Generic.WUE and Dialer.BZB problem also

Status
Not open for further replies.

Agent J

Posts: 19   +0
Hi,

I'm having the same problem with these two trojans. I've already cleaned up using ewido and ran hjt in safe mode, turned off system restore and allowed viewing of hidden files. attached is the hjt log. thanks in advance.
 
Try using simple anti spyware programs such as ad aware and spybot. Often there is a simple solution to everything.

Good Luck

Regards,

Korrupt
 
i already have avg, ewido, etrust, etc but i still cant get rid of it. i'm opting for the manual solution for this just like what the others did.
 
Hello and welcome to Techspot.

Download and run the Ccleaner programme from HERE.

Also, download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\mljiife.dll

O20 - Winlogon Notify: mljiife - C:\WINDOWS\SYSTEM32\mljiife.dll Unknown

O20 - Winlogon Notify: winjjq32 - C:\WINDOWS\SYSTEM32\winjjq32.dll

O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - (no file)

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter into killbox.

C:\WINDOWS\SYSTEM32\winjjq32.dll

C:\WINDOWS\SYSTEM32\mljiife.dll

Once your system has rebooted, turn system restore back on and post a fresh HJT log.

Regards Howard :wave: :wave:
 
Hi howard.. thanks for the assistance.. when I ran hjt, it turned out a little different than the one I posted. however,
I followed the other instructions and got this latest hjt log. is it clean now?
 

Attachments

  • hjtlog2.txt
    7.5 KB · Views: 6
Have HJT fix these two entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Click on the fix checked button and close HJT.

You will need to set a new homepage.

Other than the above, your HJT log is clean.

Regards Howard :)
 
hi, i now seem to be experiencing intermittent 100% CPU activity from explorer.exe.. when I try to reboot, it alerts me that the processes CCAPP.exe and NORTON is not responding.

what could be the problem now? how do i solve this? is this still related to trojan we eliminated recently?

should i just uninstall norton? i currently have avg, ewido, and etrust. which antivirus/spyware would you recommend keeping so my system would run efficiently and safely?
 
You should deffinitely get rid of Norton. It`s crap and a resource hog. Also, it not a good idea top have more than one antivirus programme active at the same time. This is because it can cause conflicts, not to mention it will slow your computer down.

The programmes you should keep are SS&D/Ad-Aware se/Spywareblaster/Ewido/AVG/and a firewall of your choice.

If after getting rid of Norton you still have problems, post a fresh HJT log.

Regards Howard :)
 
I have merged your new thread into this one.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

DAP
SysProtect Free

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

USYP.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.10.170.224:80<Fix this, if you didn`t set this proxy yourself, or don`t know what it is.

O4 - HKLM\..\Run: [BigPond] "E:\5100.exe" -r<Fix this, if you don`t know what it is.

O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min

O4 - Global Startup: ImageFox.lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O15 - Trusted Zone: http://locator.cdn.imageservr.com

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\DAP
C:\Program Files\SysProtect Free
E:\5100.exe Only delete this, if you don`t know what it is.

Reboot into normal mode and turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Klone and Generic

did a scan with avg, ewido, and adaware already..

here's my hjt log.. thanks in advance!

**oops hold that thought. i'll scan it again to be sure..
 
I have merged your new thread into this one.

Once you have posted you HJT and AVG antispyware(formerly Ewido) logs, I`ll take a look and advise.

Please make sure you rename HijackThis.exe as per these instructions.

Regards Howard :)

This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

VSToolbar
SysProtect Free

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

USYP.exe
UWA6P_0001_N91M1807NetInstaller.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.10.170.224:80<Fix this, if you didn`t set this proxy yourself, or don`t know what it is.

O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\untmxsfu.dll (file missing)

O2 - BHO: (no name) - {3D1907DB-AC32-41FF-9033-E0872DD74CB0} - C:\WINDOWS\vsrurn.dll (file missing)

O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll

O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min

O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O20 - Winlogon Notify: vsrurn - C:\WINDOWS\vsrurn.dll (file missing)

O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\SysProtect Free

C:\Program Files\VSToolbar

C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\WYQC7TRO\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe


Delete all files in AVG antispyware quarantine.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT and Avg Antispyware log.

Regards Howard :)

This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Howard!

Here's my new HJT and AVG log. I hope it's clean! :)
Thanks for all the help! I really appreciate it!

AJ
 
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

SysProtect Free

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

USYP.exe
USYP_0002_N91M1708NetInstaller.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min

O4 - Global Startup: ImageFox.lnk = ?

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter into killbox.

C:\Program Files\SysProtect Free\USYP.exe
C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\MI1YC4EO\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe

Once your system has rebooted, delete the following bold Files/folders.

C:\Program Files\SysProtect Free
C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\MI1YC4EO

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard :)

This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hi howard,

i can't seem to find these to delete?
were they deleted already?


C:\Program Files\SysProtect Free
C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\MI1YC4EO

i can't find the folder Content.IE5. they were all specific files like jpeg, gif, html, etc.

also, i wasn't able to delete USYP.exe, and USYP_0002_N91M1708NetInstaller.exe since it wasn't there anymore when i opened task manager.

are you somehow able to see if it's still there through my hjt log?
here it is again..

thanks,

AJ
 
I could see those entries in your last HJT log. However, they aren`t in this one, so your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back