Random pop-ups

Status
Not open for further replies.

Shecky504

Posts: 10   +0
Hello, I have followed the 8 steps but I'm still receiving random pop-ups in Firefox on Windows XP. I've attached my 3 logs. Please let me know if you can help.
 
Code:
Files Infected:
Memory Modules Infected:
C:\WINDOWS\system32\bolfnkwy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnmLBqr.dll (Trojan.Vundo.H) -> Delete on reboot.
MBAB did not handle all that it found until the computer restart.

Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

HJT scan informs what has not been handled (computer restart before HJT scan)

Caught by HJT. Tick & Fix . Restart computer.
Code:
O2 - BHO: {dd3878c5-bcd0-07f8-bda4-36750fad48f1} - {1f84daf0-5763-4adb-8f70-0dcb5c8783dd} - C:\WINDOWS\system32\qpatov.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Windows] taskmngr.exe
O4 - HKLM\..\RunServices: [Device Manager] wfxmgr.exe

O20 - AppInit_DLLs: qpatov.dll


Delete no files or folders – yet.

Please provide details for wfxmgr.exe by trying to locate it in ‘device manager’
( Start > run devmgmt.msc > view > show hidden devices >> the hunt begins)
 
Thank you rf6647. I followed your directions and fixed the items in HiJackThis. I was unable to find wfxmgr.exe in device manager after the restart. I have not experienced a pop-up yet either. Thank you for the help and please let me know if I should do anything else.
 
You indicate that the infection was handled. The referal also included advice to repeat scans with MBAM & SAS to confirm the computer is clean.

The Mods may never move logs to this thread. Logs appear under this thread


Some cleanup items
  • Delete file: C:\WINDOWS\system32\qpatov.dll
    • Not listed as safe - Not listed as malware
  • Use 'regedit' to remove references to qpatov.dll
    • No usage expected to be found


Establish a new clean restore point and Clear your existing System Restore points:
  • New
    • Go to Start > All Programs > Accessories > System Tools > System Restore>
    • Select Create a restore point> OK.
  • Clear Old
    • go to Start > Run > cleanmgr > Select the More options tab >
    • Choose the option to clean up System Restore > OK

      • This will remove all restore points except the new one you just created.
 
Ok, I re-ran both programs (it takes about 2 1/2 hours to run them) and here are the new logs. I deleted the qpatov files and did as you said with the system restore as well. All seems to be well but I will run the two programs again until it is totally clean.
 
And remember that all-important RESTART.
Code:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace)
 -> Delete on reboot.

And yes, a clean log seems superfluous over a mere statement.
 
Status
Not open for further replies.
Back