Dreaded Pop Ups are back

Status
Not open for further replies.
R

ru1thirst

Posts: 77   +0
Well don't know how but they are back. Firefox, spyblaster, sb s&d, Lavasoft, you name it, I tried it or used it.
Howard, I've attached a log. Can you tell me what to get rid of?
Thanks again. Didn't think I'd have to be back for awhile.
 
Your system is infected with the Vundo trojan.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into Vundofix.

C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\hgrvuoya.dll

Post a fresh HJT log as wel as an AVG Antispyware log, after doing the above.

Regards Howard :)

This thread is for the use of ru1thirst only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok, I've done the above and think I know what to delete but don't want follow my instincts. Ok, now what? Think we are getting there.
 
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: (no name) - {90157D05-B66C-48EF-8D75-BBF0F6958B4B} - C:\WINDOWS\system32\jkkjh.dll (file missing)

O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\hgrvuoya.dll (file missing)

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O20 - Winlogon Notify: fcccyvs - fcccyvs.dll (file missing)

Click on the fix checked button.

Close HJT and reboot your system.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of ru1thirst only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks Howard. You've done it again. Think is all back to norm. Ran avg and analize and nothing looks to be there now on either. Thanks again!
 
poor user practice

McAffe info on Vundo
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve
  1. system or security exploitation, and
  2. unsuspecting users manually executing unknown programs.
  3. Distribution channels include
    email,
    malicious or hacked web pages,
    Internet Relay Chat (IRC),
    peer-to-peer networks, etc.​
 
Status
Not open for further replies.

Similar threads

J
There's no going back: The new data center is dominated by Nvidia
Replies
18
Views
693
umeng2002
umeng2002
J
Telecom equipment makers are having a bad month, and a bad decade
Replies
4
Views
310
RudyBob
RudyBob
Cal Jeffrey
YouTuber fought back against Nintendo DMCA notice and won
Replies
17
Views
1K
urbanman2004
urbanman2004

Latest posts

Back