Home > Solved Weird > Solved: Weird Virus Or Something? HELP! "D:\WINDOWS\system32\DL5EB7~1.EXE"

Solved: Weird Virus Or Something? HELP! "D:\WINDOWS\system32\DL5EB7~1.EXE"

HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Adware.Altnet : Cleaned with backup (quarantined). D:\System Volume Information\_restore{00358BD2-2E45-4D34-BB2A-AA7879DA5798}\RP452\A0052356.dll -> Adware.404Search : Cleaned with backup (quarantined). You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Adware.Altnet : Cleaned with backup (quarantined). check my blog

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Click here to join today! D:\System Volume Information\_restore{00358BD2-2E45-4D34-BB2A-AA7879DA5798}\RP432\A0045712.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). https://forums.techguy.org/threads/solved-weird-virus-or-something-help-d-windows-system32-dl5eb7-1-exe.539418/

D:\System Volume Information\_restore{00358BD2-2E45-4D34-BB2A-AA7879DA5798}\RP440\A0048909.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). Thread Status: Not open for further replies. For Technical Support, double-click the e-mail address located at the bottom of each menu.

When completed, it will prompt that it will shutdown your computer, click OK. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=D:\OPLIMIT\ocraware.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - D:\PROGRA~1\RXTOOL~1\sfcont.dll (file Copy the following list of files to clipboard, CTRL+C to copy D:\WINDOWS\khihig.dll D:\WINDOWS\system32\abc.exe Now in Killbox go to File, Paste from clipboard. HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : Cleaned with backup (quarantined).

IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5E9755A1-314A-4ae6-99E1-B9F7DC7C7CF0} - D:\WINDOWS\System32\2C.tmp O2 - BHO: (no name) - Click Exit on the Main menu to close the program. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection. http://threadposts.org/question/1224898/C-WINDOWS-system32-DL5EB7-1-EXE.html NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". HKU\S-1-5-21-73586283-839522115-1957994488-1004\Software\Hiwire -> Adware.HiWire : Cleaned with backup (quarantined). Now click "Apply", then "OK" and close the Services window. 9.

Your cache administrator is webmaster. Logfile of HijackThis v1.99.1 Scan saved at 8:38:53 PM, on 1/28/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe C:\Program Files\Altnet\Download Manager\admdata.dll -> Adware.Altnet : Cleaned with backup (quarantined). Click on the button that has the red circle with the X in the middle.

Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu click site HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Adware.Altnet : Cleaned with backup (quarantined). D:\System Volume Information\_restore{00358BD2-2E45-4D34-BB2A-AA7879DA5798}\RP453\A0055484.sys -> Dropper.Agent.bbv : Cleaned with backup (quarantined). Done!

HKU\S-1-5-21-73586283-839522115-1957994488-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-73586283-839522115-1957994488-1004\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined). http://realink.org/solved-weird/solved-weird-windows-explorer-xvid-problem.html D:\WINDOWS\system32\AdCache\B_329_4_0_111600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).

Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. D:\System Volume Information\_restore{00358BD2-2E45-4D34-BB2A-AA7879DA5798}\RP454\A0059653.exe -> Downloader.Delf.zw : Cleaned with backup (quarantined). HKU\S-1-5-21-73586283-839522115-1957994488-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup (quarantined).

Reboot your computer once all Java components are removed.

HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Cleaned with backup (quarantined). After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray. 6. D:\System Volume Information\_restore{00358BD2-2E45-4D34-BB2A-AA7879DA5798}\RP454\A0058534.exe -> Downloader.Tibs.hh : Cleaned with backup (quarantined). The system returned: (22) Invalid argument The remote host or network may be down.

D:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : Cleaned with backup (quarantined). Page 1 of 2 1 2 Next > Advertisement sv490665 Thread Starter Joined: Jan 28, 2007 Messages: 11 Hey, the above DL5EB7~1.EXE thing is happening to me too and i just In the Properties Window > General Tab that opens, click the "Stop" button. More about the author HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).

Click the All Files button. Put a tick by Delete on Reboot. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. HKU\S-1-5-21-73586283-839522115-1957994488-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).

IMPORTANT! Save to your desktop. Click "Complete System Scan" to start. 4. C:\Program Files\Altnet\Download Manager\altnetuninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Altnet\LocalFiles -> Adware.Altnet : Cleaned with backup (quarantined). HKU\S-1-5-21-73586283-839522115-1957994488-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-73586283-839522115-1957994488-1004\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined). cybertech, Feb 1, 2007 #8 sv490665 Thread Starter Joined: Jan 28, 2007 Messages: 11 --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 1:23:11 PM 2/1/2007 + Scan result: D:\System