Home > Possible Malware > Possible Malware - Cciatho.dll

Possible Malware - Cciatho.dll

The file is currently owned by the primary user on the computer (we'll call the account "L"). Yesterday, I brought in a BartsPE CD and deleted the cciatho.dll file from system32. Error reading poptart in Drive A: Delete kids y/n? The others need to go so they don't conflict and/or slow the computer.Thanks,tea Please make a donation so I can keep helping people just like you.Every little bit helps! http://scvanet.org/possible-malware/possible-malware-unsure.html

It's the same file size and date stamp as another unusual file - ntjywhp.dll - which says it's connected to SMCorp.I can find no mention of either of these files doing Client is still reporting the machine is running great - no problems with Outlook or CPU taking up 100% anymore. I see you have Killbox.....did you use it on the offending file?I see lots of old Java. Generated Thu, 26 Jan 2017 01:49:28 GMT by s_hp107 (squid/3.5.23) https://www.bleepingcomputer.com/forums/t/186501/possible-malware-cciathodll-ntjywhpdll/

Which ones are you indicating are fragements of other products? Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Thanks, Attached Files ComboFix.txt 8.39KB 10 downloads hijackthis.log 6.06KB 9 downloads Back to top #7 teacup61 teacup61 Bleepin' Texan!

Which one is your active one? Error reading poptart in Drive A: Delete kids y/n? This one's fully entrenched and isn't going to give up without a fight! Generated Thu, 26 Jan 2017 01:49:28 GMT by s_hp107 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.4/ Connection

To learn more and to read the lawsuit, click here. Error reading poptart in Drive A: Delete kids y/n? I'm just about at wits end here.Below are the log files generated by RSIT:Logfile of random's system information tool 1.04 (written by random/random)Run by XXXXX at 2008-12-14 10:19:20Microsoft Windows XP Professional Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

I figured the McAfee was the main AV, but I had to ask to be sure. The system returned: (22) Invalid argument The remote host or network may be down. I'll give it a shot this week - hopefully Wednesday, and let you know how it goes. Attached are the two files requested - both generated in safe mode.

  • Close MoveOnBoot and restart the computer.Fingers crossed, and let me know.
  • Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:08:50 PM Posted 04 January 2009 - 05:23 PM Hello,Thanks for those.
  • Back to top #13 teacup61 teacup61 Bleepin' Texan!
  • Once this happens, the system starts to behave strangely, and one of many services starts to take up 100% of CPU resources - it could be explorer.exe, winlogon.exe, or svchost.
  • Please use only under direction of a Helper.
  • You can even use your credit card!

Also, in the ComboFix log I see bits and pieces of many AntiVirus programs. The system returned: (22) Invalid argument The remote host or network may be down. You can even use your credit card! Generated Thu, 26 Jan 2017 01:49:28 GMT by s_hp107 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.7/ Connection

A random check of other files in System32 show this to be the only file with this problem. his comment is here Generated Thu, 26 Jan 2017 01:49:28 GMT by s_hp107 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). You can even use your credit card!

Thank you! Take ownership and delete the stubborn thing : http://support.microsoft.com/?kbid=308421Works 99% of the time. The system returned: (22) Invalid argument The remote host or network may be down. http://scvanet.org/possible-malware/possible-malware-infestation.html Your cache administrator is webmaster.

You'll free up over half a gig this way.Updating JavaDownload the latest version of Java Runtime Environment (JRE) 6_u_11.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users I managed to resolve the problem, but can't remember the details. Several functions may not work.

Thank you!

This tool is not a toy. Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:08:50 PM Posted 10 January 2009 - 08:29 PM Hi there,Well let's just take the sucker then! I tried removing it on reboot, and renaming it on reboot - but neither worked. Error reading poptart in Drive A: Delete kids y/n?

Thank you! I'll try to get over to the affected system either today or tomorrow and post the results requested. This is infuriating. http://scvanet.org/possible-malware/possible-malware-in-svchost-exe.html Generated Thu, 26 Jan 2017 01:49:28 GMT by s_hp107 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection

Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. Things have been running smoothly until about 2 months ago.Within a few minutes of launching Outlook 2003 SP3 on this Windows XP SP3 computer, an error pops up on the screen Double click combofix.exe & follow the prompts.3. If we have ever helped you in the past, please consider helping us.

mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-09-29 74648]R3 mfeavfk;McAfee Inc. or read our Welcome Guide to learn how to use this site. The system returned: (22) Invalid argument The remote host or network may be down. Please try the request again.

You'd be surprised at how many people don't even know they have all those sometimes. Please try the request again. Back to top #3 teacup61 teacup61 Bleepin' Texan!