TechSpot

Weird virus warnings - anyone else getting this?

By tom_oftheplains
Jan 11, 2008
  1. So, the other day, I was experimenting with online storage sites, and somewhere along there I think I picked up a nasty little bug.

    When I restart my computer, I keep getting a message that says during startup, the computer couldn't find

    C:Windows\system32\mljgg.exe.

    And, it gets worse. Now, I'm being greeted with this when I turn on the computer, in addition to the above:

    "Important – Potential errors found in the system

    During a scan of files at system startup, potential errors in the system registry were found. P-07-0100 irql: 1F SYSVER 0xff00024
    NT_Kernel error 1256
    KMODE_EXCEPTION_NOT_HANDLED"

    I know registry problems are BIG problems, so I'm loathe to do anything unless I have some expert advice at the ready. Anyone able to help?
     
  2. tom_oftheplains

    tom_oftheplains TS Rookie Topic Starter Posts: 21

    Ah, the plot thickens. Now, my computer slows to a crawl, then I get the following pop-up:

    "You system could become unstable

    A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer
    ****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
    Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)"

    What the hell is THAT? The language is weird, and the wording sounds... off. Don't know what to make of it.
     
  3. KRS84

    KRS84 TS Rookie

    What does one need to post in order to get help with a trojan spyware? I'm new to all this
     
  4. plasma dragon00

    plasma dragon00 TS Rookie Posts: 172

    tom, the second post. what kind of popup do you mean? is it the BSOD (blue screen of death) or a popup? if that is the exact wording of the popup, it doesnt sound right to me either. "...Windows has been shutdown buggy application..." if that is exactly what it says, i think it could be a virus. could you please post a screenshot of any of these errors ou are recieving?

    if you dont know how, when one pops up, press the "Print Screen" button on your keyboard (maybe something along the lines of "Prnt Scrn") then, click start and either find your paint program or click start>run> and type in "mspaint" and hit enter. past the picture into the program, save it, and upload it to photobucket or something along those lines and put a link to it.
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Confirm your AntiVirus software is up to date

    Download Startup Control Panel
    http://www.mlin.net/StartupCPL.shtml
    And remove any mljgg.exe instances

    Restart

    Download Ad-Aware and run a update then a full scan
    http://www.lavasoftusa.com/products/ad_aware_free.php

    Download Spybots Search & Destroy and run a update then a full scan
    http://www.safer-networking.org/en/mirrors/index.html

    Restart

    Reply back with more info after that

    You may also need to read:
    Viruses/Spyware/Malware, preliminary removal instructions
    http://www.techspot.com/vb/topic58138.html
     
  6. tom_oftheplains

    tom_oftheplains TS Rookie Topic Starter Posts: 21

    Thanks, Kim. I followed up on all that you mentioned. The Startup control panel is a useful tool, but nothing labeled mljgg was showing up in there. After running the Ad-aware and Spybot S&D, most of it seems under control.

    But now I'm still getting a warning similar to the first one I posted, except the mljgg has been replaced with a jkkjk.exe file.

    I did a search in my registry, and I found both the mljgg and jkkjk file in the registry under windows/MUIcache. Should I delete these files, or are they legit? I found a ton of stuff in that folder that looks suspect.

    Also, something has happened to my temporary folders file apparently, because now when I go into My Documents, I have a TON of TMP Files that came from seemingly nowhere. They're all labeled from pos1A00 through posFFF. There's literally thousands of them, and I'm not sure what to do about that now.

    And to answer your question, plasma, no, I'm not getting the Blue screen. It's a regular popup that occurs randomly. I do believe it's been neutralized by the ad-aware and spyware combos I just used, but I have a feeling this isn't over, either.

    Edit: Great. I'm still getting that grammatically-incorrect Windows warning, and am greeted with that same:

    "During a scan of files at system startup, potential errors in the system registry were found. P-07-0100 irql: 1F SYSVER 0xff00024
    NT_Kernel error 1256
    KMODE_EXCEPTION_NOT_HANDLED"

    warning.
     
  7. jrdrag1052

    jrdrag1052 TS Rookie

    Help!!!

