TechSpot

Vundo, Darksma, Metajaun?

By roses1475
Jun 26, 2008
  1. Well, thats what my programs say they are removing but never do. I keep getting popups constantly! The webpages are so slow to load, if they even get that far. I need help otherwise I would have to reboot the whole system. TIA

    The log was run after it said it was removed, but nothing seems to have changed.
     
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

  3. roses1475

    roses1475 TS Rookie Topic Starter

    Thank you, I just wanted to let you know I'm still working on it.
     
  4. roses1475

    roses1475 TS Rookie Topic Starter

    Sorry, this is all new to me and a little confusing, here is the first log

    Also, no rootkits have been found
     
  5. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Make sure to clear everything SAS (SUPERAntiSpyware) Found
     
  6. roses1475

    roses1475 TS Rookie Topic Starter

    My fingers are crossed
     
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

    O2 - BHO: {4a98f74d-2fc7-636b-90a4-85114c640470} - {074046c4-1158-4a09-b636-7cf2d47f89a4} - C:\WINDOWS\system32\qaoqeyyu.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {EA4B3D6E-A8BE-446A-B989-F2C34E4FF8AC} - C:\WINDOWS\system32\pmnnMefF.dll (file missing)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [13f04ba4] rundll32.exe "C:\WINDOWS\system32\ernqlbfy.dll",b
    O4 - HKLM\..\Run: [BM10c37838] Rundll32.exe "C:\WINDOWS\system32\yrjmbclf.dll",s
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe




    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    PartyGaming

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\WINDOWS\system32\qaoqeyyu.dll
    C:\WINDOWS\system32\pmnnMefF.dll
    C:\WINDOWS\system32\ernqlbfy.dll
    C:\WINDOWS\system32\yrjmbclf.dll
    C:\Program Files\PartyGaming



    After that, Reboot, and post a new HijackThis log here in a reply
     
  9. roses1475

    roses1475 TS Rookie Topic Starter

    hyjackthislog
     
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Pet%20Shop%20Hop/Images/stg_drm.ocx

    http://www.atribune.org/ccount/click.php?id=4

    "Download VundoFix" to your desktop. from the link above
    Double-click VundoFix.exe to run it.
    When VundoFix opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click OK.
    Then post a fresh hijackthis.log
     
  11. roses1475

    roses1475 TS Rookie Topic Starter

    heres the log
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    your log looks clean except for one file

    O4 - HKLM\..\Run: [BM10c37838] Rundll32.exe "C:\WINDOWS\system32\yrjmbclf.dll",s

    I am going to double check to see what this is. How is your computer running.


    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
     
  13. roses1475

    roses1475 TS Rookie Topic Starter

    Thank you sooo much!!
     
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    hey one last thing just in case you had installed some tools

    Uninstall ComboFix

    • Click Start then Run
    • Now Type Combofix /u in the runbox
    • Make sure there's a space between Combofix & /u
    • Then hit Enter

    The above procedure will Delete the following:
    • ComboFix & it's associated files & folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide system/hidden files, if required.
    • Set a new, clean Restore Point.

    ------------------------------------------------------------------

    OTCleanit! by Oldtimer

    • Download OTCleanIt
    • Click the CleanUp! button.
      (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...