Author Topic: psapi.dll & funny.exe (Read 6990 times)

minyan · « **on:** December 13, 2004, 05:51:34 PM »

Hello, thank you for your time. Anyway, I accepted and downloaded funny.exe yesterday through MSN. I didn't know what it was back then so I openned it. Now when I start up my computer (my other computer) it freezes at startup, meaning I see the background, I hear the startup music but nothing shows. When I'm in safe mode this popup says "psapi.dll is not found", and it freezes completey (i can't even move the mouse). is there any way which I could fix this without losing the files on my computer? Thank you so much.

guestolo · « **Reply #1 on:** December 13, 2004, 07:55:47 PM »

Hi Minyan

Download Hijackthis 1.98.2

Important: Create a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT

Download Hijackthis from HERE or HERE
Save it to that new folder

Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important

minyan · « **Reply #2 on:** December 15, 2004, 06:39:51 PM »

Hi, thanks for the help. I've downloaded hijackthis and created a folder for it. However, I cannot do anything on that computer because the computer becomes idle as soon as I turn it on, even in safe mode, therefore I can't scan it either. However I do have a LAN so I could still access/modify the files on that computer through another computer. What should I do? Thanks again for your time.

guestolo · « **Reply #3 on:** December 15, 2004, 09:13:29 PM »

Try this first in safe mode to remove the virus
http://securityresponse.symantec.com/avcen...w32.funner.html

Let me know how you make out
At what point in safe mode does everything freeze up, what program are you trying to run

Can you view anything that your not familiar with in your Task Manager?

minyan · « **Reply #4 on:** December 16, 2004, 06:16:55 PM »

It freezes up right when I the computer turns on, so even before everything is loaded at the startup the computer gets idle, same with safe mode (except in safe mode the cursor can't even move). The only thing I see on the screen is the background and nothing else. I do see Iexplore in the task manager but before it was infected it's not there.

Guest · « **Reply #5 on:** December 22, 2004, 01:06:46 PM »

I got the same problem - is there a solution to this ?
The task list show the files: hidserve and avgserv9

Guest · « **Reply #6 on:** December 22, 2004, 09:43:43 PM »

avgserv9 i srelated to AVG anti-virus

Try ending process on anything you don't recognize

Except for these,
lsass.exe
instances of svchost.exe
taskmgr.exe
csrss.exe
smss.exe
alg.exe
winlogon.exe
explorer.exe
service.exe

If you can post a hijackthis log before ending process on anything

Guest · « **Reply #7 on:** December 23, 2004, 04:14:29 PM »

What you need to do minyan and guest who can't get on either is to start up in MSDOS mode-by tapping f8 on booting up-and then type intot he command prompt:

c:\scanreg

then go to start when it pops up and then <view registry something> (sorry can't remember that bit but it's something like that) and then select a date at which it was last working and then it should restart and boot up normally.

Once in then you can download hijackthis and so on and you should have a fully working computer again!

Any other problems or questions about this then please e-mail me @

studio8@Email Removed.co.uk

guest 2 with same problem · « **Reply #8 on:** December 23, 2004, 10:41:05 PM »

hey, i have the same problem of having that virus, this is my hijackthis log.. can you please help me?

