TechSpot

Dreaded Pop Ups are back

By ru1thirst
Mar 3, 2007
  1. Well don't know how but they are back. Firefox, spyblaster, sb s&d, Lavasoft, you name it, I tried it or used it.
    Howard, I've attached a log. Can you tell me what to get rid of?
    Thanks again. Didn't think I'd have to be back for awhile.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with the Vundo trojan.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the filepaths you need to enter into Vundofix.

    C:\WINDOWS\system32\jkkjh.dll
    C:\WINDOWS\system32\hgrvuoya.dll

    Post a fresh HJT log as wel as an AVG Antispyware log, after doing the above.

    Regards Howard :)

    This thread is for the use of ru1thirst only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. ru1thirst

    ru1thirst TS Rookie Topic Starter Posts: 78

    Ok, I've done the above and think I know what to delete but don't want follow my instincts. Ok, now what? Think we are getting there.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - AutorunsDisabled - (no file)

    O2 - BHO: (no name) - {90157D05-B66C-48EF-8D75-BBF0F6958B4B} - C:\WINDOWS\system32\jkkjh.dll (file missing)

    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\hgrvuoya.dll (file missing)

    O9 - Extra button: (no name) - AutorunsDisabled - (no file)

    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

    O20 - Winlogon Notify: fcccyvs - fcccyvs.dll (file missing)

    Click on the fix checked button.

    Close HJT and reboot your system.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of ru1thirst only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. ru1thirst

    ru1thirst TS Rookie Topic Starter Posts: 78

    Thanks Howard. You've done it again. Think is all back to norm. Ran avg and analize and nothing looks to be there now on either. Thanks again!
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,330   +622

    poor user practice

    McAffe info on Vundo
    This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve
    1. system or security exploitation, and
    2. unsuspecting users manually executing unknown programs.
    3. Distribution channels include
      email,
      malicious or hacked web pages,
      Internet Relay Chat (IRC),
      peer-to-peer networks, etc.​
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...