TechSpot

Trojan I can't get rid of log attached

By gretz06
Dec 17, 2006
  1. Hello all- I Read: "Viruses/Spyware/Malware, preliminary removal instructions.
    howard_hopkinso" and followed each step...and I thought I was clean...but today I let my computer sit, and *poof* the same pop up ads and outside computer tryin to access my computer popped up. I have enclosed the log, I ran it out of safe mode, is that ok? PLEASEEEE HELP!!!
     
  2. zerocoolzz66

    zerocoolzz66 TS Rookie

    Ok, first of all, have you tried going into Safe Mode and trying to remove the virus that way?
     
  3. Rik

    Rik Banned Posts: 3,814

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    new log as per the above

    Please help!! thank you in advance!!


    -chris
     
  5. Rik

    Rik Banned Posts: 3,814

    I need to see both HJT and AVG Antispyware logs as ATTACHMENTS!!


    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    AV log?

    Hey-
    I have run AVG several times but I do not see a log.... how do I make this? (sorry new to this)
     
  7. Rik

    Rik Banned Posts: 3,814

    There is a button along the top called reports and it gives you the option to save.


    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    i need to wait till my scan is done right? then i can save the results as a report? currently it is 87% done, and hasn't found anything...do I still need this report?

    Hey -

    Thanks for hanging in there with me.... attached are the two logs.... please help...thank you!!


    -gretz

    hjack log -- please see attached

    FYI the hjack log is in the earlier post..... it won't let me upload again.
     
  9. TimeParadoX

    TimeParadoX TS Rookie Posts: 2,273

    Change the name to the log, then you can upload ( Sorry for posting when Rik said only him but I had to tell him how to do it ;) )
     
  10. Rik

    Rik Banned Posts: 3,814

    Feel free to join in and help anytime TimeParadox!:) In fact you have helped me as i didn't know about having to rename attachments!! Your input is greatly appreciated:)

    The part in red is not for stopping people from helping but is instead for stopping people from posting their problems into an existing thread as spyware symptoms often appear alike but require completely different cures.

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    grrrrrr =(

    Hey All--
    It still won't let me attach the below log, it keeps saying I already did (which is true if you scroll up a few posts u can see the log attached) However - it did let me attach the other log. will the below two work? FYI - this is after I followed your instructions above.

    thank you guys again for taking the time to help me.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\system32\mljgd.dll
    C:\WINDOWS\system32\cyhocfae.dll

    Post a fresh HJT log, after doing the above. HERE are instructions for posting your HJT log as an attachment. If you still have problems attaching a HJT log, then copy and paste it and I`ll remove it afterwards.

    Regards Howard :wave: :wave:

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    hey

    should i run vundofix in safe mode? or it does not matter?
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run Vundofix from normal mode please.

    Regards Howard :)

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    above done..

    Hi all-

    I did the above... below is the new log..... how am I looking =(?
    Thank you again for your help on this!! you're a huge help!!!
    ----------------------------------------------------------------
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\nmjpwdqm.dll

    O2 - BHO: (no name) - {BD682681-858E-410F-AA9D-19B4DD8D4490} - C:\WINDOWS\system32\mljgd.dll (file missing)

    O3 - Toolbar: (no name) - {18668683-731c-48fa-b1b9-ad013748fb00} - (no file)

    O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\system32\cyhocfae.dll",setvm

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\system32\cyhocfae.dll
    C:\WINDOWS\system32\nmjpwdqm.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    ok done the above....

    Please see the below log... How am I looking? =(
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your attached HJT log is clean as a whistle.

    There`s no need to copy and paste your log as well as attach it. In fact, you should only attach log files.

    If you have any further virus/spyware problems, please post in this thread.


    Regards Howard :)

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    thank you!!!!!!!
     
  20. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    hey

    Thank you so much for you help with the above virus, I seem to be having another problem, when I try to adjust things in my "msconfig" I get an error message saying "there was an error you need to log in as the system admin" This only happen after the above virus was installed. I have a stand alone PC with windows XP no admin? Any Ideas?? =( as always thank you for your time with this one!!!
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log, just in case your system has become reinfected.

    Regards Howard :)

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    part 2

    I ran a sweep on my computer with Webroot spy sweeper...and it found "trojan agent winlogonhook" But I think something in the backgroud is downloading these, because I haven't surfed the internet, or DL-ed anything on my desktop computer since my first e-mails to you guys. Please help =(
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The clue was in my post above lol.

    Regards Howard :)

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. gretz06

    gretz06 TS Rookie Topic Starter Posts: 17

    New Log error

    I try to run HJT and it locks up everytime?? No log can be generated
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s definitely not a good sign.

    I want to check for rootkits.

    Download and run the Blacklight programme. follow all the instructions carefully.

    Let me know the results.

    Regards Howard :)

    This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...