Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Okay.. so.. things were just fine until I finally decided to make the little quicktime "please update!!" thing shut-up by actually updating. That was yesterday (sunday the 18th) at 1pm.. here I am monday at 10:48pm and still no go..
I'm getting system monitor warnings, trojan warnings, little warnings saying i've got malware and all these other things.
I'm lost at what to do at this point.I have a hijack this report if it's wanted. I've tried Ad-aware, spy-bot search and destroy, SUPERAntiSpyware, BitDefender, RemoveIT pro, SmitFraudFix, I had AVG but bit defender needed it gone so i removed it.., and I even tried trend micro's housecall..
I'm to the point I can no longer get into windows in normal mode without it just sitting there. giving me popups for a few minutes before it just hangs up on me.
Right now I got a "Security Alter: NetWorm-i.Virus@fp" just popped up..
now a "Unhandled Exception: Invalid operation. The instruction at "0x66f7d450" reerfenced memory at "0x00000d0". if you were in the middle of something, the information you were working on me be lost. This fatal error probably occured because of a virus on your PC. Would you like to download latest version of antivirus software?"and now another
"System performance monitor: warning, System performance slowed down by 47% internet connection speed decreased by: 39% ..." now that's disappeared..
*sighs* ..
I'm at a loss guys. Please help!
download and install
spybot serahc & destroy 1.5 (NEW)
http://www.safer-networking.org/en/...AVG Free
http://free.grisoft.com/AVG Anti spyware
http://free.grisoft.com/doc/29116/u...AVG Anti rootkit
http://free.grisoft.com/doc/29116/u...Lavasoft adaware 2007 free
http://www.lavasoftusa.com/products...CW Shredder standalone
http://www.intermute.com/spysubtrac...ATF Cleaner
http://www.majorgeeks.com/ATF_Clean...run the updates for all of these programs, then go into safe mode and run them one by one not all at the same time. If you have another Anti virus tool then remove that before installing AVG free.
Also go to Start >> Run type: msconfig
look at all the enterys and carefully deselect those you believe are Malicious, if you are unsure then, type them on here and we can instruct weather to remove or not.do this and then come back with results.
0 
sorry, when you go into msconfig, you need to be in ther "startup" tab. only look at the enteries in there..
0
do you want me to let them do whatever they want to do with the infections they find?
or just let you know what all they find??
(avi-antispyware has found 470 and it's a little under half done.. holy!)
0
I would just remove whatever they find, these softwares from my experience do not remove things that are important, they only remove harmful files.
possibly what AVG Anti spyware is finding is adaware or cookies. just remove everything.
hopefully you updated the software before you ran it, and also i hope you are running them in safe mode?
lastly, in spybot there is a immunise option select it, choose "check again" then "immunise".
let us know whats happening.
0
Yes, I'm in safemode with networking right now (only way I can get the computer to actually let me do anything is in safe mode..)
and I have updated everything yes..
running spybot right now..
I had to restart because it was acting funny again... (lost my starbar..) still the same warnings ect.. not as often..
whew..
thank you for helping, I will let you more as I continue to go along
0
okay... the rootkit would not run at all in safe mode.. but I was finally (YAY!) able to get into windows normally after doing everything else aside from that..
I'm getting.. in MSconfig..not sure on these..
cxtybae which is c:\windows\temp\cztykbae.exe
lanmanwrk which is c:\windows\system32\lanmanwrk.exe
yegydjyj which is commend rundll32.exe "C:\windows\system32\yegydjyj.dll",b
tppoll which is command "C:\program files\Topro\tppoll.exe"
never heard of that one..is regedit supposed to be there?? Command "C:\documents and sttings\Kisarune\application data\Oracle\regedit.exe"
those are the only.. strange ones..
okay.. so the popups seem gone, and I'm not getting all those thousands of messages.
Do I really need spybot, avg anti-spyware and avg to start up at start up? (they take a while to load, but I can deal if you think it's necessary)anyway.. please let me know about those things I question there in the startup?
Thank you so much for the help you've been so far! I appreciate it!
edit: also, now I can't get into my favorite vbulletin board at all.. and I don't have a single clue as to why.. o.O
0
When you get hit big you is hit! Backup your stuff and wipe it clean and reinstall windows and get all the updates to it afterward and start again. Period!
0
No, not really.
In MSCONFIG, uncheck everything in your startup tab - EVERYTHING. Anything that the system *needs* to start up, it will automatically select. How are you getting on?
0
Oh thank goodness! he (she?) had me rather upset!
.. the computer is.. okay.. slow.. but okay..
I am in normal mode and doing fine.
We have cable (is that what you mean by "how are you getting on?"??)I will let you know in MSCONFIG how it goes after taking everything off.
