Weird Problem - Any Windows XP Experts Here?

[Ann Omness]

MadMax, I think it's safe to assume that no software is immune to being exploited by hackers. Internet Explorer is the browser most targeted because it has the most users. If Firefox gained enough market share to overtake IE, you can bet that the exploits would shift to Firefox.

To All People Helping Me On This Issue: I have found the culprit and fixed my IE. There is a new trojan file named gdiwxp.dll that none of the main anti-spyware programs have in their definition databases yet. Adware Away does mark the file as suspicious, but doesn't offer to fix it. I don't know what its purpose is, but the main side-effect is the problem I was having, getting a blank page on sites done in php. The only way to delete the trojan is to boot up in safe mode and delete that file. After doing so, my IE browses all those pages I couldn't get before. I'm all better. Thanks for all your help!

I did find one program that will delete that trojan for you. It's called Hitman Pro. I ran it and it was very weird. It downloaded and installed at least half a dozen anti-spyware programs, updated them, configured them, and ran scans with all of them, fixed any problems they found, all without any input from me. I just sat and watched it doing everything. It found the gdiwxp.dll file and offered to delete it after a reboot. It did a partial reboot, deleted the file, and then finished the reboot. Pretty slick. Then it ran the scans again. The downside is that running Hitman Pro, for me, is about a six hour process. At least two of the scanning engines scanned my whole hard drive. But, if you're one of those people who regularly run a bunch of different scanners to make sure you're clean, Hitman Pro would be a one-stop solution for you. I'll let you find the program on your own, since I downloaded it from a page that was all in Dutch...

[SexycityBrian]

Quote:

Originally Posted by DJilla

Ooops! I think u mean 'CTRL ALT SHIFT'

umm no with windoes xp pro ctrl alt del is what I use

[SexycityBrian]

Quote:

Originally Posted by GunnCat

There are some things in there that seem alarming at first glance. I would kill these run Hijack and remove those from your startup list:

PRONoMgr.exe
ADService.exe

If you want some help, I can remotely connect to your pc sometime and look over things there, but I still stand by my original statement that it's a hardware error/bad install. Good luck.

Dont delete those files if you do pronomgr.exe is an intel file and the other is for an iomega zip drive

[SexycityBrian]

Quote:

Originally Posted by Ann Omness

Brian, already tried the majorgeek hijackthis stuff. Here are my running processes:

Eudora.exe
taskmgr.exe
getright.exe
RoboTaskBarIcon.exe
swdoctor.exe
MSGTAGStatus.exe
LogitechDesktopMessenger.exe
zlclient.exe
CCAPP.EXE
msmsgs.exe
jusched.exe
getright.exe
ADUserMon.exe
PRONoMgr.exe
SOUNDMAN.EXE
explorer.exe
realsched.exe
ati2evxx.exe
alg.exe
CCSETMGR.EXE
svchost.exe
Imgicon.exe
svchost.exe
atiptaxx.exe
svchost.exe
svchost.exe
svchost.exe
ati2evxx.exe
lsass.exe
services.exe
ADService.exe
IEXPLORE.EXE
vsmon.exe
EM_EXEC.EXE
wdfmgr.exe
symlcsvc.exe
NPROTECT.EXE
winlogon.exe
csrss.exe
NPFMNTOR.EXE
smss.exe
NAVAPSVC.EXE
AppServices.exe
spoolsv.exe
CCEVTMGR.EXE
SPBBCSvc.exe
SNDSrvc.exe
System
System Idle Process

I dont see anything bad in there right off hand you could try reboot in safe mode and see if you still have the probem to do that when booting keep tapping f8 then select safe mode and see what happens then.
you can also click start run then type msconfig and click startup tab and uncheck anything you are not sure about then reboot

[SexycityBrian]

Quote:

Originally Posted by Ann Omness

MadMax, I think it's safe to assume that no software is immune to being exploited by hackers. Internet Explorer is the browser most targeted because it has the most users. If Firefox gained enough market share to overtake IE, you can bet that the exploits would shift to Firefox.

To All People Helping Me On This Issue: I have found the culprit and fixed my IE. There is a new trojan file named gdiwxp.dll that none of the main anti-spyware programs have in their definition databases yet. Adware Away does mark the file as suspicious, but doesn't offer to fix it. I don't know what its purpose is, but the main side-effect is the problem I was having, getting a blank page on sites done in php. The only way to delete the trojan is to boot up in safe mode and delete that file. After doing so, my IE browses all those pages I couldn't get before. I'm all better. Thanks for all your help!

I did find one program that will delete that trojan for you. It's called Hitman Pro. I ran it and it was very weird. It downloaded and installed at least half a dozen anti-spyware programs, updated them, configured them, and ran scans with all of them, fixed any problems they found, all without any input from me. I just sat and watched it doing everything. It found the gdiwxp.dll file and offered to delete it after a reboot. It did a partial reboot, deleted the file, and then finished the reboot. Pretty slick. Then it ran the scans again. The downside is that running Hitman Pro, for me, is about a six hour process. At least two of the scanning engines scanned my whole hard drive. But, if you're one of those people who regularly run a bunch of different scanners to make sure you're clean, Hitman Pro would be a one-stop solution for you. I'll let you find the program on your own, since I downloaded it from a page that was all in Dutch...

Guess I should have read this before my reply lol I will have to write that file name down on my list

Brian

[DJilla]

Quote:

Originally Posted by SexycityBrian

umm no with windoes xp pro ctrl alt del is what I use

You've probably tried it already, with XP Pro CTRL ALT SHIFT will do the same thing without blanking the screen and taking you to logoff options.