"Virus Alert!" problem

Status
Not open for further replies.
K

kawaiibox

Posts: 7   +0
I have been having a problem with this trojan (I assume) that has popped into my task bar. It is a a icon that switches between two images, a blue circle with a question mark inside, and a red circle with a slash inside (like a no smoking sign). On mousing over it, It'll say "Virus Alert!", and upon clicking it it says in bold "Your computer is infected!" followed by a 'solution', "Critical System Error! System detected virus activities...etc." I have ran McAfee, Spybot S&D, Adaware, and am still unable to get rid of it. After a while, two windows also pop up, labled "ULWindowUrl" and "ULWindowSeek." I think the two may be related but have too little knowledge of this stuff to be sure. Does anyone have a solution? It'll be greatly appreciated.

<Edit>
opps, forgot the hjt file.
 

Attachments

  • hijackthis.txt
    8 KB · Views: 12
Hello and welcome to Techspot.

First, go HERE and follow the instructions.

Then, go HERE and do likewise.

Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:
 
Heres the fresh log and the ewidow log as well, since the other instructions said to post it as well. If you want me to delete the other hjt log, just say so in your replay. I hate wasting space when its not necessary.
 
That`s better, now we`re getting somewhere.

Now for the next step.

Please go HERE and follow the instructions.

Then post a fresh HJT log.

Regards Howard :)
 
Originally posted by nasdaq at spywareinfo.com.


Ok, now follow these instructions exactly.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

1. Please download The Avenger. to your Desktop. Extract avenger.exe to your desktop.

2. Copy all the text between the dotted lines below to your Clipboard by highlighting it and pressing (Ctrl+C):

-------------------------------------------------------------------------------------------------------------------------------

Files to delete:
C:\WINDOWS\SYSTEM32\wingdm32.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingdm32

------------------------------------------------------------------------------------------------------------------------------


3. Now, start The Avenger program by clicking on its icon on your desktop.

* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the Green Light to begin execution of the script
* Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

* It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


Next, go to Start > Control Panel > Internet Options
In the General tab, Temporary Internet Files area, click:
-Delete Cookies
-Delete Files
--When prompted, check: Delete all offline content
Click OK

Go to Start > Run and type: cleanmgr
Click: OK
The program scans the system for files to remove.
Only check:
-Temporary Files
-Temporary Internet Files
-Recycle Bin
Click: OK

5. Please attach the content of c:\avenger.txt into your reply along with a fresh HJT log

Regards Howard :)
 
Umm, I did everything up to clicking on the green light, but after the first click when it prompts me to save something, It says it could not create a zip file, although I have both winzip and win rar. I still asks me to reboot though, and I click yes. At that point, it does nothing and the task manager says it is not responding. During this whole process, I have been asked by McAfee to allow a PUP access file (It was smitfraud's) but I have denied it. McAfee has also been finding a whole bunch of trojans and it is unable to delete them. I have no idea what the problem is here.
 
Your system seems to be getting worse, not better.

Here`s what I want you to do.

Download the Pocket killbox programme from HERE. Save it to your desktop.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

rdgUS2404.exe
gdnUS2338.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [qboukjrs] C:\paunwyal.bat

O4 - HKLM\..\Run: [xjkqkema] C:\hlittvbp.bat

O4 - HKLM\..\Run: [himfrktx] C:\rbiqamot.bat

O16 - DPF: {3CB357E9-4F9C-7C14-A59C-05824F3A1827} - *******/1/gdnUS2338.exe[/url]

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - ********/1/rdgUS2404.exe[/url]

O20 - Winlogon Notify: khfedec - C:\WINDOWS\SYSTEM32\khfedec.dll

O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll

Click on the fix checked button.

Close HJT.

Extract the Killbox programme, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, click no and carry on inputting the files you want to delete. After the final file has been input, click yes when prompted to rebbot.

These are the files you should input(if there).

C:\WINDOWS\SYSTEM32\wingdm32.dll
C:\WINDOWS\SYSTEM32\khfedec.dll
C:\paunwyal.bat
C:\hlittvbp.bat
C:\rbiqamot.bat

Post a fresh HJT log.

Regards Howard :)
 
Have HJT fix the following entry.

O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll (file missing)

Other than that, your HJT log is clean.

Regards Howard :)
 
Thanks a bunch. I have just one more question to ask. Is there any other free app I can download to protect my computer agaisnt future occurances such as this (other than just safe surfing)? I heard zone alarm was good but I'm a bit skeptical now about free stuff...
 
Since you asked, here`s what I recommend.

Download the free AVG antivirus programm and either the free zonealarm, or free kerio firewall programme.

You can get these from HERE HERE and HERE.

Then, disconnect from the internet and uninstall McAfee, it really isn`t very good.

Once McAfee has been completely uninstalled, reboot your system.

Install either Zonealarm, or Kerio, followed by AVG and reboot your system. Reconnect to the net and run the AVG updates.

You might also want to take a look at this thread by Spike. It will help you to keep your system more secure.

Regards Howard :)
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Researchers propose a new way to fight AirTag stalking
Replies
0
Views
176
Daniel Sims
Daniel Sims
Daniel Sims
Tesla recalls all of its over 2 million US vehicles due to autopilot flaws
Replies
9
Views
330
mountains
M
Daniel Sims
Google Drive users report losing files from the last few months
Replies
12
Views
348
GodisanAtheist
GodisanAtheist

Latest posts

Back