Generic.WUE and Dialer.BZB

[jadeo9]

Generic.WUE; Dialer.Trojan; Trojan.Nebular; Generic.XAH

Hi. I am having the same problem with my computer. Norton identified the virus but could not quarantine, delete or fix. I also ran a couple of other virus checkers and they detected the same virus but with slightly different names.
I have had the trojan for about 2 weeks now as I have had trouble getting rid of it. My computer is running very slow. I would like to attempt the instructions for removal but my first problem is that I cannot access safe mode. I have used safe mode a lot before, but now when I load it all I get on the screen is the black background with the "running in safe mode message up the top". I can press Ctrl Alt Del to get to Task maanger but I cannot get any other keyboard short cuts to open other windows. I am afraid the trojan may have buggered my computer too far! any suggestions? Cheers.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Sorry to hear you`re having problems.

Lets see if we can get you fixed up.

Go HERE and follow as many of the instructions as you can.

Then, post a fresh HJT log as a .txt attachment into this thread.

I have moved your post to it`s own thread. This will save any confusion.

Regards Howard :wave: :wave:

 

[jadeo9]

completed hijackthis

Hi. I followed the anti-virus and spyware instructions. Anti-virus identified that "wucrtupd.dll" as a virus but couldnt fix. Also the virus checker identified viruses within Norton Antivirus which would make sense since it stopped functioning properly the other day.
Ran hijackthis and will attach files. The log showed "wucrtupd.dll" which was interesting. it came up with an error when trying to delete it.
Actually tried running hijack this the other day when I didnt know what i was doing, will post the log. The second hijackthis i ran properly and "fixed" the lines I was supposed to but I forgot to save a log. I then ran hijack this again just to save the log - will post this as well.

 

[jadeo9]

2nd hijack this log

having trouble posting 2 attachments in the same message and my browser keeps automatically closing.

 

[howard_hopkinso]

Go HERE and follow the instructions for the LSP fix.

Download the Pocket Killbox programme from HERE. Extract it, but don`t run it yet.

Post a fresh HJT log after doing the above.

Regards Howard

 

[jadeo9]

deleted smnsp.dll and fresh hijack this log

deleted smnsp.dll and fresh hijack this log

after rebooting after the first hijack this i have been unable to turn system restore back on. it keeps coming up with an error saying restart and try again. when i do that nothing changes.
also i am getting a message saying i need to validate windows and get a licence, but i already own it.

 

[howard_hopkinso]

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

DeskSite\binex

Close control panel.

Now, run HJT and click on the config button. Click the backups button and select all the 016-DPF entries and click on the restore button.

Close HJT and reboot your system.

Post a fresh HJT log.

Regards Howard

 

[jadeo9]

Removed Eminem DeskSite

I removed the eminem DeskSite. I downloaded it from the official eminem website, but i never use it coz you need broadband and i only have dial up

 

[howard_hopkinso]

Your HJT log is clean.

However, I`d like you to do the following.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

Enter this filepath into kill box.

C:\WINDOWS\system32\wucrtupd.dll

Once your system has rebooted, please let us know how your system is running.

Regards Howard

 

[jadeo9]

removed wucrtupd.dll

i deleted the file. going to reinstall norton to see if it functions properly again. will also run an online virus checker again to see what it can detect.
i still cant turn system restore back on - keeps comin up with an error.
and still have the windows validation problem.

 

[howard_hopkinso]

I asked you to restore the 016_dpf entries.

run HJT and click on the config button. Click the backups button and select all the 016-DPF entries and click on the restore button.

Close HJT and reboot your system.

Post a fresh HJT log after you have restored the 016-DPF entries.

Regards Howard

 

[jadeo9]

new HJT log

i reinstalled norton and it sent my computer silly again so i uninstalled again, their was numerous viruses detected in the norton folders when i ran an online virus checker.

went completed another HTJ log but there was no O-16-DPF in the configuration this time. i wasnt sure what to do, so i will just post the newest log.

 

[howard_hopkinso]

You shouldn`t try to install Norton as you already have AVG. Running more than one antivirus programme isn`t recommended, as it can cause conflicts etc.

It appears you`re not running any firewall software.

Download and install the free Zonealarm firewall from HERE.

I can find nothing nasty in your HJT log.

Click start all programmes/Windows updates and let Windows install any updates there may be.

Then go HERE and follow the instructions for Ewido.

Post the Ewido log.

I`d also like you to run this tool from HERE.

Regards Howard

 

[jadeo9]

ewido log

have ran ewido, but didnt have to clean or fix anything. after uninstalling norton again my comp is running much smoother, so I guess uninstalling it stopped the function of the trojans located in the norton files. am going to run an online AV scanner again to see if it picks anything else up because my browser keeps popping up with porn sites.
I ran the other program and it killed my computer to a blue screen and said fatal system error. it begun dump of physical memory, counted to 100 then thankfully restarted as i was having a heart attack.
The zone alarm fire wall has stopped many unknown isps for gaining access as well.
included another HJT log as well

 

[howard_hopkinso]

I can confirm your HJT log is clean.

Hopefully getting rid of that Symantec/Norton crapware and installing a firewall has solved you problems.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

 

[jadeo9]

Kaspersky and VBG logs

Hi,
Have included the online virus checker log, which identified some trojans but didnt actually remove them.
When I ran VBG I nearly freaked when my comp went to that blue screen, but all is well now.
Could you please recommend the best anti-virus software to purchase in your opinion? I am currently using the AVG free edition instead of the Norton/crap ware as you called it. HaHa!
Cheers,
Jade.

 

[howard_hopkinso]

I use the free AVG myself and have never had any problems. I also use the free Zonealarm firewall and have never had a problem with that either.

Just as a final check, please attach a fresh HJT log.

Regards Howard

 

[jadeo9]

last HJT log

it had come to this - the final log.
well at least my computer is turning on within 10 minutes yay!
thanks for all your help! very much appeciated!

 

[howard_hopkinso]

Have HJT fix this entry.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Other than the above inactive entry, your HJT log is clean.

Regards Howard