1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

One more Trusted Zone: http://*.63.219.181.7

Discussion in 'Malware and Virus Removal Archive' started by mrdk, 2004/11/19.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2004/11/26
    bobdenny

    bobdenny Inactive

    Joined:
    2004/11/26
    Messages:
    1
    Likes Received:
    0
    Dave,

    This turned up on my machine two days ago, and your advice to mrdk was extremely helpful.

    Here is my export of the Ms4Hd registry key:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd\Files]
    "40.exe "=" "
    "msswch.exe "=" "
    "adsnp.dll "=" "
    "cdrview.dll "=" "
    "comctrl32.dll "=" "
    "dbconf.exe "=" "
    "qwinsta32.exe "=" "
    "routenet.exe "=" "
    "smbin.exe "=" "
    "taskrun.exe "=" "
    "usrdate.exe "=" "
    "spoolsrv.exe "=" "
    "winmcd.exe "=" "
    "winsrv.exe "=" "
    "msbkup.exe "=" "
    "usb.dll "=" "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd\Processes]
    "40.exe "=" "
    "msswch.exe "=" "
    "dbconf.exe "=" "
    "qwinsta32.exe "=" "
    "routenet.exe "=" "
    "smbin.exe "=" "
    "taskrun.exe "=" "
    "usrdate.exe "=" "
    "spoolsrv.exe "=" "
    "winmcd.exe "=" "
    "winsrv.exe "=" "
    "msbkup.exe "=" "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd\RegKeys]
    "{98DBBF16-CA43-4c33-BE80-99E6694468A4} "=" "
    "{A5366673-E8CA-11D3-9CD9-0090271D075B} "=" "
    "Files "=" "
    "Ms4Hd "=" "
    "Processes "=" "
    "RegKeys "=" "
    "RegValues "=" "
    "Vendor "=" "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd\RegValues]
    "msbkup.exe "=" "
    "spoolsrv.exe "=" "

    I jope you find this information useful, and thanks for your helpful posts.

    Bob
     
    bobdenny,
    #21
  2. 2004/11/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Bob :)

    Glad my posts have been helpful. Does that mean you've been able to successfully remove this nasty? Did you by chance check for any of the other entries listed above by Lonny? Were you able to get that export from within Windows, or did you have to go into safe mode? I have also notice a run entry in some logs that shows up in safe mode only. Would you be willing to do some more testing and searching, posting your findings? If you would like further advice on removal, please post the exported key, as well as PVZip logs, both explorer dlls and IE dlls, in a new thread, as well as a current HijackThis log.
     
    noahdfear,
    #22


  3. to hide this advert.

Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...