Trojan I can't get rid of log attached

Status
Not open for further replies.
G

gretz06

Posts: 17   +0
Hello all- I Read: "Viruses/Spyware/Malware, preliminary removal instructions.
howard_hopkinso" and followed each step...and I thought I was clean...but today I let my computer sit, and *poof* the same pop up ads and outside computer tryin to access my computer popped up. I have enclosed the log, I ran it out of safe mode, is that ok? PLEASEEEE HELP!!!
 
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I need to see both HJT and AVG Antispyware logs as ATTACHMENTS!!


This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
AV log?

Hey-
I have run AVG several times but I do not see a log.... how do I make this? (sorry new to this)
 
There is a button along the top called reports and it gives you the option to save.


This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
i need to wait till my scan is done right? then i can save the results as a report? currently it is 87% done, and hasn't found anything...do I still need this report?

Hey -

Thanks for hanging in there with me.... attached are the two logs.... please help...thank you!!


-gretz

hjack log -- please see attached

FYI the hjack log is in the earlier post..... it won't let me upload again.
 
Change the name to the log, then you can upload ( Sorry for posting when Rik said only him but I had to tell him how to do it ;) )
 
Feel free to join in and help anytime TimeParadox!:) In fact you have helped me as i didn't know about having to rename attachments!! Your input is greatly appreciated:)

The part in red is not for stopping people from helping but is instead for stopping people from posting their problems into an existing thread as spyware symptoms often appear alike but require completely different cures.

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
grrrrrr =(

Hey All--
It still won't let me attach the below log, it keeps saying I already did (which is true if you scroll up a few posts u can see the log attached) However - it did let me attach the other log. will the below two work? FYI - this is after I followed your instructions above.

thank you guys again for taking the time to help me.
 
Hello and welcome to Techspot.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into killbox.

C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\cyhocfae.dll

Post a fresh HJT log, after doing the above. HERE are instructions for posting your HJT log as an attachment. If you still have problems attaching a HJT log, then copy and paste it and I`ll remove it afterwards.

Regards Howard :wave: :wave:

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Run Vundofix from normal mode please.

Regards Howard :)

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
above done..

Hi all-

I did the above... below is the new log..... how am I looking =(?
Thank you again for your help on this!! you're a huge help!!!
----------------------------------------------------------------
 
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\nmjpwdqm.dll

O2 - BHO: (no name) - {BD682681-858E-410F-AA9D-19B4DD8D4490} - C:\WINDOWS\system32\mljgd.dll (file missing)

O3 - Toolbar: (no name) - {18668683-731c-48fa-b1b9-ad013748fb00} - (no file)

O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\system32\cyhocfae.dll",setvm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

These are the filepaths you need to enter into killbox.

C:\WINDOWS\system32\cyhocfae.dll
C:\WINDOWS\system32\nmjpwdqm.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your attached HJT log is clean as a whistle.

There`s no need to copy and paste your log as well as attach it. In fact, you should only attach log files.

If you have any further virus/spyware problems, please post in this thread.


Regards Howard :)

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hey

Thank you so much for you help with the above virus, I seem to be having another problem, when I try to adjust things in my "msconfig" I get an error message saying "there was an error you need to log in as the system admin" This only happen after the above virus was installed. I have a stand alone PC with windows XP no admin? Any Ideas?? =( as always thank you for your time with this one!!!
 
Please post a fresh HJT log, just in case your system has become reinfected.

Regards Howard :)

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
part 2

I ran a sweep on my computer with Webroot spy sweeper...and it found "trojan agent winlogonhook" But I think something in the backgroud is downloading these, because I haven't surfed the internet, or DL-ed anything on my desktop computer since my first e-mails to you guys. Please help =(
 
howard_hopkinso said:
Please post a fresh HJT log, just in case your system has become reinfected.
Click to expand...

The clue was in my post above lol.

Regards Howard :)

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That`s definitely not a good sign.

I want to check for rootkits.

Download and run the Blacklight programme. follow all the instructions carefully.

Let me know the results.

Regards Howard :)

This thread is for the use of gretz06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

S
Solved Windows Task Manager crashes after opening
2
Replies
32
Views
10K
Broni
Broni
Jacca
  • Locked
Inactive I have a virus called Industrialists and I can't get rid of it
Replies
1
Views
1K
Broni
Broni
R
  • Locked
Inactive I can't startup any of my anitvirus programs
Replies
1
Views
1K
Broni
Broni

Latest posts

Back