TechSpot

"Virus Alert!" problem

By Ruzumaki
Jun 21, 2006
  1. Need extra help.

    Can personal help me in msn to solve tis kind of problem? I was totally confuse with the step >,< . Please kindly show ur hand of help.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I`m not sure what help you require, since you didn`t say.

    If you are having virus/spyware/popup problems.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please don`t keep posting in other threads.

    Follow the instructions I have given, it`s not that difficult. Just take your time.

    I do not help people via MSN or any other messenger service.

    I have deleted your other post.

    Regards Howard :)
     
  4. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Which bit of "I don`t help people via Msn", don`t you understand?

    Go to the link I gave you above and follow the instructions EXACTLY

    Then, post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :cool:
     
  6. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    here a fresh hjt
    the file txt is too big...?
    how?145kb
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If the file is too big, do the following.

    Copy and paste half of the HJT log file into notepad and attach it, then copy and paste the rest of the log into another notepad file and attach that as well.

    Regards Howard :)
     
  8. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    It is very foolish to post your private email address in a public forum. You must like getting spam and viri sent to you all the time.
     
  9. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    here a fresh hjt.
     
  10. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    this hjt is using hjt 1.99 scan 1.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    gdnUS2338.exe
    77d4a602.exe

    Close task manager.

    Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\wingdm32.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp107.tmp (file missing)

    O4 - HKLM\..\Run: [77d4a602.exe] C:\WINDOWS\system32\77d4a602.exe

    O4 - HKCU\..\Run: [77d4a602.exe] C:\Documents and Settings\Hieuy Mac\Local Settings\Application Data\77d4a602.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3CB357E9-4F9C-7C14-A59C-05824F3A1827} - http://85.255.113.214/1/gdnUS2338.exe
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

    O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\SYSTEM32\wingdm32.dll
    gdnUS2338.exe
    C:\Documents and Settings\Hieuy Mac\Local Settings\Application Data\77d4a602.exe
    C:\WINDOWS\system32\77d4a602.exe
    C:\WINDOWS\system32\hp107.tmp

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)
     
  12. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    still have same problem. when i run the regsvr3 /u c:\windows\system32\wingdm32.dll not found or missing. Here with a fresh hjt.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Just have HJT fix any entries that say file missing, or no file.

    Regards Howard :)
     
  14. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    but the virus alert! problem still there!! how to fix? It very anoyying
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Can you give me the exact details of the alert you`re getting?

    Regards Howard :)
     
  16. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    got sum more way to solve tis tricky problem? have been having a problem with this trojan (I assume) that has popped into my task bar. It is a a icon that switches between two images, a blue circle with a question mark inside, and a red circle with a slash inside (like a no smoking sign). On mousing over it, It'll say "Virus Alert!", and upon clicking it it says in bold "Your computer is infected!" followed by a 'solution', "Critical System Error! System detected virus activities...etc." I have ran McAfee, Spybot S&D, Adaware, and am still unable to get rid of it. After a while, two windows also pop up, labled "ULWindowUrl" and "ULWindowSeek." I think the two may be related but have too little knowledge of this stuff to be sure. Does anyone have a solution? It'll be greatly appreciated.
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Go to add remove programme in your control panel and uninstall anything to do with(if there).

    Dap.

    Close control panel.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\DAP


    Reboot into normal mode and turn system restore back on.


    Regards Howard :)
     
  18. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    lolz? Dap and flashget not a virus wor... It will inflect the Virus Alert! problem ?
    Anyway i tryin. I found something interesting about a file call regperf.exe. But i download a software to remove this file(actually it found in virus list). The next day i open window defender, the software explorer. I found again the regperf.exe in my list. After i disable and remove it, it gone until now.
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, let`s try this.

    Download and run the Microsoft malicious removal tool from HERE

    Then, go HERE and follow the instructions very carefully.

    Let me know if this helps.

    Regards Howard :)
     
  20. Ruzumaki

    Ruzumaki TS Rookie Topic Starter

    Thank You SO MUCH!!! The problem SOLVED!!!!~ WEEEEEEEE~ Thank you for teach me so patient!! http://siri.urz.free.fr/Fix/SmitfraudFix_En.php help me alot.
    Here with a fresh HJT!
    But after i use the program smitfraudfix, i felt my computer got a bit lag. Did i need defragment and check disc?
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Download and run the Ccleaner programme from HERE. Run the programme two or three times, then run a disk defrag.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...