TechSpot

Followed yr instructions 1st, posting HJT log :) All help appreciated!

By kikicool
Oct 9, 2006
  1. Hi there. I'm not as tech-savvie as I'd like to think I am (especially after looking through this site--wow!). Anyhoo, I had a friend visiting, and I'm not sure what she downloaded, but my computer is all screwy now.

    I read the instructions on what to do before posting an HJT log, and followed them to the best of my abilities. One thing: I couldn't run Look2me destroyer in safe mode--it kept saying it would reopen in a minute, but never did. So I ran it in normal mode. One more possible problem: when I ran the Trend Micro program, I was unable to see the list of problems found, so I deleted them all. If you don't mind, I'm posting my log, still, just to get opinions from experts :) Hopefully, I did it all right and all is well.

    A quick explanation of the problems I encountered that made me freak out: McAfee detected the Vundo virus. After following all these steps, it no longer seems to. I was also getting a pop up each time I opened the internet that read, "Spyware Removal Wizard; Warning: Your computer may be infected with malicious spyware, adware, or trojan objects." However, since I didn't recognize this, I never clicked continue to clean. I don't think this is really a windows program. Does it sound familiar? Also, I was getting hijacked randomly.

    Ack! I have attached my log as .txt (or died trying, if you don't hear back from me after this!). Please let me know if there is anything else I can do. I really, really appreciate everyone's help. This website is a godsend. I work from home--so if there's a problem, no tech support, and no income! Thanks!!

    Kate
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    It looks like you`ve done a pretty good job of cleaning your system so far. However, there is one more nasty to get rid of.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [meqyzni.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\meqyzni.dll,uckztjb

    O8 - Extra context menu item: iGive - file://C:\Program Files\iGive_ShoppingWindow\Sy600\Tp600\scri600a.htm

    O9 - Extra button: iGive - {A3C72A73-A005-4c16-BAEE-017E6F69A3EC} - file://C:\Program Files\iGive_ShoppingWindow\Sy600\Tp600\scri600a.htm (HKCU)

    O20 - Winlogon Notify: winjpq32 - winjpq32.dll (file missing)

    O20 - Winlogon Notify: wvusttt - wvusttt.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\system32\meqyzni.dll,uckztjb

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :wave: :wave:

    This thread is for the use of kikicool only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. kikicool

    kikicool TS Rookie Topic Starter

    New HJT log, item not found by Killbox?

    Hi there! Thank you so much for your speedy and encouraging reply. I followed your instructions precisely. After fixing the problems in HJT scan, I ran Killbox.exe. I typed in the file name EXACTLY as it appears. Unfortunately, Killbox.exe reported "file does not seem to exist." or some such. Could it have been fixed by HijackThis?

    I am posting a new log per your request. Please let me know if there's anything else I can do/need to do. Thanks!!
     
  4. kikicool

    kikicool TS Rookie Topic Starter

    forgot to post log...*sigh*

    And now...here's my log!
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    Delete any killbox backups if there.

    Check in this location and see if this file is there,

    C:\WINDOWS\system32\meqyzni.dll,uckztjb

    If it is, delete it.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of kikicool only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. kikicool

    kikicool TS Rookie Topic Starter

    Yay!

    Thanks, Howard! You rock!! I didn't see the file in that location, so I guess I'm good to go! I'll let you know if anything else pops up (haw haw). Meantime, thanks so much for sharing your knowledge and time :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.