Please copy and paste these instructions into a Notepad file and save it to your desktop. Then close your web browser and follow the instructions from Notepad.
Step 1:
Download Vundofix from
HERE.
Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.
Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.
This is the filepath you need to enter into Vundofix.
C:\WINDOWS\system32\nxmbd.dll
Step 2:
Navigate to
virusscan.jotti.org.
Enter the following into the text box at the top of the page.
C:\WINDOWS\bwUnin-6.3.3.61-7211241L.exe
Click the Submit button and then make note of the results.
Step 3:
Run HijackThis with no other programs open (except Notepad). Do a system scan.
Place a check in the box next to the following entries (if there):
R3 - URLSearchHook: (no name) - {8530D748-6CA0-1E02-F1ED-6744E6834F9D} - C:\WINDOWS\system32\nxmbd.dll (file missing)
O2 - BHO: (no name) - {8530D748-6CA0-1E02-F1ED-6744E6834F9D} - C:\WINDOWS\system32\nxmbd.dll (file missing)
O4 - HKCU\..\Run: [Ilj] C:\WINDOWS\system32\M?crosoft.NET\mshta.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\ALLUSE~1.JSH\APPLIC~1\CURITY~1\chkntfs.exe" -vt ndrv
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Click the Fix Checked button.
Step 4:
Go into Control Panel->Add/Remove Programs and uninstall anything having to do with
Viewpoint.
Then go Start->Run, and type in
services.msc. Press Enter.
Select anything relating to the following from the list and select Stop if they are running:
viewpoint manager
viewmgr
Step 5:
Download the attached "Combofix-Do.txt" ( from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt over on to Combofix.exe and release.
This will ask Combofix to execute the instructions within my file.
Let Combofix run normally and do its job.
Then post fresh ComboFix (combofix.txt) and HJT logs, as well as the results of the Jotti virus scan.
Regards
This thread is for the use of Negotiator only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.