Logfile of HijackThis v1.99.0
Scan saved at 1:35:53 PM, on 12/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\winnt\explorer.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\OPTUSN~2\OptusNet Usage Meter.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\winnt\rundll32.exe
c:\winnt\system32\explorer.exe
c:\winnt\system32\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vosaaalepdhsxycyt.org/pqSuAR8m5...idnJjq_a/G.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idcadbrnlxub.com/pqSuAR8m5fP8nY...DZB7wqkyPyE.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit32.exe,
O1 - Hosts: 222.89.98.219 www.wo365.com
O1 - Hosts: 222.89.98.219 cmfu.com
O1 - Hosts: 222.89.98.219 www.cmfu.com
O1 - Hosts: 222.89.98.219 9i0.com
O1 - Hosts: 222.89.98.219 www.9flash.com
O1 - Hosts: 222.89.98.219 9flash.com
O1 - Hosts: 222.89.98.219 www.nowok.net
O1 - Hosts: 222.89.98.219 nowok.net
O1 - Hosts: 222.89.98.219 wisa.com.cn
O1 - Hosts: 222.89.98.219 www.sia.com.cn
O1 - Hosts: 222.89.98.219 www.wisa.cn
O1 - Hosts: 222.89.98.219 wisa.cn
O1 - Hosts: 222.89.98.219 www.zhao99.com
O1 - Hosts: 222.89.98.219 zhao99.com
O1 - Hosts: 222.89.98.219 www.wo123.com
O1 - Hosts: 222.89.98.219 wo123.com
O1 - Hosts: 222.89.98.219 wo99.com
O1 - Hosts: 222.89.98.219 www.wo99.com
O1 - Hosts: 222.89.98.219 www.page.com.cn
O1 - Hosts: 222.89.98.219 page.com.cn
O1 - Hosts: 222.89.98.219 www.432.cn
O1 - Hosts: 222.89.98.219 432.cn
O1 - Hosts: 222.89.98.219 wysw.com
O1 - Hosts: 222.89.98.219 14.com.cn
O1 - Hosts: 222.89.98.219 www.14.com.cn
O1 - Hosts: 222.89.98.219 cnww.net
O1 - Hosts: 222.89.98.219 www.mv99.com
O1 - Hosts: 222.89.98.219 mv99.com
O1 - Hosts: 222.89.98.219 www.youav.com
O1 - Hosts: 222.89.98.219 www.mtvav.com
O1 - Hosts: 222.89.98.219 www.98983.com
O1 - Hosts: 222.89.98.219 98983.com
O1 - Hosts: 222.89.98.219 www.114.com.cn
O1 - Hosts: 222.89.98.219 114.com.cn
O1 - Hosts: 222.89.98.219 www.net114.com
O1 - Hosts: 222.89.98.219 www.skywz.com
O1 - Hosts: 222.89.98.219 skywz.com
O1 - Hosts: 222.89.98.219 www.hao6.com
O1 - Hosts: 222.89.98.219 hao6.com
O1 - Hosts: 222.89.98.219 www.678a.com
O1 - Hosts: 222.89.98.219 678a.com
O1 - Hosts: 222.89.98.219 www.7510.com
O1 - Hosts: 222.89.98.219 7510.com
O1 - Hosts: 222.89.98.219 www.zzkan.com
O1 - Hosts: 222.89.98.219 zzkan.com
O1 - Hosts: 222.89.98.219 www.ca183.com
O1 - Hosts: 222.89.98.219 ca183.com
O1 - Hosts: 222.89.98.219 3tom.com
O1 - Hosts: 222.89.98.219 www.yhjm.com
O1 - Hosts: 222.89.98.219 yhjm.com
O1 - Hosts: 222.89.98.219 www.k369.com
O1 - Hosts: 222.89.98.219 www.xxwww.com
O1 - Hosts: 222.89.98.219 xxwww.com
O1 - Hosts: 222.89.98.219 www.fm1000.net
O1 - Hosts: 222.89.98.219 fm1000.net
O1 - Hosts: 222.89.98.219 www.ok135.com
O1 - Hosts: 222.89.98.219 ok135.com
O1 - Hosts: 222.89.98.219 www.link999.com
O1 - Hosts: 222.89.98.219 link999.com
O1 - Hosts: 222.89.98.219 www.001wz.com
