Hi Everybody, You guys seem really popular lately, and it looks as if you are doing a lot of work, and helping a lot of people. Thanks for being here. I had a "virus warning in system tray" issue, similar to that of Darkman 49, Kajute and many others here. I followed bt1kw1's suggestions to Darkman and Downloaded and ran AFTcleaner, Checking the "select all" box. Then Downloaded and ran SUPERantispyware, deleting everything that it found. {I should note that because of a "spontaneous reboot" problem, I ran it as a "quick scan" first, then I completed the instructions (with all the cleaning programs) and went back and ran off of them in a "full scan" mode.} Then I downloaded and ran MalwareBytes Anti Malware, deleting everything it found. {once again, I ran the quick scan first, and then went back and ran the full scan. I ran quick scans on everything, and then full scans on everything. I kept the log the second time.} Then I downloaded and ran "Hijack this!" and kept the log. Because of bt1kw1's instructions to Darkman 49, I didn't delete anything found by Hijack This, but rather kept the log. Because of these excellent instructions, I now have almost full control of my machine again. The "virus warning" is gone from my system tray, the pop ups are gone, and I have access to REGEDIT, my control panel, and the properties menu for my desktop. There are still some problems. I am not particularly computer savvy, and the machine is good. I am not sure it has ever been used to it's full potential. Dang, I can't find the logs right now. I will have to run the programs again, this time making note of where the logs are being saved. It is a pretty serious problem. I have this checked as a "business related post" because I am a writer, I need to be using my computer a lot. I guess this is where I say "Help me Obi Wan Kenobi. You're my only hope." Thanks, freiman read irresponsibly

hello freiman , I was rather hoping that someone very good at analyzing logs could have found time to view yours , perhaps they are busy . Let just say that were your JAVA out of date there is a good description on how update it here by " jabuck " http://www.computing.net/answers/se... look at response #3 There is also a small program called " JavaRa " ,( Google is your friend ) for the lazy and addle brained which does the same thing Also a re run of mbam and clear all it finds , if anything , If you are then still worried about something then re-post stating exactly what the issue is . as your Java is out of date you could go to http://secunia.com/vulnerability_sc... and down load PSI this scans your system for unpatched and out of date soft-ware . Regards

Thanks Jackfrost, I have updated my Java. Thanks for the tip. I am running MBAM about once every four or five hours. It is continuously finding thing. Usually just five or six items, but if I leave the machine for a few hours, it can be over a hundred items. I think the biggest problem is that there is still something on my machine that is intentionally going out and loading malware. I was thankful to find this forum. Otherwise I would be up the creek. Thanks again, f read irresponsibly

Hello freiman , Sorry to find that you are still in trouble , On your MBAM & Av logs there should be a reference to the trojan or worm that is the cause of your problems , when you post back state what it is reporting , then perhaps someone who has had that problem before , also has a fix to share with you . Regards

Jackfrost, Thanks. I am unsure what the AV Scan is. I get logs from the MBAM, but not from anything else but HijackThis! Here is the MBAM log Malwarebytes' Anti-Malware 1.28 Database version: 1266 Windows 5.1.2600 Service Pack 3 10/15/2008 8:40:04 PM mbam-log-2008-10-15 (20-40-04).txt Scan type: Full Scan (C:\|) Objects scanned: 217089 Time elapsed: 1 hour(s), 24 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hgGyxYrP.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jmfojjjf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\xvdriwcl.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gzwrjl.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f85f554-94de-46e0-b1eb-ad2245f95d8f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2f85f554-94de-46e0-b1eb-ad2245f95d8f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ccc11cc-c814-4a6c-8387-0299c21670a2} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{4ccc11cc-c814-4a6c-8387-0299c21670a2} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dce12ef2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggyxyrp -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyxyrp -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\gzwrjl.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hgGyxYrP.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\PrYxyGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PrYxyGgh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jmfojjjf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fjjjofmj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xvdriwcl.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\David Willhoite\Local Settings\Temporary Internet Files\Content.IE5\4LQJWTMJ\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\David Willhoite\Local Settings\Temporary Internet Files\Content.IE5\CPE3456J\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. read irresponsibly

oops, you didn't say to post the log. Just to read it. I feel like an idiot. This is really frustrating. Now I will need to wait for two more days. f read irresponsibly

Hello freiman , Yes you seem to be in the kind of trouble I cant help with . AV means Anti Virus ( Mcafee for example ) If you don't have an up to date AV , perhaps the subscriptions lapsed , I use AVG free and I find it very good ,once again Google is your friend . Regards