TechSpot

Generic.WUE and Dialer.BZB problem also

By Agent J
Jul 6, 2006
  1. Hi,

    I'm having the same problem with these two trojans. I've already cleaned up using ewido and ran hjt in safe mode, turned off system restore and allowed viewing of hidden files. attached is the hjt log. thanks in advance.
     
  2. korrupt

    korrupt TS Rookie Posts: 716

    Try using simple anti spyware programs such as ad aware and spybot. Often there is a simple solution to everything.

    Good Luck

    Regards,

    Korrupt
     
  3. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    i already have avg, ewido, etrust, etc but i still cant get rid of it. i'm opting for the manual solution for this just like what the others did.
     
  4. N3051M

    N3051M TS Evangelist Posts: 2,115

  5. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    yes i already did.. please help..
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download and run the Ccleaner programme from HERE.

    Also, download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\mljiife.dll

    O20 - Winlogon Notify: mljiife - C:\WINDOWS\SYSTEM32\mljiife.dll Unknown

    O20 - Winlogon Notify: winjjq32 - C:\WINDOWS\SYSTEM32\winjjq32.dll

    O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - (no file)

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\SYSTEM32\winjjq32.dll

    C:\WINDOWS\SYSTEM32\mljiife.dll

    Once your system has rebooted, turn system restore back on and post a fresh HJT log.

    Regards Howard :wave: :wave:
     
  7. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    Hi howard.. thanks for the assistance.. when i ran hjt, it turned out a little different than the one i posted. however,
    i followed the other instructions and got this latest hjt log. is it clean now?
     

    Attached Files:

  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix these two entries.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    Click on the fix checked button and close HJT.

    You will need to set a new homepage.

    Other than the above, your HJT log is clean.

    Regards Howard :)
     
  9. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    thanks very much howard! it's running well now! cheers!
     
  10. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    hi, i now seem to be experiencing intermittent 100% CPU activity from explorer.exe.. when I try to reboot, it alerts me that the processes CCAPP.exe and NORTON is not responding.

    what could be the problem now? how do i solve this? is this still related to trojan we eliminated recently?

    should i just uninstall norton? i currently have avg, ewido, and etrust. which antivirus/spyware would you recommend keeping so my system would run efficiently and safely?
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should deffinitely get rid of Norton. It`s crap and a resource hog. Also, it not a good idea top have more than one antivirus programme active at the same time. This is because it can cause conflicts, not to mention it will slow your computer down.

    The programmes you should keep are SS&D/Ad-Aware se/Spywareblaster/Ewido/AVG/and a firewall of your choice.

    If after getting rid of Norton you still have problems, post a fresh HJT log.

    Regards Howard :)
     
  12. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    annoying SysProtect

    ran adaware and ewido already..

    here's my hjt file. is it clean?

    thanks..
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged your new thread into this one.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    DAP
    SysProtect Free

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    USYP.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.10.170.224:80<Fix this, if you didn`t set this proxy yourself, or don`t know what it is.

    O4 - HKLM\..\Run: [BigPond] "E:\5100.exe" -r<Fix this, if you don`t know what it is.

    O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min

    O4 - Global Startup: ImageFox.lnk = ?

    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

    O15 - Trusted Zone: http://locator.cdn.imageservr.com

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\DAP
    C:\Program Files\SysProtect Free
    E:\5100.exe Only delete this, if you don`t know what it is.

    Reboot into normal mode and turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    Klone and Generic

    did a scan with avg, ewido, and adaware already..

    here's my hjt log.. thanks in advance!

    **oops hold that thought. i'll scan it again to be sure..
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged your new thread into this one.

    Once you have posted you HJT and AVG antispyware(formerly Ewido) logs, I`ll take a look and advise.

    Please make sure you rename HijackThis.exe as per these instructions.

    Regards Howard :)

    This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    Thanks, Howard!

    followed your instructions.. here's my hjt and avg log..

    AJ
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    VSToolbar
    SysProtect Free

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    USYP.exe
    UWA6P_0001_N91M1807NetInstaller.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.10.170.224:80<Fix this, if you didn`t set this proxy yourself, or don`t know what it is.

    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\untmxsfu.dll (file missing)

    O2 - BHO: (no name) - {3D1907DB-AC32-41FF-9033-E0872DD74CB0} - C:\WINDOWS\vsrurn.dll (file missing)

    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll

    O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min

    O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm

    O15 - Trusted Zone: http://locator.cdn.imageservr.com

    O20 - Winlogon Notify: vsrurn - C:\WINDOWS\vsrurn.dll (file missing)

    O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\SysProtect Free

    C:\Program Files\VSToolbar

    C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\WYQC7TRO\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe


    Delete all files in AVG antispyware quarantine.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT and Avg Antispyware log.

    Regards Howard :)

    This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    Hi Howard!

    Here's my new HJT and AVG log. I hope it's clean! :)
    Thanks for all the help! I really appreciate it!

    AJ
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    SysProtect Free

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    USYP.exe
    USYP_0002_N91M1708NetInstaller.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min

    O4 - Global Startup: ImageFox.lnk = ?

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter into killbox.

    C:\Program Files\SysProtect Free\USYP.exe
    C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\MI1YC4EO\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe

    Once your system has rebooted, delete the following bold Files/folders.

    C:\Program Files\SysProtect Free
    C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\MI1YC4EO

    Post a fresh HJT log and let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    hi howard,

    i can't seem to find these to delete?
    were they deleted already?


    C:\Program Files\SysProtect Free
    C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\MI1YC4EO

    i can't find the folder Content.IE5. they were all specific files like jpeg, gif, html, etc.

    also, i wasn't able to delete USYP.exe, and USYP_0002_N91M1708NetInstaller.exe since it wasn't there anymore when i opened task manager.

    are you somehow able to see if it's still there through my hjt log?
    here it is again..

    thanks,

    AJ
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I could see those entries in your last HJT log. However, they aren`t in this one, so your HJT log is now clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Agent J only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. Agent J

    Agent J TS Rookie Topic Starter Posts: 19

    oh! thanks a lot, howard! cheers!

    AJ
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...