MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 03-03-07, 09:51
aaronfr aaronfr is offline
Private E-2
 
Join Date: Mar 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default malware infections

Thanks in advance for your help. I have been having problems with Vundo, SuperMWindow and sample.exe. I've already followed the 12-step program outlined in the forum (really, just 10 steps). Additionally, I ran the fixVundo program, but am not certain that all instances have been repaired. Hopefully, I'm attaching all the necessary logs in this post.
Attached Files
File Type: txt newfiles.txt (34.4 KB, 1 views)
File Type: txt runkeys.txt (23.3 KB, 1 views)
File Type: txt bdscan1.txt (11.1 KB, 1 views)
Sponsored links
  #2  
Old 03-03-07, 09:57
aaronfr aaronfr is offline
Private E-2
 
Join Date: Mar 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: malware infections

here are the other requested attachments, i ran counterspy twice and included both logs
Attached Files
File Type: txt Activescan.txt (3.6 KB, 2 views)
File Type: txt counterspy.txt (1.5 KB, 2 views)
File Type: txt counterspy2.txt (2.9 KB, 1 views)
  #3  
Old 03-03-07, 09:58
aaronfr aaronfr is offline
Private E-2
 
Join Date: Mar 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: malware infections

and finally, the logs from vundofix (in case it is needed) and hijackthis
Attached Files
File Type: txt VundoFix.txt (1.6 KB, 1 views)
File Type: log hijackthis.log (9.7 KB, 2 views)
  #4  
Old 03-03-07, 16:56
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,020
Thanks: 456
Thanked 4,735 Times in 4,470 Posts
Default Re: malware infections

Continue by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Please use add/remove programs to uninstall these:
J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 8"
J2SE Runtime Environment 5.0 Update 9"
Java 2 Runtime Environment, SE v1.4.2_03
VSAdd-in for Internet Explorer

Delete this folder if there:
C:\Program Files\VSAdd-in

Reboot and install:
Java Runtime 6

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"eugyqyd.dll"=-
"DllRunning"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnnomm]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrqp]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winipo32]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000001
"ShowSuperHidden"=dword:00000001
"HideFileExt"=dword:00000000
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {40F5B56B-EC21-CF42-5CFE-03DCE728383E} - (no file)
O2 - BHO: (no name) - {44FE6853-B59F-441E-B5C7-230264D48197} - C:\WINDOWS\system32\rqrqp.dll (file missing)
O2 - BHO: (no name) - {874D9811-578E-5A28-DB48-5990EAD26F9C} - (no file)
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\nwftulka.dll (file missing)
O2 - BHO: (no name) - {D418C34A-51D1-5E79-DB48-5990EAD26998} - (no file)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O20 - Winlogon Notify: pmnnomm - pmnnomm.dll (file missing)
O20 - Winlogon Notify: winipo32 - winipo32.dll (file missing)

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

* Delete on Reboot
* then Click on the All Files button.*(or on the folders option)*
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\vjlfjpjk.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\laahtskg.dll
C:\WINDOWS\system32\sdvuoegs.dll
C:\WINDOWS\system32\swdofrov.exe
C:\Program Files\Common Files\{3440874F-063B-1033-0428-041212200001}
C:\WINDOWS\system32\laahtskg.dll
C:\WINDOWS\system32\nwftulka.dll
C:\WINDOWS\system32\rqrqp.dll
C:\WINDOWS\system32\sdvuoegs.dll
C:\WINDOWS\system32\vjlfjpjk.dll
C:\WINDOWS\system32\pqrqr.tmp
C:\WINDOWS\system32\jlwsumxn.ini
C:\WINDOWS\system32\kjpjfljv.ini
C:\WINDOWS\system32\kplxiwwx.ini
C:\WINDOWS\system32\pqrqr.ini
C:\WINDOWS\system32\pqrqr~1.ini

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click the box for unregister .dll's Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT
  #5  
Old 03-04-07, 05:34
aaronfr aaronfr is offline
Private E-2
 
Join Date: Mar 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: malware infections

unfortunately, i can not even begin the process you outlined. at some point, one of the scans deleted my rundll.exe file. i can't access the add/remove programs function now. any idea on how i should go about replacing this file?
Sponsored links
  #6  
Old 03-04-07, 08:44
aaronfr aaronfr is offline
Private E-2
 
Join Date: Mar 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: malware infections

ok, i managed to replace rundll32.exe and control panel is working now. however, VS Add-In for Internet Explorer refused to be uninstalled, the window flashed, like it was trying to switch to the uninstall window, but then nothing happened. I went ahead and deleted the VS Add-In directory.

also, these did not exist when I ran HijackThis. Not sure if it's important, but thought I should mention it.
Quote:
Originally Posted by TimW View Post
O20 - Winlogon Notify: pmnnomm - pmnnomm.dll (file missing)
O20 - Winlogon Notify: winipo32 - winipo32.dll (file missing)
I finished all of the other steps and have attached the logs.
Attached Files
File Type: log hijackthis.log (8.7 KB, 1 views)
File Type: txt newfiles.txt (33.0 KB, 1 views)
File Type: txt runkeys.txt (21.5 KB, 1 views)
  #7  
Old 03-04-07, 11:17
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,020
Thanks: 456
Thanked 4,735 Times in 4,470 Posts
Default Re: malware infections

Other than the VSAdd-in in the program list, your logs look clean.

Try using this Your Uninstaller! 2006 to uninstall it.

Let me know if it works!
  #8  
Old 03-04-07, 12:45
aaronfr aaronfr is offline
Private E-2
 
Join Date: Mar 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: malware infections

yeah, i think that did it. thanks for your help!!
  #9  
Old 03-04-07, 15:34
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 47,020
Thanks: 456
Thanked 4,735 Times in 4,470 Posts
Default Re: malware infections

No problem ....safe surfing.
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Various Infections In Old PC !!! malmsteen Malware Removal 1 01-13-07 19:50
Please help - Trojans, malware infections!! FaMaK Malware Removal 1 08-16-06 01:59
trojan-downloader-conhook & other Malware Infections SlackerAZ Malware Removal 15 07-29-06 18:03
various infections? armstrong Malware Removal 7 04-06-06 16:45
Help..... I have 17 infections...... vestalmiss Malware Removal 1 11-20-04 18:40


All times are GMT -5. The time now is 16:27.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright © MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger