Home > General > INETCFG.Apprentice.1


What follows are some event logs and a section of my PC's registry hive that seem to indicate ... Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. I think it's because the malware has a protected store of files and folders that it slipstreams into the temporary X: drive's file system whenever the infected user attempts to boot Open ActiveX Compatibility Manager again.

My hope is that someone will figure out how it works and develop a removal tool. Indice Staff • Cancella cookie • Tutti gli orari sono UTC +1 ora Blog | Help | Info, Privacy & Contatti | Newsletter | Segnala bug | Ricerca avanzata | Seguici The program takes a few minutes to collect the necessary information. Please do the following. read review

Search for "recieve.exe" (note the misspelling with "i" before "e"), or either of the registry keys "HKLM_LOCAL_MACHINE\Software\Classes\BuyGoods" or "HKEY_LOCAL_MACHINE\Software\Classes\Byblos." The reference to "BDA tuner" on this Web site immediately caught my Back to top #5 Elise Elise Bleepin' Blonde Malware Study Hall Admin 59,187 posts OFFLINE Gender:Female Location:Romania Local time:03:42 AM Posted 11 April 2010 - 01:53 AM I don't think Why are those folders there?

Start it, hit update, when finsihed click Ok, Start, And Ok again to start the scan. Try our mobile theme. Forum Archive Cyber Tech Help Forums RSS Help Forums | Tutorials | Downloads | News | Other Resources Home | Site Help | About Us | Subscriptions | Services | Contact When done post the contents of Log.txt in this thread. 0 #3 Kahlia Posted 13 August 2004 - 12:08 PM Kahlia Member Topic Starter Member 12 posts HI, Ok, I have

I couldn't find "Appinit_Dlls". update: my browser page still hasabout:blank in the address bar, but the page is no longer completly loading....Logfile of HijackThis v1.97.7Scan saved at 9:57:27 PM, on 8/18/04Platform: Windows 98 SE (Win9x Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field.Click here or here to download FindnFix.exe by freeatlast. http://www.herdprotect.com/inetcfg.dll-35711bb20352db4b4de69a29637abc0df5776512.aspx Reboot, and try the step again please.

Read about our approach to external linking. It's got a filter that weeds them out at the time the script is executed. Earlier today I formatted a hard drive and installed Windows 7 onto it, booting from the Windows upgrade DVD and choosing "Custom Install," which is the option you choose when you About the only thing it HASN'T done is levitate and hurl pea soup.

Open Notepad, and hit Ctrl+V to paste the log, and post those contents back here please. http://www.cybertechhelp.com/forums/showthread.php?p=630233 You can't even USE Internet Explorer in the Norton recovery environment, so it hardly makes sense that they'd put it on their DVD.And Windows PXE, for booting into Windows remotely over Let it run and after a few minutes, a prompt will appear. The file will be unloaded now.

Stealth that should not be possible for malware with such a wide range of functionality. Click Options, and check "Display Only Installed Components". I'm a total compyooter noob who's been reading too much Inturnetz trying to understand computers now that mine has gone seriously south on me. At this point the best idea is to post this as a new request at the CTH Internet/Browsers forum.

Alana's profile Courtney's profile Galleries See all galleries from The Apprentice Related Links The Apprentice on Facebook (www.facebook.com) The Apprentice on Twitter (twitter.com) You may also like View all Similar programmes People need to know that some malware can survive a Windows reinstall. Presumably to help its authors earn a a few Simoleons for all their hard work pimpin' dem bots. 2008年02月23日 星期六 00:30 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D1C559D-84F0-4BB3-A7D5-56A7435A9BA6} \InprocServer32] @="C:\\WINDOWS\\system32\\wbem\\fastprox.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D4B04E1-1331-11d0-81B8-00C04FD85AB4}] @="CLSID_ImnAccountManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D4B04E1-1331-11d0-81B8-00C04FD85AB4} \InprocServer32] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ Can anyone tell me what it does?

Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection. © 2017 herdProtect Task Mana who? Share this page Share this with Digg Facebook Google LinkedIn Reddit StumbleUpon Twitter Copy this link http://www.bbc.co.uk/programmes/b0071b63 Read more about sharing.

My primary interest here was in alerting others to that possibility, because I can't be the only person in the world with this very frustrating malware infestation.

I've tested this a number of times. HJT log Started by Kahlia , Aug 10 2004 07:15 PM Page 1 of 2 1 2 Next Please log in to reply #1 Kahlia Posted 10 August 2004 - 07:15 That does not mean I wouldn't accept help from someowne who offered it. Original file name:INETCFG.DLL File type:Dynamic link library (Win32 DLL) Language:Polish Common path:C:\Windows\System32\inetcfg.dll Registration CLSID:{8EE42293-C315-11D0-8D6F-00A0C9A06E1F} ProgID:INETCFG.Apprentice.1 COM registered:Yes File PE Metadata Compilation timestamp:4/14/2008 7:07:19 PM OS version:5.1 OS bitness:Win32 Subsystem:Windows GUI Linker

That maneuver actually has given me back some control over my PC. What do I do? If you have some time to spare and you're interested in taking a look, please keep in mind that my PC is a home computer, not on a LAN, connected directly I know you all are busy, but please don't forget about me..

If CTH has helped you, please consider liking and sharing us on Facebook Search Forums Show Threads Show Posts Advanced Search Go to Page... If So hilite And use edit>copy and post here Then, Unzip and run StartDreck.exe Hit: -config hit: -Unmark all Check these boxes only: *Registry->run keys *Registry->Browser helper objects *System/drivers> Running processes I don't think I have a BIOS or firmware rootkit or any such thing. DoubleClick on: Win98fix.reg file, hit 'yes' on the prompt! -Restart computer! -File should be visible! -Do 'find files' for and delete.

Register now to gain access to all of our features, it's FREE and only takes one minute. Tries to hoard 'em, in fact. The system returned: (22) Invalid argument The remote host or network may be down. Jintan View Public Profile Find all posts by Jintan #21 June 6th, 2006, 07:23 PM bme211 New Member Join Date: May 2006 Posts: 21 Part 1 Microsoft Data

The applications or services that hold your registry file may not function properly afterwards. Please do the following. OK, so I hope we can agree that when you boot into Windows from a recovery DVD, it usually creates a temporary boot drive labeled as the "X: Drive." The following So it's a way for malware to change the registry without gaining access to it directly.Oh, hey!

Malware writers could have entered some code into the normal installation.Otherwise its impossible, for the simple reason that no internet connection is possible during the installation.Again, please provide a short description It will take a bit to review those entries, but let's see if it turns up some positive results.