virus pop up

Acer / ASPIRE M5600
December 26, 2008 at 19:47:28
Specs: Windows Vista, intel(r) cotre(TM) 2 duo
i seem to have this following things in my taskbar and i have this virus that downloads have porn website shortcut and save it to my desktop. can some1 help me solve this problem

this are pictures to show what happens

See More: virus pop up

Report •

December 26, 2008 at 20:49:30
Please download Malwarebytes' Anti-Malware from one of these sites:



1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Report •

December 27, 2008 at 00:00:26
Malwarebytes' Anti-Malware 1.31
Database version: 1554
Windows 6.0.6001 Service Pack 1

12/27/2008 3:52:27 PM
mbam-log-2008-12-27 (15-52-27).txt

Scan type: Quick Scan
Objects scanned: 48934
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 10

Memory Processes Infected:
C:\Windows\System32\msiconf.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16804780-3ade-3719-90f2-acdcfaa4ffea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16804780-3ade-3719-90f2-acdcfaa4ffea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29c3851f-213c-35e8-a3b0-308c0b07197b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5fa84b93-e5c6-346e-ada7-baafb06ac5ff} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16804780-3ade-3719-90f2-acdcfaa4ffea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.blke (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Users\Hannah Yixi\AppData\Roaming\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\xsl66127.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\monhftd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sl66127.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\sporder.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Windows\System32\msiconf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Best BDSM P0rn.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Gay Fetish Sex.url (Rogue.Link) -> Quarantined and deleted successfully.

Report •

December 27, 2008 at 07:34:56
Please post your Hijack This log.

Report •

Related Solutions

January 5, 2009 at 01:49:09

I have a similar virus, and while I have tried the above method, after about 20-30 minutes of operation, I get a message along the lines of "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." Then about 5-10 minutes later, I get another screen that tells me the computer is shutting down, (I have not found a way to stop it), and it does. This way the AV or Maleware program does not have a chance to complete the process.

Also, on previous tries, any attempts by the AV or Maleware programs to update themselves always fail. I have also tried to go their websites directly, and always get something along "address is not valid" or some other error that keeps it from getting to the update website. Other websites that I normally go to are fine.

I have gotten as far as I have by downloading the new AV and Maleware programs on another computer and running the program from a CD burned on the other computer.

I am on a Compaq EVO n610 laptop running XP pro, sp3.

Any suggestions?

Report •

Ask Question