O1 - Hosts: 222.89.98.219 001wz.com
O1 - Hosts: 222.89.98.219 www.7t7t.com
O1 - Hosts: 222.89.98.219 7t7t.com
O1 - Hosts: 222.89.98.219 www.7k7k.com
O1 - Hosts: 222.89.98.219 7k7k.com
O1 - Hosts: 222.89.98.219 www.webcool.net
O1 - Hosts: 222.89.98.219 webcool.net
O1 - Hosts: 222.89.98.219 www.51sobu.com
O1 - Hosts: 222.89.98.219 51sobu.com
O1 - Hosts: 222.89.98.219 cy.51sobu.com
O1 - Hosts: 222.89.98.219 www.fj3721.com
O1 - Hosts: 222.89.98.219 fj3721.com
O1 - Hosts: 222.89.98.219 www.msncn.com
O1 - Hosts: 222.89.98.219 msncn.com
O1 - Hosts: 222.89.98.219 www.6235.com
O1 - Hosts: 222.89.98.219 6235.com
O1 - Hosts: 222.89.98.219 www.8goo.com
O1 - Hosts: 222.89.98.219 8goo.com
O1 - Hosts: 222.89.98.219 www.baimin.com
O1 - Hosts: 222.89.98.219 baimin.com
O1 - Hosts: 222.89.98.219 www.bwwz.com
O1 - Hosts: 222.89.98.219 bwwz.com
O1 - Hosts: 222.89.98.219 www.howow.net
O1 - Hosts: 222.89.98.219 howow.net
O1 - Hosts: 222.89.98.219 www.tongchi.com
O1 - Hosts: 222.89.98.219 tongchi.com
O1 - Hosts: 222.89.98.219 www.65658.com
O1 - Hosts: 222.89.98.219 65658.com
O1 - Hosts: 222.89.98.219 www.7o7o.com
O1 - Hosts: 222.89.98.219 7o7o.com
O1 - Hosts: 222.89.98.219 5126.net
O1 - Hosts: 222.89.98.219 www.5126.net
O1 - Hosts: 222.89.98.219 www.wangzhiku.com
O1 - Hosts: 222.89.98.219 wangzhiku.com
O1 - Hosts: 222.89.98.219 www.soyeah.com
O1 - Hosts: 222.89.98.219 soyeah.com
O1 - Hosts: 222.89.98.219 www.sowang.cn
O1 - Hosts: 222.89.98.219 sowang.cn
O1 - Hosts: 222.89.98.219 www.77177.com
O1 - Hosts: 222.89.98.219 77177.com
O1 - Hosts: 222.89.98.219 www.look8.net
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: (no name) - {067AF3DC-C4F5-B209-4CA3-3712EE6A3C02} - C:\DOCUME~1\Wayne\APPLIC~1\softmeta\hide part.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [zmyeaz] C:\WINNT\System32\cojpul.exe
O4 - HKLM\..\Run: [conscorr] C:\WINNT\conscorr.exe
O4 - HKLM\..\Run: [lkz] C:\WINNT\lkz.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [povsbix] C:\WINNT\povsbix.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OptusNetUsage] C:\PROGRA~1\OPTUSN~2\OptusNet Usage Meter.exe
O4 - HKLM\..\Run: [titlebonesafedebug] C:\Documents and Settings\All Users\Application Data\Setup Acid Title Bone\Pingaim.exe
O4 - HKLM\..\Run: [MMSystem] c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [debugstart] C:\DOCUME~1\Wayne\APPLIC~1\BIBTWO~1\SizeDashSupport.exe
O4 - HKCU\..\Run: [MMSystem] c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntr...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Banks...ot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess...ss.cab31267.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: COM+ System Applications - Unknown - C:\WINNT\System32\lsas.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Internet Update Agent - Unknown - C:\WINNT\System32\iexpIorer.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

