nass
Thu Mar 27 09:34:04 PDT 2008
"LAByerly" wrote:
> I am working on a machine (XP home SP2) that has two references to
> cnpacnp.dll. One is a BHO and the orher is a Winlogon entry. The properties
> on this dll say that it comes from Microsoft, but not what it is like most ms
> stuff does.
>
> This machine had many viruses and spyware that I am trying to get rid of. I
> just am not sure about this one.
>
> Any help would be greatly appreciated.
It is either a Viral malware installed on your machine/client machine for
that matter and you will need to dig deep to get it rid of it or a Vundo
Variant/Zlob.
I let the Dog Sniff/fetch on two machines here to find that file, never come
back even with a feather <g>.
Try to scan this file/DLL from here:
Upload a file
http://www.virustotal.com/
Then try the cleaning steps and I think you may already run the Hijackthis,
try to get the CleanUpBHO app or MoveIT to remove this File.
Download Comodo BOClean Anti-Malware
http://www.comodo.com/boclean/CBO_download.html
RogueRemover FREE
http://www.malwarebytes.org/rogueremover.php
Go through these Cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .
Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the Non/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (off-line scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v2.0.2
(
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to:
http://www.spywareinfo.com/~merijn/downloads.html
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.bleepingcomputer.com/forums/
Or other appropriate
forums for expert analysis, not here.
Let us know your progress.
nass
----
http://www.nasstec.co.uk