were you able to delete port21fs.exe ?

nope, and it didnt show up when i searched for it either

Try logging in as administrator to delete
C:\WINDOWS\SYSTEM32\WinCtrl32.dll

wait, hijackthis was able to fix the winctrl32.dll and i didnt see port32fs come up

hmmm

im the only account on the computer

nope, still there though

"nope, still there though"

which one is still there?

do you use a firewall? if so, which one?

port seems to be gone, it isnt in a hijackthis log i just ran. the win.dll thing keeps coming up in the scan and it lets me check it to fix. Maybe it will be gone after a reboot.

i have a basic mcafee firewall

sounds like we're making progress at least. (hopefully)

Strange about port21fs.exe

I know with Comodo firewall you can view every active process, and terminate and quarantine. While they are quarantined they cannot execute. Comodo also has a HIPS feature (host intrusion prevention system) which prevents new executables from activating without the user's permission. You may have been able to avoid infection with Comodo, I recommend it personally as Ive been using it for about 6 months, and it is totally free and has passed all leak tests at www.matousec.com

I've never tried any MacAfee products so don't really have any opinions on them.

If HijackThis was able to fix the .dll then that's good.

Regarding the port21fs.exe, I don't know, thats weird that you didn't delete it or fix it with HTJ, but it's no longer showing up. I wonder if it could possibly be a trojan or something that is switching from active to dormant?

I must do the crashing of the me for a while now, I'll check this thread when I am reborn.

im trying to do delete file on reboot....not sure if it will work

oh well

alright checking its properties, this winctrl32.dll gets created every time i boot the computer.

i left my computer on all night and didnt get attacked, so maybe im good from now on. Im gonna run some quick scans to be safe.

Take this for what you will but I would never use a computer with such an extensive infestation without reformatting first. There is a high enough chance that you have been infected by a rootkit and other malware that you will not detect.

My advice is to start with a fresh install, learn a bit about computer security, and ditch McAfee.

i dont have the OS cds with me

if that .dll is getting created every time you boot it sounds like some kind of rootkit. Some kind of deep infestastion. You should posts those HTJ logs in one of those forums, they'll be able to provide you with more detailed assistance.

i have it posted here

http://forums.pcpitstop.com/index.php?showtopic=156964

if its a rootkit then i pretty much have to backup my data and reinstall the OS dont I?

"i have it posted here

http://forums.pcpitstop.com/index.php?showtopic=156964"


Have you gone through all the steps suggested in that thread?


"if its a rootkit then i pretty much have to backup my data and reinstall the OS dont I?"


possibly so. If they can't find a way for you to remove it in those forums, that may be your only option ... maybe.

Check out this wiki for some good info on rootkits.

http://en.wikipedia.org/wiki/Rootkit

"Removing

Many hold this to be forbiddingly impractical. Even if the nature and composition of a rootkit is known, the time and effort of a system administrator with the necessary skills or experience would be better spent re-installing the operating system from scratch. Since drive imaging software makes the task of restoring a “clean” OS installation almost trivial, there is no good reason to try to dig a rootkit out directly. "I suppose traditional rootkits could be made to be as hard to remove as possible even when found, but I doubt there is much incentive for that, because the typical reaction of an experienced sysadmin on finding a rooted system is to save the data files, then reformat [and reinstall]. This is so even if the rootkit is very well known and can be removed 100%"

i just checked the thread and am following that reply. I saw the wiki on rootkits too.

at this point your best bet is probably to follow all those steps, I looked, its a ***** shtload, but all their suggestions may help you get rid of that sht.

If after going through all their steps and everything, and probably reposting more HTJ logs, they may suggest you reformat and reinstall as a last resort. I don't know though. Hopefully you can get rid of that sht without reformatting and reinstalling.

most of the steps arent that bad, standard clearing internet temp files and cookies

It looks like you guys have made some progress in that thread, how are things now?

Does the .dll still get created on boot up?

yep its still there.

i couldnt do everything suggested in that thread. One of them (started with a K) had been running for 3 hours and looked like it froze up. Ive run all the scans I have now and nothing is popping up besides the occasional adware cookie, and I havent had any sort of problems in the past 24 hours or so

it sounds like you got the bulk of it maybe, but I wonder if you still have a rootkit imbedded somewhere. It's good your pc seems to be back to normal.

If you wanted a good firewall, I can't recommend Comodo enough, if not that's ok though.

Let me know if you have another outbreak, feel free to P.M. if this thread gets locked.

I went ahead and installed comodo.

When I booted up it alerted me of a file C:\WINDOWS
\Temp\BN10.tmp trying to modify certain keys and files (including the winctrl32.dll), and I ended up blocking it 8 times or so.