I have a virus on my computer File Name: lxafkkwh.dl$
FileID: 5
Virus Description: Win32:Trojan-gen. {Other
I tried to clean it with no luck, I would like to know if it is safe to delete it. Thank You.
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Also it is located c/windows/system Thanks for any help.
Hi,
what do Onlinescanners say to the file, e.g. JOTTI ?
→ for link: see “VirusRemoval” below in my sig
PAUSE avast shield while scanning the file online.
If JOTTIS confirms infection:
try moving it to chest with avast in SafeMode (F8-Boot)
(never delete anything if you don’t know what it is…)
and/or post a hijackthis-Log here: http://tomcoyote.org/hjt
Hi I tried to find the file in c/windows/system and apply it to Jotti, could not find file. I paused avast, but still could not find file, is this maybe because it is in the chest. If so should i restore it and try again. Thank You , here is a log.
Logfile of HijackThis v1.98.2
Scan saved at 10:24:12 AM, on 10/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DRWATSON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHCHEST.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = +s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cbs.sportsline.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cbs.sportsline.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe “Norton SystemWorks”
O4 - HKCU..\Run: [PopUpStopperFreeEdition] “C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE”
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .jsp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
This is the result from my HJT log analyzer:
You are using the latest version of HijackThis.
You are using the latest version of Internet Explorer.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
r1 - hkcu\software\microsoft\internet explorer\main,default_search_url = +s
o16 - dpf: {e855a2d4-987e-4f3b-a51c-64d10a7e2479} (epsimagecontrol class) - http://tools.ebayimg.com/eps/activex/epscontrol_v1-0-3-0.cab
o16 - dpf: {4c39376e-fa9d-4349-bacc-d305c1750ef3} (epuimagecontrol class) - http://tools.ebayimg.com/eps/wl/activex/epuwalcontrol_v1-0-3-9.cab
o4 - hklm..\run: [nprotect] c:\program files\norton systemworks\norton utilities\nprotect.exe
o4 - hklm..\runservices: [csinject.exe] c:\program files\norton systemworks\norton cleansweep\csinject.exe
o4 - hklm..\runservices: [nprotect] c:\program files\norton systemworks\norton utilities\nprotect.exe
o4 - hklm..\runservices: [symtray - norton systemworks] c:\program files\common files\symantec shared\symtray.exe “norton systemworks”
o12 - plugin for .bcf: c:\progra~1\intern~1\plugins\npbelv32.dll
Reply for:
o12 - plugin for .bcf: c:\progra~1\intern~1\plugins\npbelv32.dll
I think this is a plugin for the real player, (the RichFX Player), you can view highly compressed 3D, animation, and computer-generated video. This is one of the documents in the file with it.