EDIT: I went and took it all off and restarted. I'm still having that issue getting to the forum I frequent.Also there is "Live safety center" and "Live security guide" they keep coming back.. Not sure how to get ride of them completely..
0
ok, glad to hear you are getting on ok, firstly no you do not need spybot, AVG antivirus etc to startup with windows, However it is advisable to have AVG Free (anti virus) to startup with windows. this will give you some protection atleast.
now those things in msconfig sound strange, so using AVG anti spyware there is an option at the top that is called auto start (something lick that) it will list everything that is loaded with windows, look for these items and what they are associated with, if you dont like what you see disable it, to be honest i would just disable it anyways, it shouldnt really cause you any problems..
**IMPORTANT**
once you have 'cleaned' your pc properly from viruses and trojans.
you need to turn restore point off, restart computer, then on again, restart computer..
http://support.microsoft.com/kb/310405
i would also reccomend performing a defrag, raxco perfect disk is a goo utilityhttp://www.raxco.com/products/downl...
---------------
about your vbulletin board, this *may* not be linked to this problem, but did you run CWshredder? also do you have a firewall? and finally delete all your cookies and temp files using ATF Cleaner.
you might also want to download tracks eraser pro
update the software.. go into erase settings, select the approapriate settings for you..
go into options and select everything..
if you need a firewall get hold of Zone Alarm free
http://www.zonealarm.com/store/cont...
disable windows firewall if you install this.
as i said above disable anything in msconfig you do not like, they can always be selected again if you have problems..
0
You will find after you have pulled your hair out trying to remove this and uncheck that and do everything you can do, your computer will still be messed up. Save yourself time and trouble by doing what I suggested!
0
biblereader, i understand what are suggesting and yes in some cases it is neccessary to do this, but i believe that if you can remove the infections properly you may still have a fully functional clean computer, it isnt always the case then when you have a problem you format. im speaking from experience, but i do agree that if all fails this is the only solution, but why format if you can repair it without this.
0
Well sir or maam whatever the case, I took notice of this statement,
I'm getting system monitor warnings, trojan warnings, little warnings saying i've got malware and all these other things.
When this trojans get wound up and going good and constantly downloading more while you are trying to clear it up its not likely you will get it cleared up. It will usually for the average computer user get worse and worse and worse. Its already to the point this person above cant get into windows normally. People with computers should learn to use their restore disk or learn how to reintsall windows at a minimum. After a computer has installed so many junk programs and software and the trash that comes and goes over time it does a computer good to start afreash, it cleans it up and points a spring back in your step. If the person above insist on trying to clean it up, then I give this advice, disable your internet while you are trying to do it. That prevents anything else from being downloaded while you are cleaning it up. Kisarume you stated you are getting messages that you have malware, well some trojans install themselves and tell you you have malware to try to get you to buy their programs, when all along they themselves are the trojans causing the problems.
Let us know what happens and if you get it all solved and what you did to do it.
My advice stands,
1.Learn how to use your restore disk or reinstall windows from afreash.
2. Learn how to backup your important files to cd or harddrive.
3. Reinstall windows after formatting and before you do anything else go to microsoft updates and download all the updates.
4. Install your antivirus, spyware progams after that.
5. Sit back and enjoy!
Five simple rules that will save you heartache and time!
0
Both: Please no fighting over this. o.O
bible reader, the warnings are all gone now. I am able to get into normal windows mode just fine now thanks to Learn's helpful advice.
1.I know how to use my restore disk, and reinstall windows from a fresh, I _DID NOT_ wish to do this, thus I came here for help.
2. You really think I'm stupid enough to not know how to backup my files? they're backed up.. but I still hate starting anew.
3. I simply can't sit back and enjoy knowing that I just had to scrap it all and start over.
Learn: Thank you, I'll do the defrag and the tracks eraser. and No I don't believe the forum was the cause of the problem, no one else who is there is having any sorts of problems like this. I think I just managed to stumble myself into a rather nasty mess is all. Which is (as I'm sure you know) all too easy on the internet here..I'll let you know what happens next.
0
I can assure you, I am not fighting! I am just making the case for my view. If you can fix it, more power to you, if it works for you its all good, I am glad. If you have your important things backed up then redoing would not be scraping it all, it would just be getting rid of your headaches. Well I do hope the best for you either way.
0
Learn: still can't get into the forums i want to get into.. no idea why.. and computer is still a bit on the slow end of things
0
Kisarune
Can you post a hijackthis log please so we can see exactly what is going on with your pc.
Download Hijackthis here
http://www.trendsecure.com/portal/e...
Save the file to your desktop so you can easily find it and once it is done install.
Open the program and select "scan and save a logfile".
