TechSpot

Spyware help

By chookychook
Nov 12, 2008
Topic Status:
Not open for further replies.
  1. Hello. Had a load of spyware including vundo on my system most of which i seem to have got rid of running a variety of cleaners. i was getting pop ups and dialogue boxes which have now stopped but there seem to be some bits left on my computer and there is noticable slowdown. here's my logs, if you could help me it would be much appreciated.
     

    Attached Files:

  2. matav

    matav TS Enthusiast Posts: 174

    go to command prompt [cmd.exe]
    and type "at"
    if it doesn't display "There are no entries in the list."
    then type "at /delete" and say yes [y]

    now delete these files if they are still there:
    C:\WINDOWS\system32\ezowyuhdohvrtfl.dll
    C:\WINDOWS\system32\bodozanu.dll
    C:\WINDOWS\system32\damorume.dll

    if these files aren't being deleted then do this
    go to hijackthis
    click on "main menu"
    click on "open misc tools section"
    click on "delete a file on reboot"
    now select those three files manually

    --
    after doing that
    go to hijackthis main menu & do a scan and remove these entries

    O2 - BHO: agadoo browser optimizer - {476af93f-8fd9-f957-ecc5-f83b8687bc87} - C:\WINDOWS\system32\xrvhzojaqjmuwqtwl.dll (file missing)
    O2 - BHO: (no name) - {7df72896-a23b-4831-a355-c56eb8958cd3} - C:\WINDOWS\system32\siwelehu.dll (file missing)
    O2 - BHO: (no name) - {E1B5E11C-A39B-47D5-A4C9-6E3F51C0D218} - C:\WINDOWS\system32\ssqQifeD.dll (file missing)
    O4 - HKLM\..\Run: [qmnobfvzlc] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ezowyuhdohvrtfl.dll"
    O4 - HKLM\..\Run: [hibuwidebe] Rundll32.exe "C:\WINDOWS\system32\bodozanu.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [hibuwidebe] Rundll32.exe "C:\WINDOWS\system32\bodozanu.dll",s (User 'LOCAL SERVICE')

    --
    reboot pc
    uninstall all spyware removing softwares u installed or just remove them from startup cauz those slowdown pc and since u've installed 2 different spyware softwares that start up together
    &
    get rid of mcafee cauz it makes the pc real slow especially after a virus infection
    get hold of kaspersky instead

    --
    a word of advice: i haven't checked ur hijackthis thoroughly but these changes are good enough
     
  3. chookychook

    chookychook TS Rookie Topic Starter

    thanks very much, i'll try that later and getr back to you.
     
  4. rf6647

    rf6647 TS Maniac Posts: 931

    Matav, thanks for the save! This is a team effort - all volunteer. Welcome aboard.

    Chookychook, welcome to TS.

    Please update MBAM & SAS. MBAM is definitely stale. It has been about 2 weeks since that much alpha-junk has shown up in HJT.

    Post new logs.

    [edit]
    McAfee is presently your main protection. I am withholding an opinion about the blend of antispy & anti-malware applications.

    MBAM is needed to address this:
    O20 - AppInit_DLLs: vumuly.dll,C:\WINDOWS\system32\damorume.dll,
     
  5. chookychook

    chookychook TS Rookie Topic Starter

    Hello again.
    I followed both your advice. MBAM after updating seemed to pick up a few more interesting things. Computer seems a bit cleaner and faster.
    Here are the logs and thank you very much for your time. It's very much appreciated.
     

    Attached Files:

  6. rf6647

    rf6647 TS Maniac Posts: 931

    Whoops. I think the instructions are weak describing the need to restart the computer.

    Following restart, repeat MBAM until achieving no infection OR no reduction in the reported infections. System Restore volumes are don't care at this point.

    Likewise, Redo / repeat SAS.

    Post back 3 logs.
     
  7. chookychook

    chookychook TS Rookie Topic Starter

    did an MBAM quick scan and nothing found. Do you think I should do a deep scan, (a bit lengthy at over 2 hours...)
     
  8. matav

    matav TS Enthusiast Posts: 174

    from ur hjtlog delete these:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {7df72896-a23b-4831-a355-c56eb8958cd3} - C:\WINDOWS\system32\siwelehu.dll (file missing)
    O4 - HKUS\S-1-5-19\..\Run: [hibuwidebe] Rundll32.exe "C:\WINDOWS\system32\bodozanu.dll",s (User 'LOCAL SERVICE')

    make sure bodozanu.dll is no longer on ur pc.
    C:\WINDOWS\system32\bodozanu.dll

    --
    btw... you still have 3 anti-spyware running at same time!!
    > Lavasoft Ad-Aware
    > a-squared Anti-Malware
    > SUPERAntiSpyware

    why would anyone want to torture their pc by having 3 anti-spyware apps installed & running together?
    do you ever see three anti-virus programs running together?
    do you know how much load will come on the computer? [answer: alot!]

    just keep any 1 and ur system will be definitely faster.
    decide which you want to keep.
    or instead if you want to install a few more anti-spyware softwares, i can recommend some good ones.
    you'll see the pc work even slower then.
    ur choice

    --
    other than all that, everything seems fine.
     
  9. rf6647

    rf6647 TS Maniac Posts: 931

    I am following mflynn for leads on this. It appears SuperAntiSpyware is used to remove malware that is protecting the major infection.

    Accordingly we will first concentrate on SAS removing malware.

    Once SAS detects no infection OR can not progress further,
    then we concentrate running MBAM.

    Restart the computer.

    Configure & run SAS (repeatedly until no new progress is reported) as follows
    Since MBAM reports no infections in safe mode, we will perform a deep scan to seek out infected files/folders:
    Updates to MBAM & SAS are appropriate when we achieve breakthrough or stall with infections that cannot be removed.

    Read logs. Restart appropriate when so indicated that reboot is needed for removal.
     
  10. mflynn

    mflynn TS Rookie Posts: 2,793

    Hello Guys

    Rich has it right!

    Based on what you had that I see, and what I see you still have.

    I highly Advise a MBAM Full Scan, fully updated with the advanced configs here.

    And do it again if it is not clean. Post logs on each run!

    Mike
     
  11. chookychook

    chookychook TS Rookie Topic Starter

    thanks, i'll post some new logs later on.
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.