1 reply to this topic

[neo01]

hello to you all i am new in here so i hope this is the right place to ask

in the last 2 weeks everytime i restart my computer i get 2 masseges


1.c:\windows\inf\other.exe specified in the registry make sure the file exists on your computer or remove the reference to it in the registry



2.could not load or run c:\windows\system32\config\win.exe specified in the registry.make sure the file exists on your computer or remove the rference to it in the registry


what is that mean? i run full scan of malwarebytes here is the log

Malwarebytes' Anti-Malware 1.31
Database version: 1546
Windows 6.0.6001 Service Pack 1

25/12/2008 21:50:39
mbam-log-2008-12-25 (21-50-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 216133
Time elapsed: 52 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\chd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\msqpdxmnmxkedr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.



but still the problem is shown wehn i restart i allso checked my msconfig and in the startup section i found

1.dc2k5.exe

2.fun.exe

3.dc.exe


what is all that mean please i really need help????????????????????

[Matthew P]

You PC is dangerously Infected (Very Likely)

The OTHER.EXE might be WORM.CODUNG OR W32.Imaut.AS

From what I can see its pretty bad!
TRY: http://www.bleepingcomputer.com/forums/lof...hp/t134287.html
This looks like a very nasty infection and May actually be something you should post in the HJT section. However from my googleing it doesn't appear that many have info on this infection but they are exactly the same as you describe.

Could you post zipped versions of Other.exe and the rest of the files at question? Thanks!

From what I use these infections may be for hackers to use your PC as a Zombie.