Important!: dont let it fix anything just yet, post the log back here so it can be analysed to see exactly what might be happening
0
do as suggested above, post a hijackthis report. and lets see what happens. Also download this registry cleaner http://www.majorgeeks.com/download....
not many people are fans of this sort of tool, but i have used it on many computers with different setups and it has not cause me any problems so far (iv used it for 2 years)select the option 'let reg scrub find problems'
then select all, then fix selected items.
--------------
1) ok, have you done a windoes update?
2) which version of IE do you have?
3) What happens when you try going into the forum, messages, errors etc
4) do you have a firewall?Computer is still on the slow side,
what you need to do is first of all, install zonealarm firewall. if you have done so already it could be this blocking you from the forum, but we can change the seetings.
0
Biblereader, please stop trolling. After your AVG post, and this post, you are really not doing yourself any favours.
OK, the reason I suggested disabling everything in MSCONFIG is because not everyone (even myself) can be sure of what's malicious and what's not. Disabling everything makes you almost guaranteed to stop a lot of trouble. The system will start up what it needs and only that.
To the OP.
If you can find the executable files of the viruses and stuff themselves, put an execute deny on the file itself. It's likely you have XP Home, so you will have to boot into safe mode and do this from there.
Right Click on the File
Properties
"Security" tab
Click "everyone" (or add "everyone" if it is not in the top box)
Read - Deny
Execute - DenyI think. Please tell us how that worked for you.
0
Trolling? Man I aint doing anything but trying to help someone just the same as you. By the way, would you be trolling as well? I see your name on this thread as well. If you will take notice I posted on this thread before you did. Just because my view is differant does that cause friction? It shouldnt! I see in this case here the computer is still slow and problematic after attempting the advice that was given, and its five days later! Now a reinstallation and reinstall of backup files and starting a new would take no more than three or four hours depending upon how much information you have and what kind of internet service you had to download the updates. I was thru posting on this thread and was just watching until you made the comment, trolling. Whatever happened to the good ol days, Keven the tech dude I hope all is well you! Peace be to you Justin Weber!
0
oh come on everyone, no one is trolling or fighting, just trying to help someone out, we all have differnt opinions and if we didnt then we wouldnt be able to provided a variaty of advice.
anyways, maybe at this stage you are right, see my aim was to see if the infections could have been 'killed' but it seems that there still are some problems, sooo
if these problems persist then maybe NOW it would be the appropriate time to reinstall and start afresh. hey atleast we tried, and you never know, maybe on another system we wouldnt have been so unlucky.anyways its good to see are all still helping eachother. friends? lol
0
Here is my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:26 AM, on 11/22/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\kxmixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exeF2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {69f5fd00-cec3-d38b-d1e4-d545ace6f6f0} - {0f6f6eca-545d-4e1d-b83d-3cec00df5f96} - C:\WINDOWS\System32\rwilkywf.dll (file missing)
O2 - BHO: (no name) - {649E4358-040A-454E-BB12-E808F16BAEAC} - C:\WINDOWS\System32\qomnl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\oflxubzh.dll (file missing)
O2 - BHO: (no name) - {B2DA8B3B-33F2-7C19-DA2E-3AE605825BE1} - C:\WINDOWS\System32\qsgcrfy.dll (file missing)
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\System32\pmnoljg.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\oflxubzh.dll (file missing)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: www.thebatgirls.com
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framewor...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcapl...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5988DFE9-8640-4EC8-A554-8B1302CF300D}: NameServer = 85.255.116.41,85.255.112.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF99C2C-8584-43D2-8DF8-E857E66BA0B0}: NameServer = 85.255.116.41,85.255.112.148
O17 - HKLM\System\CS15\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS15\Services\Tcpip\..\{1F5D96C0-9A9E-40CD-9F80-0E9B01C2070C}: NameServer = 85.255.116.41,85.255.112.148
O17 - HKLM\System\CS17\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS18\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: oflxubzh - oflxubzh.dll (file missing)
O20 - Winlogon Notify: pmnoljg - pmnoljg.dll (file missing)
O21 - SSODL: lKCoVH - {009FD465-AA35-7ECF-02F3-04DA49E5ED04} - C:\WINDOWS\System32\vk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ADVService - Unknown owner - C:\WINDOWS\TEMP\d80.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe--
End of file - 7554 bytesI tried to install ZoneAlarm but it wont update (maybe because I have PeerGuardian ?)
No firewall aside from windows
I've done updates
IE 6and this error.. which also blocks me from getting into majorgeeks.com
Server not found
Firefox can't find the server at www.majorgeeks.com.
