I have been struggling with this for 5 days now and I cannot make any headway so I'm hoping someone here can help me out. I have run Kaspersky, Spybot Search & Destroy, plus I just completed the 8 steps and have run Malwarebytes, CCleaner and SUPERAntiSpyware and I am still having problems. I am running Vista Home Premium and my problem is listed below.
First, Kaspersky started generating these popup errors:
"APPLICATION belonging to group "Trusted" is trying to get access to malicious software.
A special disinfection procedure is required which demands a systems reboot. You are advised to close all other applications. Perform disinfection?
Object:
C:\Windows\System32\hjgruinitcvwvf.dll
Trojan.Win32.Monder.cqbi
OK (recommended)
Action will be performed
Block
Object will not be modified or deleted"
APPLICATION listed above is just a generic term as this happens for any application that is launched. Selecting OK to perform disinfection will reboot the system but the infection is still there upon startup.
I also get this error as well:
"Bad Image
globalroot\systemroot\system32\hjgruinitcvwvf.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
And this one:
"APPLICATION: Accessing the file C:\Windows\System32\hjgruinitcvwvf.dll, containing Trojan program Trojan.Win32.Monder.cqbi"
I have looked for this .dll but it does not seem to exist. Also, Malwarebytes initially did not discover anything but now it will sometimes state that it discovers a Trojan named Trojan.TDSS trying to access the same .dll file listed above. Trying to quarantine this file locks up Malwarebytes and I have to kill the program. Other times it runs fine and does not discover anything.
I also have the redirect problem that a lot of other folks on this forum seem to be having. Anytime I click on a search result in Google it takes me to some sponsored ad page.
I have attached the log files requested in the 8 steps. Please advise when you can. Thank you.
Sean
First, Kaspersky started generating these popup errors:
"APPLICATION belonging to group "Trusted" is trying to get access to malicious software.
A special disinfection procedure is required which demands a systems reboot. You are advised to close all other applications. Perform disinfection?
Object:
C:\Windows\System32\hjgruinitcvwvf.dll
Trojan.Win32.Monder.cqbi
OK (recommended)
Action will be performed
Block
Object will not be modified or deleted"
APPLICATION listed above is just a generic term as this happens for any application that is launched. Selecting OK to perform disinfection will reboot the system but the infection is still there upon startup.
I also get this error as well:
"Bad Image
globalroot\systemroot\system32\hjgruinitcvwvf.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
And this one:
"APPLICATION: Accessing the file C:\Windows\System32\hjgruinitcvwvf.dll, containing Trojan program Trojan.Win32.Monder.cqbi"
I have looked for this .dll but it does not seem to exist. Also, Malwarebytes initially did not discover anything but now it will sometimes state that it discovers a Trojan named Trojan.TDSS trying to access the same .dll file listed above. Trying to quarantine this file locks up Malwarebytes and I have to kill the program. Other times it runs fine and does not discover anything.
I also have the redirect problem that a lot of other folks on this forum seem to be having. Anytime I click on a search result in Google it takes me to some sponsored ad page.
I have attached the log files requested in the 8 steps. Please advise when you can. Thank you.
Sean