guest who pasted their hijack re · « **Reply #9 on:** December 24, 2004, 12:19:37 AM »

i have decided to just format, start of clean and that will fix the problem and also make my computer run better.. thanks anyway

guestolo · « **Reply #10 on:** December 24, 2004, 12:28:32 AM »

I was just about to post a fix, I spotted your problems in your log

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

That's one way to fix it guest 2 with same problem

May I suggest a couple things, before you do anything go and Install Windows Update Service Pack 2
This will help to keep your system secure
Make sure you also check for latest driver and third party software updates

IF you do re-install Messenger Plus 3
Do so without choosing the SPONSOR
Your were infected with Spyware called LOP that comes with the Sponsor

To keep your system secure
You should install these 2 apps., they add extra security while
silently protecting you, without running in the background

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link==Download link
Scroll down and click on IE-SPYAD.EXE Free!

With both, Check for updates every couple of weeks
IE-Spyad works fine with SP2

Thanks for posting back and letting us know you figured out your problems

guestolo · « **Reply #11 on:** December 24, 2004, 12:36:36 AM »

By the way, here were your problems in the log

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vosaaalepdhsxycyt.org/pqSuAR8m5...idnJjq_a/G.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idcadbrnlxub.com/pqSuAR8m5fP8nY...DZB7wqkyPyE.cgi
O2 - BHO: (no name) - {067AF3DC-C4F5-B209-4CA3-3712EE6A3C02} - C:\DOCUME~1\Wayne\APPLIC~1\softmeta\hide part.exe
O4 - HKLM\..\Run: [titlebonesafedebug] C:\Documents and Settings\All Users\Application Data\Setup Acid Title Bone\Pingaim.exe
O4 - HKCU\..\Run: [debugstart] C:\DOCUME~1\Wayne\APPLIC~1\BIBTWO~1\SizeDashSupport.exe