* Check the address for typing errors such as
ww.example.com instead of
www.example.com* If you are unable to load any pages, check your computer's network
connection.* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
I get the same in IE
0
I can not see anything in this log that i find needs removing, what you may want to do is private message jabuck and ask him if he can take a look.
disable peerGuardian for a secon and also winows firewall just for a second and see if you cn get in to majorgeeks, probably not the safest thing to do consiering your situation but its worth a shot.
when you say you try to install ZoneAlarm but itwont update, what do you mean? are you saying that there is a problem whilst installing or when you try to update if AFTER installing?
if its a problem during install, disable peerG an then install. Its worth having thogh bcause it will prevent any crap from accessing the net and downloading more crap.if i this doesnt work then s i said contact jabuck via private message, or start a new thread with the remaining problems as im a bit stuck now too.
hope i have been able to help.. good luck
you may want to get IE7 - link below
0
Hi Kisarune
You have entries that indicate that you are still infected by the vundo trojan.
Download the vundofix (by Atribune) vundo removal tool to your desktop:
The instructions for its use are on the page, I have posted them below.
1, Double-click VundoFix.exe to run it.
2, When VundoFix opens, click the Scan for Vundo button.
3, Once it's done scanning, click the Remove Vundo button.
4, You will receive a prompt asking if you want to remove the files, click YES
5, Once you click yes, your desktop will go blank as it starts removing Vundo.
6, When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will attempt run on reboot, simply follow the above instructions starting from "Click
the Scan for Vundo button." when VundoFix appears at reboot.If it doesn't work on the initial attempt run it again in "safe mode"
Post a new hijackthis log.
0
Hi btk1w1 can i ask you how you figure these things out from the hijack this reports? i cannot see anything that says vundo, how can you tell? it would be quite useful to learn the *trick* myself if you dont mind telling me how.
Thanks,
0
Hiya AWTL,
I'm glad you asked the question and I have no problem sharing.
I thought at first this might have been a smitfraud infection (unwarranted popups... virus alerts etc... thread title aside).
I submitted the results of the HJT scan to the HJT website and also researched the entries.
The advice given leant towards a vundo infection.
The information provided is invaluble.... but needless to say should be researched thoroughly to ensure the most effective and decisive action is taken.
In the HJT log there are alot of browser redirections (unless created by the owner to malicious sites.... which is very unlikely) and what seem to be hijack attempts / successes.
Given this information, I only use tools specifically designed to deal with certain types of malware. These I have also researched and looked at their success rate to assertain that I am only recommending a correct cleaning procedure that will not harm the infected system.
The instances of random .dll files appearing almost always indicates nasties and usually these will not easily be removed. If you research the random XXX.dll and others and come up with blanks you are almost defenitely looking at malware.
The major task is to solve the rootkit (hidden process) problem after the cleansing.... this is the real hard part, and make sure the restore directories aren't carrying malware which can reintroduce themselves.
Unfortunately heavy infections aren't easily fixed but there are alot of easily accessible programs offered up by the humble programmer to help in fight against cyber vandalism.
I hope this helps.
0
i managed to find the HJT website, i shall register there too. i see what you mean now, from what you have just and from looking at the log closely i seem to understand a bit more. but as you say these things need a proper investigation and proper removal tools so i would image its best policy to put the logs on the HJT forum and wait for someone who knows about this to advise us, on this forum who actually looks at the logs is the moderator or administrators of the site?
thanks for this information this will be very useful in the future, especially knowing there was a forum where you could post these logs.
excellent advice and thanks for posting back.
0
Sorry for not updating sooner, I gave in and just formated and reinstalled windows (after backing everything up) I really do appreciate all the help I was giving. I got very far with your help AWTL but just in the end got impatient and fixed it (I did it while angry at burning my hand in the oven.. go figure heh)
either way, I'm keeping this all bookmarked just incase it ever happens again (gods I hope not!) I'm reinstalling AVG free, and the avg anti-spyware plus spybot, and adaware.. hopefully that'll keep me good. :)
0
Well in my mind you did the right thing, I didnt hear you say you downloaded the updates from microsoft. That would have been the first thing to do after reinstallation! If you dont get those updates its very likely this will happen again and soon. Its true that some small infections can be cleaned up but from what you described in your first posting that wasnt your case. Look at this statement, oh how true it is,
Unfortunately heavy infections aren't easily fixed,
another way of putting that statement would be, ( when you is hit you is hit big )
These Trojans are headaches and its a shame theres people with nothing better to do than cause havock but thats just the way it is. Remember update microsoft windows!!!
0
Well im glad you have sorted the problem, if nothing else at least i have learnt something new woo hoo :) and i would imagine that you have too, the software i recommended is absolutely vital to have and run periodically to remove small infections and this should/could prevent any heavier ones from infecting you. Biblereader is correct download all microsoft updates immediatly. And proberbly it was the best idea to format but atleast we all learnt something hey.
Thanks,
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
