Virus or Trojan on comp

Status
Not open for further replies.

KnightRiderX

Posts: 36   +0
Hi,

My friend has either a virus or a trojan on his comp. He has done the virus scans and HJT. I have included the HJT log along with this post. Also, whenever He boots up his comp, the message pops up saying that it had a problem loading a dll file called lwiojwyf.dll.
 
It looks like the computer is infected with the Vundo trojan and possibly other nasties.

Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

If you decide to clean your system after reading the above thread, do the following.

Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

Regards :)

This thread is for the use of KnightRiderX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
OK, now for the cleanup.

Go into Add/Remove Programs in your Control Panel and uninstall anything having to do with Viewpoint.

Now have HJT fix these entries (if there), by placing a tick in the box next to them:

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Click the Fix Checked button.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Now post fresh HijackThis and ComboFix logs, as well as the contents of C:\avenger.txt, into your next reply.

Regards :)

This thread is for the use of KnightRiderX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Please run The Avenger again with the avengerscript.txt attached to this post (not the one before). Then post a fresh HijackThis log.

Regards :)
 
No problem mate :)

Have HijackThis fix these two inactive entries:

O2 - BHO: (no name) - {085364AB-423C-4B40-9120-636DE8CA5911} - C:\WINDOWS\system32\xvefljko.dll (file missing)

O2 - BHO: (no name) - {4361E1F9-5739-49DE-BEC3-84FE84B250B3} - C:\WINDOWS\system32\awtqn.dll (file missing)

Other than that, your HijackThis log is clean.

Please post a fresh ComboFix log just to be sure.

Regards :)
 
Status
Not open for further replies.
Back