Trojan Monder.cqbi plus Google redirects

By slombardo2
Jul 13, 2009
  1. I have been struggling with this for 5 days now and I cannot make any headway so I'm hoping someone here can help me out. I have run Kaspersky, Spybot Search & Destroy, plus I just completed the 8 steps and have run Malwarebytes, CCleaner and SUPERAntiSpyware and I am still having problems. I am running Vista Home Premium and my problem is listed below.

    First, Kaspersky started generating these popup errors:

    "APPLICATION belonging to group "Trusted" is trying to get access to malicious software.

    A special disinfection procedure is required which demands a systems reboot. You are advised to close all other applications. Perform disinfection?



    OK (recommended)
    Action will be performed

    Object will not be modified or deleted"

    APPLICATION listed above is just a generic term as this happens for any application that is launched. Selecting OK to perform disinfection will reboot the system but the infection is still there upon startup.

    I also get this error as well:

    "Bad Image

    globalroot\systemroot\system32\hjgruinitcvwvf.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

    And this one:

    "APPLICATION: Accessing the file C:\Windows\System32\hjgruinitcvwvf.dll, containing Trojan program Trojan.Win32.Monder.cqbi"

    I have looked for this .dll but it does not seem to exist. Also, Malwarebytes initially did not discover anything but now it will sometimes state that it discovers a Trojan named Trojan.TDSS trying to access the same .dll file listed above. Trying to quarantine this file locks up Malwarebytes and I have to kill the program. Other times it runs fine and does not discover anything.

    I also have the redirect problem that a lot of other folks on this forum seem to be having. Anytime I click on a search result in Google it takes me to some sponsored ad page.

    I have attached the log files requested in the 8 steps. Please advise when you can. Thank you.

  2. cosmido

    cosmido TS Rookie Posts: 20


    When malwarebytes finish a scan you have to select >>>>>> [Remove Selected].
    In the report you placed, you didn't suppress anything (-> No action taken.)
    • Then Open Malwarebytes,
    • Go in Quarantine and select [Delete All]

    Also, your report is from 2009-07-10
    • Then go in [Scan] Option and select >> [Perform Quick Scan],
    • When the scan will be finish, select >>>>>> [Remove Selected],
    Post the report.

    This file (hjgruinitcvwvf.dll) is a kind of Vundo(or a variant), it's an Adware who produce pub. popup.

    This infection should be manage by Malwarebytes ?

    If Malwarebytes don't fix this vundo, you'll have to use Combofix.

    Download and use ToolBar S&D on your desktop.
    • Start a search with Google for > Eric.71.MesPages - ToolBar S&D.enBy IDN team
    • Enter into this web page > Eric.71.....
    • You'll have the Download and Installing / Using,
    • Follow the instructions for the first option : 1. Search,
    • Post the report.

    I'am not able to place any address (http...) for direct download..
  3. slombardo2

    slombardo2 TS Rookie Topic Starter

    Hi cosmido,

    Thanks for replying. As I stated in my first post, the reason that I did not perform the disinfection with Malwarebytes is that it locks up the system when I try that. Also, running a scan does not find anything. Regardless, I ran a new scan as you requested and attached the file. It didn't find anything though.

    I did what you suggested and ran Combofix and it found a lot of stuff. I have attached the log file for that as well. Reading through the file it looks like it got the problem I was having. And I'm not getting the annoying popups anymore from Kaspersky about the Trojan.Monder or the .dll file.

    Also, my Google redirect issue look to be gone as well. So far no issues but I will keep an eye on things. I have attached the Combofix log file, the Malwarebytes log file and a new HijackThis log file that I ran after a reboot. Please look everything over and let me know if there is still work to be done.

    Thanks again!!

  4. slombardo2

    slombardo2 TS Rookie Topic Starter

    I forgot to run the ToolbarSD. I ran that and have attached the log file as well.

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...