"Wystapił problem z Explorer.exe"


(Zuberator) #1

Wyskakuje mi taki oto bład:

post-82614-13856534117469_thumb.jpg

post-82614-13856534117469_thumb.jpg

Wyskakuje kiedy próbuje wejść w dysk D i C.

Próbowałem defragmentowac dysk C i naprawianie systemu przez płyte instalacyjna Windowsa XP home edytion ale nic z tego.

post-82614-13856534118884_thumb.jpg


(huber2t) #2

Daj loga z Combofix i Hijackthis

kolejnośc jak podałem


(Zuberator) #3

Log z combofix: http://wklej.org/id/794e2cbcfd

i Hijackthis: http://wklej.org/id/08049d75e7

Aha jak próbowałem włączyć usługe WYSZUKAJ to wyskakuje tylko okienko:

post-82614-13856534121171_thumb.jpg


(huber2t) #4

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\qnmargoldpq.dll

C:\WINDOWS\system32\tscupgrd.exe

C:\WINDOWS\wdpoefan.dll

C:\WINDOWS\vadokmxt.dll

C:\WINDOWS\dpevflbg.dll

C:\WINDOWS\olgdqarf.exe

C:\WINDOWS\wxvgsdbq.exe

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.


(Zuberator) #5

Log z Combofix: http://wklej.org/id/67fdba89fb


(huber2t) #6

Log wyglada na czysty

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.


(Zuberator) #7

Raport: http://wklej.org/id/ace85bbba0


(huber2t) #8

Log jest czysty, komputer jest wolny od wirusów


(Zuberator) #9

Dziękuje za pomoc wszystko już działa


(Deni Red) #10

Hello, guys I have the exactly same problem. I couldnt understand very well (cause I dont know polish) but i suppose if I use combo fix my log file wont be the same to follow your steps and fix the problem.

tnks

i hope it is not a problem that i post this in english

W dniu 27.04.2008 , o godzinie 12:46 został dopisany post przez deniiise

Hello, guys I have the exactly same problem. I couldnt understand very well (cause I dont know polish) but i suppose if I use combo fix my log file wont be the same to follow your steps and fix the problem.

tnks

i hope it is not a problem that i post this in english


(Pistatt) #11

I've got problem to run Internet Explorer 6 SP1. just after starting IE it crashed... application eventlog comes out with this error:

Event Type:Error

Event Source:Application Error

Event Category:None

Event ID:1000

Date:4/28/2008

Time:7:40:23 AM

User:N/A

Computer:

Description:

Faulting application iexplore.exe, version 6.0.2900.2180, faulting module qnmargoldpq.dll, version 0.0.0.0, fault address 0x00016d35.

I've asked my colleague if I can use his version of dll, but he haven't found it installed on his PC... so I just removed (still have a copy, just in case) the C:\WINDOWS\qnmargoldpq.dll and now IE is running fine...

so far no other problems.

my suspicion is some kind of virus or malware, but the symantec antivirus is a crap as several times before (well, company standards and policies disallow to use other AV soft)...

google is unable to find any other valuable info regarding this dll so it really seems to be useless... even the version of the dll is 0.0.0.0...

UPDATE - found some info on some Polish forum viewtopic.php?f=2&p=1576795 ... more files identified, all of them present on my system, modification date of all of them 25th April... sending them to Symantec -

confirming that this is kind of Trojan Virus: Trojan.Zlob

filename: wdpoefan.dll

machine: Machine

result: This file is detected as Trojan.Zlob. http://www.symantec.com/avcenter/venc/d ... .zlob.html

filename: vadokmxt.dll

machine: Machine

result: This file is detected as Trojan.Zlob. http://www.symantec.com/avcenter/venc/d ... .zlob.html

filename: qnmargoldpq.dll

machine: Machine

result: This file is detected as Trojan.Zlob. http://www.symantec.com/avcenter/venc/d ... .zlob.html

filename: dpevflbg.dll

machine: Machine

result: This file is detected as Trojan.Zlob. http://www.symantec.com/avcenter/venc/d ... .zlob.html

filename: olgdqarf.exe

machine: Machine

result: This file is detected as Trojan.Zlob. http://www.symantec.com/avcenter/venc/d ... .zlob.html

filename: wxvgsdbq.exe

machine: Machine

result: This file is detected as Trojan.Zlob. http://www.symantec.com/avcenter/venc/d ... .zlob.html

ANYONE USING SYMANTEC ANTIVIRUS SHOULD BE ABLE TO CLEAN THIS INFECTION:

Please follow the instruction at the end of this email message to install the latest available definitions.

Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created RapidRelease definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install the latest RapidRelease definitions.

Symantec is now building a new set of definitions to include the threat you have submitted. The approximate time to complete this process is one hour. We recommend checking the ftp site periodically over the next 60 to 90 minutes to download these definitions as soon as they are available.

Downloading and Installing RapidRelease Definitions:

  1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/

  2. Copy and paste the address ftp://ftp.symantec.com/public/english_u ... /sequence/ into the address bar of your Web browser and then press Enter.(this could take a minute or so if you have a slow connection) 3. Now select 81036 folder or a higher. Open the folder.

  3. Select the file symrapidreleasedefsx86.exe 5. When a download dialog box appears, save the file to the Windows desktop.

  4. Double-click the downloaded file and follow the prompts.

Virus definition detail:

Sequence Number: 81036

Defs Version: 100428d

Extended Version: 04/28/2008 rev.4

I've just installed latest definicions and will scan those files...