    Wow this is a really tricky one....... im getting the same thing and i have tried sys restore, recovery console. And none of my virus programs can find a problem. I also have the thousands of .tmp files in my documents

    Someone PLEASE help!!!
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You both need to follow
    Viruses/Spyware/Malware, preliminary removal instructions
    http://www.techspot.com/vb/topic58138.html

    And then provide HijackThis logs (as stated in the above link

    You can also do an online scan with:
    http://www.kaspersky.com/virusscanner

    Yes you can remove all those mljgg and jkkjk files (By the wy do you have Trend installed)

    jrdrag1052 I prefer you make a new thread, as Hijack This reports are usually big, and there will be confusion if there are two of you !
     
  9. tom_oftheplains

    tom_oftheplains TS Rookie Topic Starter Posts: 21

    Okay, I think I'm 99% in the clear. I just need to be able to go to the part that's responsible for those mljgg files and remove them from the startup registry. Of course, I've forgotten how to do this. Anyone remember?
     
  10. plasma dragon00

    plasma dragon00 TS Rookie Posts: 172

    if you want to edit startup entries, start>run, type in "msconfig" and hit enter (without the quotes of course). go to the "Startup" tab, find what you want to remove. make sure though that it is the right thing!!!!! once youre sure it is, uncheck it. click "Apply" at the bottom, then "Ok" at the bottom. when it asks to restart, click restart now. and cross your fingers and hope you didnt mess anything up lol ;)

    good luck
     
  11. stangpride

    stangpride TS Enthusiast Posts: 36

    Did you mean how to get to the registry editor since you mentioned "startup registry" and not just 'startup' by itself? If so, start>run, type "regedit" (without the quotes). I do not know exactly what might need to be edited in the registry to resolve your issue, but I do know that you need to be extremely careful doing anything to the registry, as it can affect your ability to boot as well as render your system unrecoverable if you mess with the wrong things. :grinthumb
     
  12. tom_oftheplains

    tom_oftheplains TS Rookie Topic Starter Posts: 21

    Well, that part did the trick. I had to remove the mlljg file from both the regedit and the msconfig startup directories.

    So, now I'm back to normal - if only I could figure out what to do with those thousands of TMP files that have mysteriously shown up in the My Documents folder. Will deleting them cripple something?
     
  13. Rage_3K_Moiz

    Rage_3K_Moiz Sith Lord Posts: 5,431   +28

    These TMP files also might show up in the C:\ root and are usually safe to delete. I had a similar trojan and I had to delete a lot of similar files as well as registry entries in order to clean the system fully. I recommend asking momok for help, since he's the expert around these parts AFAIK in Howard's absence. Only if he tells you to delete them should you delete them.
     
  14. imicinos

    imicinos TS Rookie

    This bug is starting to show up everywhere.
    It's spreading like the plague and moving at the rate of the internet hi on light speed.

    Definitely a Hijack virus.

    ... let the re-installation begin :suspiciou

    I'm happy that it didn't happen to my designer system... only to the gamer system.
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    imicinos please start your own thread, I think (ie I'm not sure if you're trying to help here or not?)
     
  16. imicinos

    imicinos TS Rookie

    yes this was in relation to the thread or I would have...

    can't seam to please anyone, start a new thread and I get told to search for the topic at hand then I find exactly what I'm having issues with then I get told to start my own thread....

    WTF?

    Anyway, whatevs, laters.
     
  17. jobeard

    jobeard TS Ambassador Posts: 9,350   +622

    we ask for unique threads per person so that the instructions for one do not conflict
    or damage the original poster.

    btw: if you want help, then learn to be polite otherwise we may well choose to ignore you and leave you stranded

    caveat emptor.
     
  18. tom_oftheplains

    tom_oftheplains TS Rookie Topic Starter Posts: 21

    Well, thanks tons for the help everyone. System normal, everything's fine here. We're fine. Here. Now. How are you?
     
  19. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I loved that line in Star Wars, and then Hans Solo shoots the control (He was definately the star)

    Anyway, thanks for the update.
     
  20. kirock

    kirock TS Rookie Posts: 1,221

    Harrison Ford was originally hired to READ the lines for other actors, while George Lucas looked for a suitable actor for the Hans Solo character. After many auditions and no good actor found..George had eureka moment and realized Harrisonn was perfect for the job (after all he had been reading the character's lines for many weeks by now).

    :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...