pmkjj.dll / Vendo Trojan Horse

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by LindaJH, Oct 16, 2005.

  1. LindaJH

    LindaJH Private E-2

    Before I begin let me say that I have followed the sticky notes at: http://forums.majorgeeks.com/showthread.php?t=35407 and the problem is not resolved.

    Background:
    My son, a computer novice, has a new Dell desktop running XP home.
    His Norton virsus software popped open a box on his computer monitor saying that his system was infected with a "Trojan Horse vendo/windows/system32/pmkjj.dll"
    He ran this virsus scan and the same message came up with a notice that the trojan horse could not be removed.
    He went to the Norton site, downloaded the fix program for vendo trojan horse. Ran the program. Followed all instructions. Re-ran the scan. Scan reported no infection.
    Within minutes the same message box popped up on the screen.
    Running a scan showed no infection
    My son called me and I went to see what I could do.
    I duplicated my sons steps and ended up at the same place.
    The virsus scan showed no infection and none of the Vundo statements (as listed by Norton) were round in the registery.
    In the past I have booted from a DOS floppy and deleted a bad file and then cleaned up any remaining infections. However, his computer does not have a floppy drive and I've been unable to create a DOS CD the system will boot from.
    Safe mode on his computer will not allow any typing - system for all practical purposes presents a blank screen and hangs up.
    Safe mode with networking loads pmkjj.dll immediately
    At that point I came here and found the sticky notes for this trojan horse (URL above)
    I carefully followed each step
    At the end pmkjj.dll was still running. The Norton virsus message popped up at each boot.
    I uninstalled all spyware that I downloaded
    I uninstalled Norton's virsus & firewall software.
    I started over with the sticky note instructions
    Followed each of them to the letter
    End result:
    I have managed to kill internet access on his computer
    pmkjj.dll is still alive well & kicking.
    One spyware program told me to set pmkjj.dll "to kill at reboot" but I couldn't find anyway to do that.
    Does anyone have any suggestions on what I should try next?
    If not I'm guessing my next step will be to format the hard drive and do a complete reinstall. And, I sure don't want to do that if I can help it.

    Thanks
    LindaJH
     
    LindaJH, Oct 16, 2005
    #1
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Follow the instructions in this thread:
    Virtumonde aka Trojan Vundo Fix w/ Tool

    The 2 HJT lines you are concerned with are the O2 & O20 lines that contain this path c:\windows\system32\pmkjj.dll.

    Next where asked to paste the file name you want to paste the following:
    c:\windows\system32\pmkjj.dll (First place asked for the file name)
    c:\windows\system32\jjkmp.* (Second place asked for the file name)

    Post a fresh HijackThis log after you have completed the above.
     
    Shadow_Puter_Dude, Oct 16, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds