Virus or malware warning

Status
Not open for further replies.

Badfinger

Posts: 154   +0
Howdy folks!

Just got done cleaning one nasty one off my wife's PC.

Looks like it came from hijack of dailykos.com

Trail:
If you have these in C:\windows\system32:

hajutuki.dll
jihayefo.dll
tahalopu.dll
sumonibe.dll

Those 4 I had to clean out, winpatrol kept popping up asking to allow them to RUN
at startup and BillP's website had 0 info on any of them, another good sign they
are malware/virus. Look up winpatrol if you are confused. 8)

All 4 were read only, and couldn't delete even in safe mode, except 1 (tahalopu.dll)
I pulled her HD, hooked it up to my system, replaced all 4 with 3 byte files with attributes:
Read Only/System, so they won't be overwritten, and cleaned ALL the registry entries with the 4 files, once I rebooted with it back in her system, there were over a dozen entries total.

Her PC is now clean...

Oh yeah:
Looks like they tried to phone home to 82.98.235.206 which is in Belgium.
I have prevent in for that evil stuff also, fortunately. 8)

I ran my anti-virus scan on C:\windows (inclusive) and it picked up nothing, 8(

Forgot to mention this was via Firefox 3.5, we quit using IE, since about Firefox .92 beta.
 
Status
Not open for further replies.
Back