Winsockfix or LSPFix will address this.Originally Posted by greenfish
Happy to help! - I don't answer nearly as many threads as I used to (in many different forums).
Yours is interesting because this particular baddie is new and protected by a rootkit. I enjoy the challenge!
As to the problem at hand . . .. .
On the plus side, HJT shows the dll as "missing." So, perhaps you got it.
-- Fix that entry with HijackThis and then try LSPFix again. We need to rebuild the LSP stack. . . . . Actually, let's run LSPFix a bit later (see below)
On the minus side, your HJT log also still shows this component of the malware:
O4 - HKLM\..\Run: [WinStar] C:\WINDOWS\IEXPL0RE.exe
Let's do this:
-- Download combofix.exe
Run combofix and follow the prompts. Don't do anything on your machine while it is running or it may freeze.
It will produce a logfile - please submit that for me.
THEN:
Run LSPFix as you did before. If aelupsvc32.dll does not show, just click Finish.
Reboot and give me a fresh HJT along with the ComboFix log.
-- Just to reiterate: With rootkits these days, I always suggest a reformat. Even if we get your machine back to what seems like "normal," we'll never know for sure if we got everything. This sort of stealthing tool is designed to hide from the Operating System itself. The only certain fix is to flatten the hard drive and reformat. For a lot of people, this is a problem because they lose all sorts of data that they failed to backup . . .
But, like I said, these new threats interest me and I am happy to help you try to remove it as long as you feel the endeavor will be productive.
-- Also, I still see both McAfee and Symantec AV in your HJT log. You should choose one and remove the other to prevent conflicts and to free up some system resources.
Best
PP
Reply With Quote