Home > General > WINNT\Fonts\explorer.exe

WINNT\Fonts\explorer.exe

Page 1 of 2 1 2 Next > Advertisement Retehi Thread Starter Joined: Nov 27, 2002 Messages: 40 Last night it placed itself in my "Current Version\run" startup group. I have No idea if this is pertinent.... FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Close Window Thanks for Voting! check over here

lol,,Keep on chuggin Dee!! However, they made no difference to my ability to contact the DNS server(s). Shop through FatWallet for deals from your favorite stores. I was using F-Secure but my evaluation expired before I could slap a serial in it.

However, Panda appears to have overlooked that Startup entry. Yankees Senior Member - 3K posted: Feb. 7, 2003 @ 7:46p yes. Mr. On behalf of the Pitsters i would like to present you with the first of many De/Dee/Deirdre/Primrose.

I brought up notepad, and told him to get lost, he said OK and left. Flag Permalink This was helpful (0) Collapse - Use the next tools to diagnose. Please refer to our CNET Forums policies for details. A+, Network+, Security+, and MCP certifiedradiosplace.com - kreativekristie.com Back to top #90 Dee Dee Member Members 150 posts Location:Ireland Posted 17 August 2003 - 08:24 PM Hi Folks Hey now you

Messenger (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) If you don't have one, I recommend using the AVG Anti-Virus Free Edition. Tech Support Guy is completely free -- paid for by advertisers and donations. https://forums.pcpitstop.com/index.php?/topic/20384-help-i-have-major-problems-here/page-5 Register now!

Select "Install" to download the ActiveX controls that allows ActiveScan to run.4. explicitly deny all unnecessary ports (Deny Any Any) 5. It has been widely used in network troubleshooting and wireless penetration testing and various areas. I understand the possibility of it not being 100%, and I appreciate your help very much.

WebDAV Vulnerability and Fixes (MS03-007) NEWS! http://www.klcconsulting.net/deloder_virus_analysis.htm Click "Allow"5. It was starting an annoying 'Hi! Track this discussion and email me when there are updates If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and

SMAC Made Headlines! Advertisement Recent Posts Software Developer seeking help... On this firewall, make sure you A. Also, I was never promted for Delete all offline content in IE, so I chose work offline and deleted cookies & files again.

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Me now wondering any chance of a diploma at the end of this marathon ...well I sure am earning my supper tee hee Back to top #71 Dee Dee Member Members Thx for your help guys. this content Corrosive, Mar 5, 2003 #3 Retehi Thread Starter Joined: Nov 27, 2002 Messages: 40 I ran Spybot and nothing came up but some cookies.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.* Restore your websettings: Go to start > controlpanel > Internetoptions > Tab Ewido found some spyware cookies. Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

Edited by miekiemoes, 17 May 2006 - 06:37 AM.

  1. put a check next to it, O4 - HKLM\..\RunServices: [GLSetIT32] C:\winnt\system32\msiexec16.exe also 'fix' this line, then reboot: O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon after rebooting, delete this file: C:\WINNT\System32\msblast.exe also,
  2. Compromised systems will connect to IRC Servers as DDoS zombies and might be waiting for a command to start DDoS attacks. 2.
  3. Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc.
  4. It is a MAC Address Modifying Utility for Windows 2000 and XP in all languages.
  5. Glad to see that your machine is in a healthier condition.
  6. Back to top #72 radio radio Gator skins 4sale Anti-Spyware Brigade 12,748 posts Gender:Male Location:CT Posted 16 August 2003 - 07:09 PM ok, just open task manager(ctrl+alt+del), and end the process.
  7. Retehi, Mar 5, 2003 #8 Retehi Thread Starter Joined: Nov 27, 2002 Messages: 40 Sadly, an explorer.exe and a rundll32.exe are in that same fonts folder.
  8. Retehi, Mar 5, 2003 #6 TonyKlein Malware Specialist Joined: Aug 26, 2001 Messages: 10,392 That's quite a collection you had there...
  9. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Let me know in your next reply how things are running now. Please do this: Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'. TonyKlein, Mar 5, 2003 #5 Retehi Thread Starter Joined: Nov 27, 2002 Messages: 40 Here is the Panda report: W32/Momma Disinfected C:\WINNT\Fonts\d2colour.exe Bck/IRC.Mirc.Based No disinfected C:\WINNT\system32\explorer.exe Trj/HideWindow Disinfected C:\WINNT\system32\svchost32.exe Trojan Horse As for your problem, check, and have Hijack This fix the following items: R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Xupiter\XTSearch.dll (file missing) O4 - HKLM\..\Run: [ExplorerTask] C:\WINNT\Fonts\explorer.exe Next,

haven't seen it after i deleted those darn files and removed the call from regedit. Specifying a working DNS server doesn't make any difference. NEWS! http://midsolutions.org/general/winnt-system32-autoexec-nt.html I await your analysis...Here is the new hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 2:22:34 PM, on 5/19/2006Platform: Windows 2000 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\Program Files\Eset\nod32krn.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\Program Files\Pwrchute\ups.exeC:\WINNT\system32\ZONELABS\vsmon.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\ZONELABS\minilog.exeC:\WINNT\Explorer.exeC:\Program Files\BroadJump\Client

I don't offer a cleaning service but try to point to possibilitie at times.My question is why so much in that log and why did you have these services running?Bob Flag That should get rid of it for you, but if it doesn't, post back. Hope this helps!!! I can ping IP addresses on the internet and on the LAN, but names don't resolve.

Password Strength: Weak CNET Reviews Best Products Appliances Audio Cameras Cars Networking Desktops Drones Headphones Laptops Phones Printers Software Smart Home Tablets TVs Virtual Reality Wearable Tech Web Hosting Forums Because without the necessary updates, your system will stay vulnerable and will get reinfected again. Also get a free software firewall like zonealarm. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXEO9 - Extra button: ComcastHSI - {3912CA90-A388-4B76-9E36-E5877BFE9201} - http://www.comcast.net (file missing) (HKCU)O9 - Extra button: Help - {52DE5D47-D1BB-4544-BDCD-96B0BB7E04FA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)O9 - Extra button: Support

I also ran a bootlog the last time I started, and noticed that Windows had difficulty loading several drivers (including video and my NIC). Wallenberg replied Mar 18, 2017 at 4:49 AM Programs Won't Open/Run davehc replied Mar 18, 2017 at 4:31 AM Not computer tech savvy need... Let it scan your system for files to remove. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.Click apply and OK and close all open windows.Then, * Open hijackthis,

Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion by R.