Thread: frmwrk32.exe?
View Single Post
Join Date: Feb 2004
Posts: 9,920
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 709
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: frmwrk32.exe?

 
0
  #2
Dec 25th, 2008
Hi and welcome to the Daniweb forums .

==========

Do you know what C:\WINDOWS\kass.exe is? If not, please go to Jotti's or to virustotal and have it scanned. Post the results back here.

====

Can you please do the following.

===============

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [zudalaniku] Rundll32.exe "C:\WINDOWS\system32\gehumuro.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zudalaniku] Rundll32.exe "C:\WINDOWS\system32\gehumuro.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint

files...

C:\WINDOWS\system32\gehumuro.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Last edited by crunchie; Dec 25th, 2008 at 12:33 am.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster