Home > General > Rofl.sys

Rofl.sys

Here's the new HiJack This log:Logfile of HijackThis v1.99.1Scan saved at 11:15:20 PM, on 1/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec After the update finishes (the status bar at the bottom will display "Update successful") Click on the Scanner button in the left menu, then click on Complete System Scan. Close Products Network XG Firewall The next thing in next-gen. This scan can take quite a while to run.

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SDWin32 Class - {16A144D1-5165-4992-A69A-15B5D028DE8E} - C:\WINDOWS\System32\qgnrj.dll (file missing)O2 - BHO: (no name) It just won't go away. OEM Solutions Trusted by world-leading brands. The notifications come about every three seconds.

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SDWin32 Class - {16A144D1-5165-4992-A69A-15B5D028DE8E} - C:\WINDOWS\System32\qgnrj.dll (file missing)O2 - BHO: (no name) By continuing to browse the site you are agreeing to our use of cookies. This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed Free Tools Try out tools for use at home.

Intercept X A completely new approach to endpoint security. Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\rofl\ W32/Tilebot-AU sets the following registry entries, disabling the automatic startup of other software: HKLM\SYSTEM\CurrentControlSet\Services\Messenger Start 4 HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry Start 4 HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr Start 4 Registry entries are First Read: Only use these HJT-instructions when asked! /P/ Process needs to be stopped /S/ Service needs to be stopped /U/ UNinstall anything to do with this Transfer the text from If that does not help, feel free to ask us for assistance in the forums.

Server Protection Security optimized for servers. May 12, 2003 how to delete network? OEM Solutions Trusted by world-leading brands. Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\rofl\ W32/Tilebot-X sets the following registry entries, disabling the automatic startup of other software: HKLM\SYSTEM\CurrentControlSet\Services\Messenger Start 4 HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry Start 4 HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr Start 4 Registry entries are

By continuing to browse the site you are agreeing to our use of cookies. When first run W32/Tilebot-BP copies itself to \msclient.exe, and creates the following files: \rofl.sys the file msclient.exe is registered as a new system driver service named "Microsoft Client Agent", with a Solutions Industries Your industry. Click "OK", then, if something is found, click "Clean" as in the directions given.

Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\Windows Smrss Service\ HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SMRSS_SERVICE\ HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ROFL The file rofl.sys is registered as a new system driver service named "rofl", with a display name of "rofl". Intercept X A completely new approach to endpoint security. Compliance Helping you to stay regulatory compliant. Solutions Industries Your industry.

If ewido finds anything, it will pop up a notification. Similar Topics Rofl.sys Jan 10, 2006 rofl.sys Apr 9, 2006 More on ROFL.SYS Feb 11, 2006 Problem with rofl.sys Feb 15, 2006 help with removal of rofl.sys Apr 23, 2006 How Free Tools Try out tools for use at home. Free Tools Try out tools for use at home.

I ran a housecall, an AVG, a panda scan... Then there are just these seven entries at the bottom: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000088.exe Infected: P2P-Worm.Win32.SpyBot.gl C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000089.exe Infected: P2P-Worm.Win32.SpyBot.gl C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000090.exe Infected: P2P-Worm.Win32.SpyBot.gl C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000091.exe Infected: Trojan.Win32.Poler.a C:\System Join thousands of tech enthusiasts and participate. Secure Web Gateway Complete web protection everywhere.

By continuing to browse the site you are agreeing to our use of cookies. Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now PureMessage Good news for you.

SophosLabs Behind the scene of our 24/7 security.

Public Cloud Stronger, simpler cloud security. This file has been identified as a program that is undesirable to have running on your computer. W32/Tilebot-AU includes functionality to access the internet and communicate with a remote server via HTTP. tons of stuff.

Partners Support Company Downloads Free Trials All product trials in one place. We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. PureMessage Good news for you. SG UTM The ultimate network security package.

Secure Web Gateway Complete web protection everywhere. Search Sign In Threat Analysis Threat Dashboard Free Trials Get Pricing Free Tools W32/Tilebot-BP Category: Viruses and Spyware Type: Win32 worm Prevalence: Download our free Virus Removal Tool - Find and Continue Learn More Some cookies on this site are essential, and the site won't work as expected without them. Back to top #3 Patatie Patatie Member Full Member 10 posts Posted 22 January 2006 - 11:20 PM Alright, I did everything you said.

Our expertise. Yes, my password is: Forgot your password? Back to top #4 jw50 jw50 Forum Deity Retired Staff 18,969 posts Posted 22 January 2006 - 11:48 PM Hi Patatie,Very Important!!! Apr 22, 2007 Add New Comment You need to be a member to leave a comment.

TechSpot is a registered trademark. Click OK.Boot into Safe Mode:Restart your computer and immediately begin tapping the F8 key on your keyboard.If done right a Windows Advanced Options menu will appear. Continue Learn More Some cookies on this site are essential, and the site won't work as expected without them. Install Ad-Aware using the default options, then unzip the VX2 plugin to the directory C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins.

You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK. IT Initiatives Embrace IT initiatives with confidence. This entry has been requested 7,190 times. Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.For a final cleanup, please install and run Ewido.

Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\Microsoft Client Agent\ The file rofl.sys is registered as a new system driver service named "rofl", with a display name of "rofl". Search Sign In Threat Analysis Threat Dashboard Free Trials Get Pricing Free Tools W32/Tilebot-X Category: Viruses and Spyware Type: Win32 worm Prevalence: Download our free Virus Removal Tool - Find and Let's talk! Open My Computer.Select the Tools menu and click Folder Options.

When the scan finishes, click on "Save Report". Now you have C:\HJT\ or C:\HijackThis\ folder. Ask a question and give support. SophosLabs Behind the scene of our 24/7 security.