TechSpot

Virus or Trojan on comp

By KnightRiderX
Apr 20, 2007
  1. Hi,

    My friend has either a virus or a trojan on his comp. He has done the virus scans and HJT. I have included the HJT log along with this post. Also, whenever He boots up his comp, the message pops up saying that it had a problem loading a dll file called lwiojwyf.dll.
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    It looks like the computer is infected with the Vundo trojan and possibly other nasties.

    Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

    If you decide to clean your system after reading the above thread, do the following.

    Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of KnightRiderX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. KnightRiderX

    KnightRiderX TS Rookie Topic Starter Posts: 36

    here are the other logs.
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Please post a fresh HijackThis log from normal mode.

    Regards :)
     
  5. KnightRiderX

    KnightRiderX TS Rookie Topic Starter Posts: 36

    .. here you go
     
  6. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Can you post one from normal mode?

    The log says Safe Mode.

    Regards :)
     
  7. KnightRiderX

    KnightRiderX TS Rookie Topic Starter Posts: 36

    lol.. im sorry there you go
     
  8. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    OK, now for the cleanup.

    Go into Add/Remove Programs in your Control Panel and uninstall anything having to do with Viewpoint.

    Now have HJT fix these entries (if there), by placing a tick in the box next to them:

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Click the Fix Checked button.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    Now post fresh HijackThis and ComboFix logs, as well as the contents of C:\avenger.txt, into your next reply.

    Regards :)

    This thread is for the use of KnightRiderX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  9. KnightRiderX

    KnightRiderX TS Rookie Topic Starter Posts: 36

    ok here you go
     
  10. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Please run The Avenger again with the avengerscript.txt attached to this post (not the one before). Then post a fresh HijackThis log.

    Regards :)
     
  11. KnightRiderX

    KnightRiderX TS Rookie Topic Starter Posts: 36

    there you go there... btw thank you alot
     
  12. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    No problem mate :)

    Have HijackThis fix these two inactive entries:

    O2 - BHO: (no name) - {085364AB-423C-4B40-9120-636DE8CA5911} - C:\WINDOWS\system32\xvefljko.dll (file missing)

    O2 - BHO: (no name) - {4361E1F9-5739-49DE-BEC3-84FE84B250B3} - C:\WINDOWS\system32\awtqn.dll (file missing)

    Other than that, your HijackThis log is clean.

    Please post a fresh ComboFix log just to be sure.

    Regards :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...