TechSpot

Bad image pop ups (8 steps completed)

By derx4
Mar 3, 2009
  1. as i've found this is most likely related to the vundo trojan. i found a similar problem someone else had on your forums here:

    techspot.com/vb/showthread.php?t=115821


    i've completed all of the 8 steps and my logs are included. I appreciate any help you can offer.

    the second log included is a scan of only registry files and the C:\windows files as that is where the infections were found

    i'm currently running the SDfix i'll post it's log when i'm done
     
  2. derx4

    derx4 TS Rookie Topic Starter

    as in the other case the quantity of pop ups prevented SDfix from running properly
     
  3. derx4

    derx4 TS Rookie Topic Starter

    i ran both mbam and sas again.

    mbam is clean and sas had only one infected file logs are included
     
  4. derx4

    derx4 TS Rookie Topic Starter

    help please?
     
  5. derx4

    derx4 TS Rookie Topic Starter

    this is still unressolved i'd really appreciate some help with this
     
  6. kritius

    kritius TS Guru Posts: 2,087

    Post a fresh log
     
  7. derx4

    derx4 TS Rookie Topic Starter

    the computer has remained off since that last log was posted... i'm not immediately able to access the computer
     
  8. kritius

    kritius TS Guru Posts: 2,087

    There is a(re) file(s) I do not recognize, please carry out the following:

    • Please visit Jotti Online Malware Scan
    • Copy the following line into the white text box:
    • Code:
      C:\WINDOWS\system32\bibejira.dll
    • Click Submit.
    • Please post the results of this scan to this thread.

    Note: If the server is busy at the above site, try this alternative site:

    • Go to Virus Total-Upload A File.
    • Copy the following line into the white text box:
    • Code:
      C:\WINDOWS\system32\bibejira.dll
    • Click Send.
    • Please post the results of this scan to this thread.

    Fix entries using HiJackThis

    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {aaccb9c2-c6c1-456e-aede-230e5a7177a7} - (no file)
    O2 - BHO: (no name) - {e70e6057-b6f0-46ea-8894-71bb513a12c4} - (no file)
    O2 - BHO: (no name) - {f319a7f5-dc80-447d-9c65-7ca03c827e29} - (no file)
    O2 - BHO: (no name) - {f53de821-2e40-4b55-93dd-cf740993b5d4} - (no file)
    O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing)
    O8 - Extra context menu item: &Search - ?p=ZK
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab


    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis


      Please download VundoFix.exe to your desktop.
      • Double-click VundoFix.exe to run it.
      • Click the Scan for Vundo button.
      • Once it's done scanning, click the Remove Vundo button.
      • You will receive a prompt asking if you want to remove the files, click YES
      • Once you click yes, your desktop will go blank as it starts removing Vundo.
      • When completed, it will prompt that it will reboot your computer, click OK.
      • Please attach the contents of C:\vundofix.txt
      Note: It is possible that VundoFix encountered a file it could not remove.
      In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

      Please Download VirtumundoBeGone by secured2k
      • Save the file to your desktop
      • Close all running programs (including your Internet Browser)
      • Double-click VirtumundoBeGone.exe on the desktop
      • Read the introductory information, and then click Continue
      • Click Start
      • When asked if you want to continue, click Yes to run the fix
      • Click "Save Log"

      Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

      The log created by VirtumundoBeGone called VBG.TXT will be on located on your desktop. Please retain VBG.TXT.

      Empty Recycle Bin.

      Reboot and attach the VBG.TXT into this thread.
      Also please describe how your computer behaves at the moment.

    • Reboot HijackThis if necessary
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.