TechSpot

"Virus Alert!" problem

By kawaiibox
Jun 14, 2006
  1. I have been having a problem with this trojan (I assume) that has popped into my task bar. It is a a icon that switches between two images, a blue circle with a question mark inside, and a red circle with a slash inside (like a no smoking sign). On mousing over it, It'll say "Virus Alert!", and upon clicking it it says in bold "Your computer is infected!" followed by a 'solution', "Critical System Error! System detected virus activities...etc." I have ran McAfee, Spybot S&D, Adaware, and am still unable to get rid of it. After a while, two windows also pop up, labled "ULWindowUrl" and "ULWindowSeek." I think the two may be related but have too little knowledge of this stuff to be sure. Does anyone have a solution? It'll be greatly appreciated.

    <Edit>
    opps, forgot the hjt file.
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    First, go HERE and follow the instructions.

    Then, go HERE and do likewise.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. kawaiibox

    kawaiibox TS Rookie Topic Starter

    Heres the fresh log and the ewidow log as well, since the other instructions said to post it as well. If you want me to delete the other hjt log, just say so in your replay. I hate wasting space when its not necessary.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s better, now we`re getting somewhere.

    Now for the next step.

    Please go HERE and follow the instructions.

    Then post a fresh HJT log.

    Regards Howard :)
     
  5. kawaiibox

    kawaiibox TS Rookie Topic Starter

    fresh HJT log after running SmitfraudFix. Thanks!
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Originally posted by nasdaq at spywareinfo.com.


    Ok, now follow these instructions exactly.

    Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

    1. Please download The Avenger. to your Desktop. Extract avenger.exe to your desktop.

    2. Copy all the text between the dotted lines below to your Clipboard by highlighting it and pressing (Ctrl+C):

    -------------------------------------------------------------------------------------------------------------------------------

    Files to delete:
    C:\WINDOWS\SYSTEM32\wingdm32.dll

    Registry keys to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingdm32

    ------------------------------------------------------------------------------------------------------------------------------


    3. Now, start The Avenger program by clicking on its icon on your desktop.

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the Green Light to begin execution of the script
    * Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    * It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    * On reboot, it will briefly open a black command window on your desktop, this is normal.
    * After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    * The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


    Next, go to Start > Control Panel > Internet Options
    In the General tab, Temporary Internet Files area, click:
    -Delete Cookies
    -Delete Files
    --When prompted, check: Delete all offline content
    Click OK

    Go to Start > Run and type: cleanmgr
    Click: OK
    The program scans the system for files to remove.
    Only check:
    -Temporary Files
    -Temporary Internet Files
    -Recycle Bin
    Click: OK

    5. Please attach the content of c:\avenger.txt into your reply along with a fresh HJT log

    Regards Howard :)
     
  7. kawaiibox

    kawaiibox TS Rookie Topic Starter

    Umm, I did everything up to clicking on the green light, but after the first click when it prompts me to save something, It says it could not create a zip file, although I have both winzip and win rar. I still asks me to reboot though, and I click yes. At that point, it does nothing and the task manager says it is not responding. During this whole process, I have been asked by McAfee to allow a PUP access file (It was smitfraud's) but I have denied it. McAfee has also been finding a whole bunch of trojans and it is unable to delete them. I have no idea what the problem is here.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log.

    Regards Howard :)
     
  9. kawaiibox

    kawaiibox TS Rookie Topic Starter

    Heres the fresh hjt.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system seems to be getting worse, not better.

    Here`s what I want you to do.

    Download the Pocket killbox programme from HERE. Save it to your desktop.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    rdgUS2404.exe
    gdnUS2338.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [qboukjrs] C:\paunwyal.bat

    O4 - HKLM\..\Run: [xjkqkema] C:\hlittvbp.bat

    O4 - HKLM\..\Run: [himfrktx] C:\rbiqamot.bat

    O16 - DPF: {3CB357E9-4F9C-7C14-A59C-05824F3A1827} - http://********/1/gdnUS2338.exe

    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://*********/1/rdgUS2404.exe

    O20 - Winlogon Notify: khfedec - C:\WINDOWS\SYSTEM32\khfedec.dll

    O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll

    Click on the fix checked button.

    Close HJT.

    Extract the Killbox programme, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, click no and carry on inputting the files you want to delete. After the final file has been input, click yes when prompted to rebbot.

    These are the files you should input(if there).

    C:\WINDOWS\SYSTEM32\wingdm32.dll
    C:\WINDOWS\SYSTEM32\khfedec.dll
    C:\paunwyal.bat
    C:\hlittvbp.bat
    C:\rbiqamot.bat

    Post a fresh HJT log.

    Regards Howard :)
     
  11. kawaiibox

    kawaiibox TS Rookie Topic Starter

    here is a fresh one, no problem encountered while doing the steps in the previous post.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix the following entry.

    O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll (file missing)

    Other than that, your HJT log is clean.

    Regards Howard :)
     
  13. kawaiibox

    kawaiibox TS Rookie Topic Starter

    Thanks a bunch. I have just one more question to ask. Is there any other free app I can download to protect my computer agaisnt future occurances such as this (other than just safe surfing)? I heard zone alarm was good but I'm a bit skeptical now about free stuff...
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Since you asked, here`s what I recommend.

    Download the free AVG antivirus programm and either the free zonealarm, or free kerio firewall programme.

    You can get these from HERE, HERE and HERE.

    Then, disconnect from the internet and uninstall McAfee, it really isn`t very good.

    Once McAfee has been completely uninstalled, reboot your system.

    Install either Zonealarm, or Kerio, followed by AVG and reboot your system. Reconnect to the net and run the AVG updates.

    You might also want to take a look at this thread by Spike. It will help you to keep your system more secure.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...