Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 30
Members Online: 2

Registered Members: 82847
Newest Member: Zanjux
Latest Articles
View Thread

HellBound Hackers | Computer General | General Computer Problems

Page 2 of 2 < 1 2
Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 14:41
I just googled lphclwuj0ee71.exe in a variety of ways and nothing. It also appears like someone was using a trojan and made a server and starting whacking at their keyboard. However... "j0ee" could have done this. Only kidding, but empty queries on google.


Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 14:49
Well, it's a good guess to say that the filename was randomly generated, if this is the malicious file.

Also, I would suggest OP getting Unlocker Assistant. That way when you get the "access denied" when trying to delete the file, you can "unlock" all processes this beast hooked into.

Of course, I think we're getting ahead of ourselves, we still don't know if this is an evil file or not.


Author

RE: Problem after a spyware attack

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 16-08-08 14:52
chronicburst wrote:
I just googled lphclwuj0ee71.exe in a variety of ways and nothing.

Many viruses and trojans create random names when they infect a computer. Some even modify a few bytes of their own code to change the file checksum Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 14:57
Uber0n wrote:
Many viruses and trojans create random names when they infect a computer. Some even modify a few bytes of their own code to change the file checksum Wink


Damn kids and their polymorphic toys. Pfft


Author

RE: Problem after a spyware attack

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 16-08-08 16:15
I have the lphclwuj0ee71.exe listed as part of a rogue spyware called antiviruscleaner. @OP start up in safe mode, Run HJT again and check these items:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: bgrqfetx - {72B68A1C-58DD-41B5-B619-D78A182A77D9} - C:\WINDOWS\bgrqfetx.dll (file missing)
O4 - HKLM\..\Run: [lphclwuj0ee71] C:\WINDOWS\system32\lphclwuj0ee71.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Then click fixed checked.

That will clean up a little bullshit you got in there also.
When your done stay in safe mode and check your system32 folder for any "lphclwuj0ee71" files. Sometimes it will change to lphclwuj0ee71.exe2 or exe3 etc.etc.
Should be good after that.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 16:38
Ok i tried the safe mode and removed the object but i still am having the same problems any more suggestions i really dont want to reformat the object was named blphclwuj0ee71


Author

RE: Problem after a spyware attack

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 16-08-08 16:53
blphclwuj0ee71? Never heard of that one.And that's not in the hjt log only lphclwuj0ee71. Anyway run this:
http://download.b. . .mboFix.exe
Always does a good job.
Then rerun Hjt if you still have a problem.



i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 19:24
is there anyway you could email me the exe file for that i cant even get to the website to download it. I would really appreate it blackmind.2007@gmail.com thanks alot


Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 19:49
You cant get to the website?? Blocked? Use a proxy. If not here try this:
http://tinyurl.com/27gkbc


Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 19:59
i used my friends computer to download it and it work everything seems to be gone i can get to the websites and download thanks alot everyone for all your help


Author

RE: Problem after a spyware attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-08-08 21:02
So far.. And by the way, I like you signature. How very true.


Author

RE: Problem after a spyware attack

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 16-08-08 23:34
Excellent. Post if you have any more problems with it.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Page 2 of 2 < 1 2