Please help - Mom-in-law has malware

Status
Not open for further replies.
My in-laws love to download shareware, and have a malware problem (Trojan Vundo, plus probably a few others, I think). Explorer.exe tends to bog for minutes at a time at 99%+ CPU. I am attaching their HJT log. Any help will be appreciated. Thanks.
 
Please do NOT modify your logs! Putting in those blank lines only makes it harder to read (and the file bigger).

C:\Documents and Settings\Yolanda\Desktop\HijackThis.exe
Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

First go here, ONLY get CWShredder. Then boot into Safe Mode and RUN CWShredder.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

Next, get the Trojan.Vundo Removal tool here:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html
Follow their instructions to the letter!

When done, continue here:
Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/U/ UNinstall anything to do with this
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sharewareisland.com/quicksearch.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdates.asp?p={4192EAC0-6B36-bla-bla...}
/R/U/ R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
/R/ O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\pmkjg.dll
/P/ O4 - HKLM\..\Run: [NI.UWFX5_0001_N56T0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe" -nag <<== (if still there)
Fix ALL your O16 - DPF: entries
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll
...................................................................................................

STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com
 
Status
Not open for further replies.
Back