| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I just googled lphclwuj0ee71.exe in a variety of ways and nothing. It also appears like someone was using a trojan and made a server and starting whacking at their keyboard. However... "j0ee" could have done this. Only kidding, but empty queries on google.
|
 |
| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Well, it's a good guess to say that the filename was randomly generated, if this is the malicious file.
Also, I would suggest OP getting Unlocker Assistant. That way when you get the "access denied" when trying to delete the file, you can "unlock" all processes this beast hooked into.
Of course, I think we're getting ahead of ourselves, we still don't know if this is an evil file or not.
|
|
|
| Author | RE: Problem after a spyware attack |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: Hacker Level 3 | |
chronicburst wrote:
I just googled lphclwuj0ee71.exe in a variety of ways and nothing.
Many viruses and trojans create random names when they infect a computer. Some even modify a few bytes of their own code to change the file checksum 
http://uber0n.web. . . |
  |
| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Uber0n wrote:
Many viruses and trojans create random names when they infect a computer. Some even modify a few bytes of their own code to change the file checksum
Damn kids and their polymorphic toys. 
|
|
|
| Author | RE: Problem after a spyware attack |
korg
Member
Posts: 2803
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: God | |
I have the lphclwuj0ee71.exe listed as part of a rogue spyware called antiviruscleaner. @OP start up in safe mode, Run HJT again and check these items:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: bgrqfetx - {72B68A1C-58DD-41B5-B619-D78A182A77D9} - C:\WINDOWS\bgrqfetx.dll (file missing)
O4 - HKLM\..\Run: [lphclwuj0ee71] C:\WINDOWS\system32\lphclwuj0ee71.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Then click fixed checked.
That will clean up a little bullshit you got in there also.
When your done stay in safe mode and check your system32 folder for any "lphclwuj0ee71" files. Sometimes it will change to lphclwuj0ee71.exe2 or exe3 etc.etc.
Should be good after that.
I deal in pain, All life I drain, I dominate, I seal your fate. |
 |
| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Ok i tried the safe mode and removed the object but i still am having the same problems any more suggestions i really dont want to reformat the object was named blphclwuj0ee71
|
|
|
| Author | RE: Problem after a spyware attack |
korg
Member
Posts: 2803
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: God | |
blphclwuj0ee71? Never heard of that one.And that's not in the hjt log only lphclwuj0ee71. Anyway run this:
http://download.b. . .mboFix.exe
Always does a good job.
Then rerun Hjt if you still have a problem.
I deal in pain, All life I drain, I dominate, I seal your fate. |
|
|
| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
is there anyway you could email me the exe file for that i cant even get to the website to download it. I would really appreate it blackmind.2007@gmail.com thanks alot
|
|
|
| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
You cant get to the website?? Blocked? Use a proxy. If not here try this:
http://tinyurl.com/27gkbc
|
|
|
| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
i used my friends computer to download it and it work everything seems to be gone i can get to the websites and download thanks alot everyone for all your help
|
|
|
| Author | RE: Problem after a spyware attack |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
So far.. And by the way, I like you signature. How very true.
|
|
|
| Author | RE: Problem after a spyware attack |
korg
Member
Posts: 2803
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: God | |
Excellent. Post if you have any more problems with it.
I deal in pain, All life I drain, I dominate, I seal your fate. |
|
|
