system
12
Hey Eddy:
Ran Avant in the initial boot. Log created is as follows:
9/26/2004 7:36:22 PM NT AUTHORITY\SYSTEM 580 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/26/2004 7:36:24 PM NT AUTHORITY\SYSTEM 580 An error has occured while attempting to update. Please check the logs.
9/27/2004 8:25:40 AM ARCH\Administrator 1740 Sign of “Win32:Winshow [Trj]” has been found in “C:\WINNT\SYSTEM32\wmsgm.dll” file.
9/27/2004 8:28:56 AM ARCH\Administrator 1740 Sign of “Win32:SdBot-1093 [Trj]” has been found in “C:\WINNT\SYSTEM32\scvhosting.exe” file.
9/27/2004 8:30:30 AM ARCH\Administrator 1740 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINNT\CFJMP.exe” file.
9/27/2004 8:32:12 AM ARCH\Administrator 1740 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINNT\DGJ.exe” file.
9/27/2004 9:53:41 AM ARCH\Administrator 316 Sign of “Win32:Winshow [Trj]” has been found in “C:\WINNT\SYSTEM32\wmsgm.dll” file.
9/27/2004 9:54:31 AM ARCH\Administrator 316 Sign of “Win32:SdBot-1093 [Trj]” has been found in “C:\WINNT\SYSTEM32\scvhosting.exe” file.
Two questions:
-
Can you tell me how to disable system restore so I can follow your instructions in your recent post to run hijack this again. I went to help in windows and could not find system restore in the help files.
-
When I rerun hijackthis, and if I find any of the lines you highlighted, what should I do - delete them or just copy the log and report back here first?
Continued thanks…whenever your in Atlanta…lunch is on me!!
Rick