Winfix virus

I've got a problem with a winfix popup when I close my "Word" program.

It pops up with computer error msg. I close that and then their web page pops up and tries to automatically install winfix program. My security settings prevent the install.

AVG, Spybot, Adaware does not detect this program. I've attached my HJT log. Can somebody help?

I haven't downloaded nor installed anything new for at least a month. How did it end up on my computer?

Thanks

 

I believe I have the winfix adware removed. I found instructions on another forum. The winfix installed on my computer had the dll a different name. In the instructions this was the dll. mljjk.dl The dll in mine started with an "f" I didn't write the whole thing but I found it in both location in the process explorer referenced below. To the best of my knowlage, the software program responsible for doing this to my program was one I installed about a week ago. Winfix apparently had a delay of a few days before popping up that crap on my computer.

The program was WinRar, RAR Archiver

Here are the complicated instructions I followed:

Download and Unzip Process Explorer


Please download Process Explorer by Sysinternals from

http://www.sysinternals.com/ntw2k/f...e/procexp.shtml



Scroll to the bottom of the page and select your Operating System.
Unzip it to its own folder on the desktop so you can find it later.



Download and install Advanced Process Manipulation


http://www.diamondcs.com.au/index.php?page=apm


Now download the attached zip file and unzip it directly to the rootdirectory
c:\ ( save the zip file to desktop & right click it & select extract to: then
type or navigate to c:\ and press extract )
(the file should now be here: C:\vundoh.reg)


Now reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously
tap F8. A menu should come up where you will be given the option to enter
Safe Mode.


open Process Explorer.

* Scroll down in the main window and find winlogon.exe
* Right click on winlogon.exe and select Suspend
* Leave Process Explorer open.

Now run HijackThis and put checkmarks in front of these two lines


O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll

Do NOT fix them yet

Now open Advanced Process Manipulation.

* Scroll down in the main window and find c:\windows\explorer.exe
* Click on the entry and that will display a list of files in the second window.
* Scroll down the list in the second window and find C:\WINDOWS\system32\mljjk.dll
* Right click on that entry and select Unload DLL
* You will now lose your Start Bar and Desktop Icons. This is normal.
* Leave Advanced Process Manipulation open

Go back to Process Explorer window.

* Click File > Run
* In the run box type regedit.exe /s C:\vundoh.reg

Back in Advanced Process Manipulation.

* Scroll down in the main window and find c:\windows\system32\winlogon.exe
* Click on the entry and that will display a list of files in the second window.
* Scroll down the list in the second window and find C:\WINDOWS\system32\mljjk.dll
* Right click on that entry and select Unload DLL
* You will have to click OK about six times

In HijackThis click Fix checked. You will be prompted you are about to remove a BHO. That's what you want.

Now back in Process Explorer.

* Find winlogon.exe again.
* Right click on winlogon.exe and select Resume
* This should reboot your computer automatically.



_____________________________________________________________________


After you have did that. download and run these tools!



go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again


With CWshredder close all browsers and programmes and select the FIX button.



Go here and download Microsoft Antispyware Beta. First in the top menu click
File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick
Scan Now" and click Spyware scan options. In that window put a tick by Run a
full system scan and then put a check by all three options below that then
click Run Scan now.

When the scan is finished, let it fix anything that it finds (have it
quarantine the items that have that option rather than delete just in case.
It is a beta program and there may be false positives)

Restart your computer.


All tools can be downloaded at the link below and found on that page!


. Microsoft® Windows AntiSpyware
. Trend micro CWShredder
. SpyBot search and destroy
. AdAware SE



http://www.majorgeeks.com/downloads31.html




Download the trial version of Ewido Security Suite here


http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.


*Download Cleanup from Here

http://www.stevengould.org/software...p/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET



* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...src=sec_doc_nam



* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:



have hijack this fix these entries. close all browsers and programmes before
clicking FIX.


O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316



* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop


* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.



Run ActiveScan online virus scan here

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!