Hey,
What a great way to start off the new year huh?
I've had this thing before but just got it again.
I was gonna do a virus scan but came here instead to see if i could fix it with my log

THANKS A BUNCH IN ADVANCE!

if anything else is need please let me know




Imma follow the very thorough instructions first

Attached Files

hijackthislog1-01.txt (5.7 KB, 2 views)

Right Click on MyComputer icon and go to properties
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu
download malwarebytes and install
run hijackthis and malwarebytes at the same time
select any files and or keys I posted in hijackthis but on both maiwarebytes and hijackthis click fix at the same time.
then reboot immediatly.
if you forget to turn off system restore it will return no matter

reboot once complete, run hijack this and post your log here again

Ok,
Did what was suggested...
I scanned with SuperAnti, cleaned with CC and
did the thing with Malwarebytes and HiJack
here are my logs

thanks for the help

Attached Files

	mbam-log-2009-01-01 (21-32-34).txt (2.3 KB, 1 views)
	hijackthis log2.txt (5.7 KB, 1 views)

-> No action taken on MBAM scan, for found issues
Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log

Hello,

I've noticed that my Malwarebytes is running on outdated definitions but i wont update,
something about a firewall. However, I changed my firewall settings to allow the program and tried all three mirrors.
Any Suggestions?

Special case where after installing MBAM and SAS they will not update or run
Read here: Google Yahoo redirect TDSSserv.sys

Failing that, try here: http://www.techspot.com/vb/post684649-3.html

Then continue: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

He will need the winsock fix i believe get winsockfix and run it then follow the instruction prior for mawarebytes and hijackthis

yeah,
i tried running the fixit cmd, my computer restarted but Malwarebytes wont update
i was thinking of just reinstalling it, however i cannot access the webpage.

im wondering what my options are, im downloading winsockfix right now, hoping that it will help
thanks

OK- GOT AN UPDATED COPY,
as of now, i am running malwarebytes
will restart and then run hijack.

also, i got a pop up with a url containing the word sagipsul, should i worry or does this come with my problem?

thanks

i know it is frustrating but we will work through it

So here are the logs hopefully they are correct:

thanks again for the patience and aid

Attached Files

	mbam-log-2009-01-01 (23-55-25).txt (5.9 KB, 1 views)
	hijackthis.log (6.0 KB, 2 views)

A little better
Please update Malwarebytes one more time (again?) Yes again ! Sadly Malwares hide other Malwares, running multiple scans, will find and remove them all (but update it first)

Also try a free AntiVirus like => Avira

ok, will do
have a quick question, i've got SAS and im open to downloading avira
is it fine to have both programs running at the same time along with Malwarebytes?

and just checked, malwarebytes says i have the latest database version
sooo....

Yes actually I saw that it looked updated, but that's my standard advice - update first

Regarding SAS; you can un-install it now
And make sure to use one Antivirus, which will be the free Avira

Then with Avira all updated and working
Run Malwarebytes full scan (update first )

very well then,
SAS is dead and gone, Avira is my weapon of choice.
i'll start my scan soon and be back after i get some shut eye.

THANK YOU VERY MUCH!
I OWE THIS SITE MY something

ok scanning is done here are my logs, and i think my system is clean, can you do a once over?

im going restart and update with my hijackthis log

here is my hijack this log and scan log

thanks again

is it fine to turn my system restore back one?

Attached Files

	mbam-log-2009-01-02 (12-37-02).txt (856 Bytes, 2 views)
	hijackthiss.log (6.6 KB, 1 views)

NO
Right Click on MyComputer icon and go to properties
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu

After the reboot
download malwarebytes www.malwarebytes.org and install
run hijackthis and malwarebytes at the same time
select any files and or keys I posted in hijackthis but on both maiwarebytes and hijackthis click fix at the same time.
then reboot immediatly.
if you forget to turn off system restore it will return no matter

reboot once complete, run hijack this and post your log here again


O20 - AppInit_DLLs: jwapfx.dll
O20 - Winlogon Notify: xxyaxVlM - xxyaxVlM.dll (file missing)

Hopefully these will be the keys that will solve my dilemma

Attached Files

	mbam-log-2009-01-06 (00-30-00).txt (849 Bytes, 1 views)
	hijackthis1-6.log (6.2 KB, 1 views)

You have a number of bad issues

Please run a new scan with HJT and tick and fix the following entries (confirming your Internet browser is first closed)

Before restarting, download the following 4 tools, and print these instructions

1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
3. Restart computer and press F8 to run Windows in Safe Mode
4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
6. Run VirtumondoBeGone. Click Continue and wait for the report.
7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
8. Restart computer and run Windows normally.
9. Attach the report

Here are my scans and vundo program reports

Attached Files

	log.txt (11.7 KB, 1 views)
	VBG.TXT (2.5 KB, 1 views)
	FixVundo.log (193 Bytes, 1 views)
	hijackthis1-06.log (5.0 KB, 1 views)
	mbam-log-2009-01-6 (10-21-25).txt (848 Bytes, 1 views)

Still exists:
KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.

Download KillBox: http://www.killbox.net/downloads/KillBox.exe
Run it, and copy and paste this line into the path: C:\Program Files\Vongo\Tray.exe
Click the Red X (delete button)

Restart back to SafeMode
Locate: C:\Program Files\Vongo folder and delete it

Startup HJT scan still in Safe Mode
Tick and fix the following entry:
Restart back to Normal mode
Provide another HJT scan log (I want to see if it's now removed )

im racing against the clock to do all of this before i have to reboot to regain an internet connection,
but KILLBOX states that "C:\Program Files\Vongo\Tray.exe" seems to not exist. So right now im gonna reboot in safe mode and be offline running hijack this after deleting the folder

thanks

UPDATE- ok, will this resolve my problems?

Attached Files

hijackthis.log (4.4 KB, 1 views)