Not sure what, but it's serious malware

By ZSolid
Apr 18, 2007
  1. Hi all, this is my first post to TechSpot! I've been visiting the site for a long time trying to pick up tidbits of easy tech fixes and this has been about the best place I could find - keep up the good work!

    I figured I had everything running pretty well on my machine (regularly updating and keeping my AV current) until just yesterday that little shield with the X on it showed up with the "Spyware Infection has Detected !" tooltip. Since then I've tried my hopelessly inadequate Norton AV scan, installed avast and caught about 8 infections (most not serious) and caught about 20 pieces of spyware with AdAware SE.

    It's sad but I guess that's pretty normal - my problem is the shield icon is still there however and my machine is now popup hell with some other bizarre errors. Time to throw in the towel and ask for help. I downloaded HiJackThis and ran it. Here's the log:

    A lot of this stuff I recognize and am relatively comfortable with but the svchost stuff, smss, and tcpipmon I'm especially concerned with. If anyone can spot something else in there and has a recommendation, I would be deeply appreciative.

    Thank you,
  2. momok

    momok TS Rookie Posts: 2,265

    Hi and welcome to techspot. =)

    Your system is infected by trojans and other malware.
    You are also running an outdated version of HijackThis.

    Please go to this thread HERE.

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
    Do follow all the instructions exactly.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.
    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the following file path's you need to enter:

    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.

    Next, boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.

    Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.


    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
    O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
    O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\gebywuu.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ijgtdlrk.dll (file missing)
    O2 - BHO: (no name) - {9E3B153F-4035-4C7D-BA03-0B2B0FEC4FC2} - C:\WINDOWS\system32\mlljg.dll
    O9 - Extra button: (no name) - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - (no file)
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
    O20 - Winlogon Notify: gebywuu - C:\WINDOWS\SYSTEM32\gebywuu.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll
    O20 - Winlogon Notify: nnnllkh - C:\WINDOWS\SYSTEM32\nnnllkh.dll
    O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.
    C:\Program Files\MyGlobalSearch\

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread.
    That said, please do not copy and paste your logs in this thread if not it will be ignored and/or removed by the moderators.

    The logs will enable us to understand more about the problems on your system.

    Your friendly Momok =)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...