pmnlj.dll!!!

for quite a while now i have been given constant alerts from nod32 that i have a Win32/Adware.Virtumonde application which is C:\WINDOWS\system32\pmnlj.dll

i have tried using vundofix and i have gone through all the procedures on the "read and run me first" page but this still remains on my computer. my computer now runs much much slower especially when starting up. it usually takes about 4-5 minutes once i have turned it on before i can start to use it. when i tell nod to delete it, it says it will after the next restart. but its still on my computer.

can someone please help me remove it?

iv attached my HijackThis log

thanks

 

As you state you have gone through all the procedures on the read and run me page please post the following logs.

• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• HijackThis

Also as you have already run vundofix please post the log from that too.

 

my HijackThis log is attached and here are the Bitdefender, Panda scan and Counter Spy logs

 

and here are the runkeys.txt, newfiles.txt and vundofix logs

 

You are using an old version of shownew. Please redownload it as there are important updates and post a new shonew log in your next post.

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>


Start by downloading two tools we will need

- Process Explorer

- Pocket KillBox

Extract them to their own folder somewhere that you will be able to locate them later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)

- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of pmnlj.dll once and then click the kill button. After you have killed all of the pmnlj.dll under winlogon click ok. (If you do not find the dll, just continue on.)

Next double click on explorer.exe and again click once on each instance of pmnlj.dll and kill it. (If you do not find the dll, just continue on.)

Now just exit Process Explorer.


Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may not be found)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.



REBOOT to Normal Mode.

Post a fresh HijackThis log.[/QUOTE]

 

here is my new shownew log

 

Did you do everything else in the instructions I gave above ?

 

yes and everything is working fine. thank you so so much you've really been a great help. my HijackThis log is attached incase you want to have a look.

 

How is your computer running now ? Any popups etc ?

Did you find all the files to delete? DId they all delete fine ?

Delete the folder: c:\!killbox (Its a backup of what we just deleted with it) then rerun your av scan to double check its properly gone.

 

its running very well and i never really have much of a problem with pop ups but no im not getting any. am running the scan now. again thanks a lot

 

You still have a few traces of malware

Reboot to safe mode and delete the following