Logs from 8-step process for Doug8765

By Doug8765
Jan 2, 2009
  1. Hi -
    I attach the logs that the 8-step analysis process requests.

    Before running the 8-step process (and all during the running of the 8-step process) my computer was afflicted with the virus. Before trying this 8-step process I had tried a bunch of other antivirus steps. None seemed to work and may have made things worse. I did find that (again, before this 8-step process) upon boot-up I was told by Windows that a couple system32 dlls were not what Windows was looking for, but when I googled the dlls in question I found that other sites said those dlls were bad dlls.

    Right now, after running the 8-step process, my teen daughter is using the computer right now and is currently not experiencing the virus.

    I would appreciate knowing what to do next. Thank you.

    Doug Roberts
  2. rf6647

    rf6647 TS Maniac Posts: 829

    MBAM cleaning was not finished until restarting the computer.
    Memory Modules Infected:
    C:\WINDOWS\system32\wvUkHXRL.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\sjjrxl.dll (Trojan.Vundo) -> Delete on reboot.
    Delete files listed in the code box. Then
    Scan with HJT, tick & fix. Restart computer.
    O4 - HKUS\S-1-5-18\..\Run: [lejuhabiyo] Rundll32.exe "C:\WINDOWS\system32\jutizowi.dll",s (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [lejuhabiyo] Rundll32.exe "C:\WINDOWS\system32\jutizowi.dll",s (User 'Default user')
    O20 - AppInit_DLLs: C:\WINDOWS\system32\zoroviro.dll,C:\WINDOWS\system32\kevusowe.dll sjjrxl.dll
    O20 - Winlogon Notify: byxneevl - byXNeEVl.dll (file missing)
    Update & rescan with MBAM & SAS to demonstrate that the computer is clean.

    Post logs if issues remain.
  3. Doug8765

    Doug8765 TS Booster Topic Starter Posts: 185

    Hi -
    All those files were not on my computer so I am rerunning Malwarebytes, SuperAntiSpyware and HijackThis.

    My daughter says that none of presenting symptons seem to occur, so I am hopeful...

    Many, many thanks for everything you and your associates do.

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,525

    Whilst you're at it, startup Hijackthis again, and place a tick next to these two Malwares, then fix them

Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.