The above was the result of Messenger Plus 3 with Sponsor

The next ones were malicious entries
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit32.exe,
O1 - Hosts: 222.89.98.219 www.wo365.com
O1 - Hosts: 222.89.98.219 cmfu.com
O1 - Hosts: 222.89.98.219 www.cmfu.com
O1 - Hosts: 222.89.98.219 9i0.com
O1 - Hosts: 222.89.98.219 www.9flash.com
O1 - Hosts: 222.89.98.219 9flash.com
O1 - Hosts: 222.89.98.219 www.nowok.net
O1 - Hosts: 222.89.98.219 nowok.net
O1 - Hosts: 222.89.98.219 wisa.com.cn
O1 - Hosts: 222.89.98.219 www.sia.com.cn
O1 - Hosts: 222.89.98.219 www.wisa.cn
O1 - Hosts: 222.89.98.219 wisa.cn
O1 - Hosts: 222.89.98.219 www.zhao99.com
O1 - Hosts: 222.89.98.219 zhao99.com
O1 - Hosts: 222.89.98.219 www.wo123.com
O1 - Hosts: 222.89.98.219 wo123.com
O1 - Hosts: 222.89.98.219 wo99.com
O1 - Hosts: 222.89.98.219 www.wo99.com
O1 - Hosts: 222.89.98.219 www.page.com.cn
O1 - Hosts: 222.89.98.219 page.com.cn
O1 - Hosts: 222.89.98.219 www.432.cn
O1 - Hosts: 222.89.98.219 432.cn
O1 - Hosts: 222.89.98.219 wysw.com
O1 - Hosts: 222.89.98.219 14.com.cn
O1 - Hosts: 222.89.98.219 www.14.com.cn
O1 - Hosts: 222.89.98.219 cnww.net
O1 - Hosts: 222.89.98.219 www.mv99.com
O1 - Hosts: 222.89.98.219 mv99.com
O1 - Hosts: 222.89.98.219 www.youav.com
O1 - Hosts: 222.89.98.219 www.mtvav.com
O1 - Hosts: 222.89.98.219 www.98983.com
O1 - Hosts: 222.89.98.219 98983.com
O1 - Hosts: 222.89.98.219 www.114.com.cn
O1 - Hosts: 222.89.98.219 114.com.cn
O1 - Hosts: 222.89.98.219 www.net114.com
O1 - Hosts: 222.89.98.219 www.skywz.com
O1 - Hosts: 222.89.98.219 skywz.com
O1 - Hosts: 222.89.98.219 www.hao6.com
O1 - Hosts: 222.89.98.219 hao6.com
O1 - Hosts: 222.89.98.219 www.678a.com
O1 - Hosts: 222.89.98.219 678a.com
O1 - Hosts: 222.89.98.219 www.7510.com
O1 - Hosts: 222.89.98.219 7510.com
O1 - Hosts: 222.89.98.219 www.zzkan.com
O1 - Hosts: 222.89.98.219 zzkan.com
O1 - Hosts: 222.89.98.219 www.ca183.com
O1 - Hosts: 222.89.98.219 ca183.com
O1 - Hosts: 222.89.98.219 3tom.com
O1 - Hosts: 222.89.98.219 www.yhjm.com
O1 - Hosts: 222.89.98.219 yhjm.com
O1 - Hosts: 222.89.98.219 www.k369.com
O1 - Hosts: 222.89.98.219 www.xxwww.com
O1 - Hosts: 222.89.98.219 xxwww.com
O1 - Hosts: 222.89.98.219 www.fm1000.net
O1 - Hosts: 222.89.98.219 fm1000.net
O1 - Hosts: 222.89.98.219 www.ok135.com
O1 - Hosts: 222.89.98.219 ok135.com
O1 - Hosts: 222.89.98.219 www.link999.com
O1 - Hosts: 222.89.98.219 link999.com
O1 - Hosts: 222.89.98.219 www.001wz.com
O1 - Hosts: 222.89.98.219 001wz.com
O1 - Hosts: 222.89.98.219 www.7t7t.com
O1 - Hosts: 222.89.98.219 7t7t.com
O1 - Hosts: 222.89.98.219 www.7k7k.com
O1 - Hosts: 222.89.98.219 7k7k.com
O1 - Hosts: 222.89.98.219 www.webcool.net
O1 - Hosts: 222.89.98.219 webcool.net
O1 - Hosts: 222.89.98.219 www.51sobu.com
O1 - Hosts: 222.89.98.219 51sobu.com
O1 - Hosts: 222.89.98.219 cy.51sobu.com
O1 - Hosts: 222.89.98.219 www.fj3721.com
O1 - Hosts: 222.89.98.219 fj3721.com
O1 - Hosts: 222.89.98.219 www.msncn.com
O1 - Hosts: 222.89.98.219 msncn.com
O1 - Hosts: 222.89.98.219 www.6235.com
O1 - Hosts: 222.89.98.219 6235.com
O1 - Hosts: 222.89.98.219 www.8goo.com
O1 - Hosts: 222.89.98.219 8goo.com
O1 - Hosts: 222.89.98.219 www.baimin.com
O1 - Hosts: 222.89.98.219 baimin.com
O1 - Hosts: 222.89.98.219 www.bwwz.com
O1 - Hosts: 222.89.98.219 bwwz.com
O1 - Hosts: 222.89.98.219 www.howow.net
O1 - Hosts: 222.89.98.219 howow.net
O1 - Hosts: 222.89.98.219 www.tongchi.com
O1 - Hosts: 222.89.98.219 tongchi.com
O1 - Hosts: 222.89.98.219 www.65658.com
O1 - Hosts: 222.89.98.219 65658.com
O1 - Hosts: 222.89.98.219 www.7o7o.com
O1 - Hosts: 222.89.98.219 7o7o.com
O1 - Hosts: 222.89.98.219 5126.net
O1 - Hosts: 222.89.98.219 www.5126.net
O1 - Hosts: 222.89.98.219 www.wangzhiku.com
O1 - Hosts: 222.89.98.219 wangzhiku.com
O1 - Hosts: 222.89.98.219 www.soyeah.com
O1 - Hosts: 222.89.98.219 soyeah.com
O1 - Hosts: 222.89.98.219 www.sowang.cn
O1 - Hosts: 222.89.98.219 sowang.cn
O1 - Hosts: 222.89.98.219 www.77177.com
O1 - Hosts: 222.89.98.219 77177.com
O1 - Hosts: 222.89.98.219 www.look8.net
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll (file missing)
O4 - HKLM\..\Run: [zmyeaz] C:\WINNT\System32\cojpul.exe
O4 - HKLM\..\Run: [conscorr] C:\WINNT\conscorr.exe
O4 - HKLM\..\Run: [lkz] C:\WINNT\lkz.exe
O4 - HKLM\..\Run: [povsbix] C:\WINNT\povsbix.exe
O4 - HKCU\..\Run: [MMSystem] c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32
O23 - Service: COM+ System Applications - Unknown - C:\WINNT\System32\lsas.exe (file missing)
O23 - Service: Microsoft Internet Update Agent - Unknown - C:\WINNT\System32\iexpIorer.exe (file missing)

