TechSpot

Please help - Mom-in-law has malware

By Support-In-Law
Nov 8, 2005
  1. My in-laws love to download shareware, and have a malware problem (Trojan Vundo, plus probably a few others, I think). Explorer.exe tends to bog for minutes at a time at 99%+ CPU. I am attaching their HJT log. Any help will be appreciated. Thanks.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Please do NOT modify your logs! Putting in those blank lines only makes it harder to read (and the file bigger).

    C:\Documents and Settings\Yolanda\Desktop\HijackThis.exe
    Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

    First go here, ONLY get CWShredder. Then boot into Safe Mode and RUN CWShredder.
    Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

    Next, get the Trojan.Vundo Removal tool here:
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html
    Follow their instructions to the letter!

    When done, continue here:
    Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /U/ UNinstall anything to do with this
    /R/ unRegister the xxx.DLL in that line
    Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sharewareisland.com/quicksearch.aspx
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdates.asp?p={4192EAC0-6B36-bla-bla...}
    /R/U/ R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    /R/ O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\pmkjg.dll
    /P/ O4 - HKLM\..\Run: [NI.UWFX5_0001_N56T0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe" -nag <<== (if still there)
    Fix ALL your O16 - DPF: entries
    O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll
    ...................................................................................................

    STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...