Antivirus\ Delete the Files: C:\WINDOWS\system32\whtmbhyt.dll ; C:\WINDOWS\system32\sledyfqv.exe (These might be hidden files so make sure you have view hidden files on.) This thing is sticky, and I don't like it. I don't appreciate it.
Last edited by Cetra; Oct 12, 2008 at 04:47 PM.
|
Member 445 Level 24.23 Mar 2006
|
Could you post a fresh HiJack This log? It's possible that the DLL file is randomly named on each start. Please don't turn your computer off again either if possible after posting the log as we don't want the dll file to change names again. Most amazing jew boots
|
Cetra