I don't think I missed anything...... Ahhh, If I was just a little quicker

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Guest · « **Reply #12 on:** December 25, 2004, 12:13:46 AM »

i haf a similar problem...i cant get the windows open...no start bar or anything. theres only a background and nothing else. i cant get into windows. how can i destroy the "funny" virus i got from Msn messenger?

Guest · « **Reply #13 on:** December 25, 2004, 01:43:20 PM »

Can you get on your computer in safe mode?
Try tapping the F8 key when the system is starting up

If you can get into safe mode and access files and registry on your computer
Then this should be no problem removing

??? · « **Reply #14 on:** January 01, 2005, 03:35:54 PM »

[quote name=\'Guest\' date=\'Dec 24 2004, 11:13 PM\']i haf a similar problem...i cant get the windows open...no start bar or anything. theres only a background and nothing else. i cant get into windows. how can i destroy the "funny" virus i got from Msn messenger?[/quote]
reinstall your operating system u wont lose any files on your harddrive

Problem msn messenger funny , PSAPI.dll

LeeSpud · « **Reply #15 on:** January 06, 2005, 08:54:51 AM »

also have this problem on my 98se computer i am not very computer literate but have a linux LIVE cd which when loaded i have full acess to my hard drive, are there any tools i can use in linux to fix the problem

lee · « **Reply #16 on:** January 06, 2005, 04:23:29 PM »

I don't seem to have any actual problems but since accept funny.exe, my pc keeps sending it to other people on msn or post random things like 78p.com, i've deleted the file funny.exe but when i turn the computer back on its still there.

bradley · « **Reply #17 on:** January 07, 2005, 12:16:35 PM »

hello i dont know much about computers so can t like end processes etc that i dont recognise asd i dont recognise most of them but i got funny.exe and weneva sum1 logs on it automatically sends them it and then stops me tlkin to them but after its been sent to sm 1 it will neva be sent aen pls help u can email me at gibberish_talkerEmail Removed

Karim · « **Reply #18 on:** January 09, 2005, 04:36:09 PM »

Im in deep [censored],I got the funny.exe virus... I formated my computer but I still have problems, the funny.exe virus isnt there but after a while others exe virus appears... And I have no clue what to do since Ive already did a format but it didnt work, help please!

Greg Sweden · « **Reply #19 on:** January 09, 2005, 05:41:32 PM »

Ok I had some problems with this virus funny exe; and I would like to say two things.

1. God bless Microsoft XP safety pack 2 and ad-aware.
2. And trendmicro.com´s free online scan worked perfect.

News:

Author Topic: psapi.dll & funny.exe (Read 6990 times)

minyan

minyan

minyan

Guest

Guest

Guest

guest 2 with same problem

guest who pasted their hijack re

Guest

Guest

???

LeeSpud

lee

bradley

Karim

Greg Sweden