TechSpot

Help needed! Burstnet, tribalfusion, virtumondo... all that fun stuff =/

By TrevPie
Feb 18, 2007
  1. Hey there. I am not the smartest guy when it comes to ridding my computer of viruses, but generally I know enough to keep away from them. Ever since I've been forced to turn this computer into the household computer, it's been crawling with viruses. My younger siblings always interrupt the process of getting rid of them, but good news: They're all out of state on vacation :)

    So I figured now would be the perfect time to clean up this computer.



    I use the free versions of adaware, avorax, avg, ewido, and spybot. They're finding things, they're just not getting rid of them for good.

    I've had continuous findings of: virtumondo, burstnet.com, advertising.com, and tribalfusion.

    My desktop icons used to all disappear, but I used vundofix and they seem to be staying there now, although vundofix still finds one file that doesn't go away. (windows/system32/yoogilfy.dll).

    Anyways, any help at all would be greatly appreciated . Here's my hjt log:


    PS if I did something incorrectly or left out vital information in this post, feel free to scold/correct me =P I'll be sure to come back and include it.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the filepath you need to enter into Vundofix.

    windows/system32/yoogilfy.dll

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    winlog

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    winlog.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

    O2 - BHO: (no name) - {C83A35BA-408D-46D2-9C8D-231367E40C8A} - C:\WINDOWS\msagent\nifoloe.dll (file missing)

    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

    O4 - HKLM\..\RunServices: [winlog] winlog.exe

    16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    winlog.exe<Search your system for this file and delete all instances found.

    Reboot into normal mode and rehide your protected OS files.

    Go HERE and follow the instructions for AVG Antispyware.

    Post a fresh HJT log as well as an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of TrevPie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. TrevPie

    TrevPie TS Rookie Topic Starter

    Alright, did all of that.

    winlog.exe was not able to be found, but I did delete the HJT value with that in it. Hopefully that's all cleared up now.

    Here's a fresh HJT log and an AVG log, both taken in safe mode:
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I need a fresh HJT log from normal mode please.

    Regards Howard :)

    This thread is for the use of TrevPie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. TrevPie

    TrevPie TS Rookie Topic Starter

    Ok, here it comes.

    Thanks for all of your help so far too, btw :)
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    This is taken from your HJT log.

    C:\HJT\HijackThis.exe You need to rename the bold file to Analyze.exe and post a fresh HJT log. This is because some malware can hide from HijackThis.exe.

    Regards Howard :)

    This thread is for the use of TrevPie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. TrevPie

    TrevPie TS Rookie Topic Starter

    Woops, sorry, here we are.

    Thanks :)
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix this entry.

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    Other than that, your HJT log is clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of TrevPie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...