Tried everything, any help appreciated

Hi,

Yesterday, I violated my own policy of not scanning an EXE file that was sent to me. 10 hours later and I'll not be trusting hardly any attachments after this...

I've attached my hijack this log for you to see. I can't tell what's causing this from it.

The data i have is that there are 2 .DLLs that are sticking in my computer unable to be deleted. These are C:\WINDOWS\system32\pmkhf.dll and C:\WINDOWS\system32\opnopnn.dll

I've run killbox on them both in safe mode several times with no luck. I've run AVG in safemode, I've run Ewido in safemode.

The result is that every startup i'm still getting a notice that adware.virtumonde is still installed (with the location of it being the 2 .dlls I mentioned earlier).

I've done google searches for these 2 dlls and the virtumonde adware, followed those and I'm STILL getting positive scans for viruses and this adware.

Anything you guys could point me to would help. Hijack this file attached.

 

Welcome to MajorGeeks ***************!

- Please run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:


Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

Good Luck!

 

Hey,

I've gone through the steps above. I'm still having major problems. I'm almost wondering if it's not just time to reinstall. The problem is, I can't seem to find out which files are causing the trouble! Besides the 2 DLLs I posted, there are viruses every time i scan.

My computer has been Squeaky clean until yesterday when I downloaded that file. If someone could just take a look at my new hijack this log and let me know any advice that'd be greatly appreciated. I'm not coming from out of the blue here, I've run literally over 50 different scans on my computer in safe mod as well as normal, I've done the entire "read this before posting".

The web scanners don't seem to work because of IE taking a crap. I get system pop-up windows asking me to re-start my computer yes/no and the online scan doesn't run. I can't alt-F4 the windows either and it's sure as hell not part of the active X control that panda is trying to run because it sits there loading in the background.

New HJT log attached.

Help?

-

 

What about bitdefender?

Did you try Windows Defender ?

I see no evidence of them in HJT Log.

You also still have HJT installed in a sub folder of 'Documents and Settings' which is where we specifically ask for it NOT to be.

Please go back and follow the steps properly. I know its a lot to do but it is important if we are going to be able to help you.

 

Bitdefender was a no go on IE.

For some reason, Windows Defender wouldn't load because my computer cannot be "verified" as legit which is doubly frustrating considering i purchased it straight from DELL.

HJT is now within C:/hijackthis

New log attached. I DID try to go as thoroughly as possible though the post that was recommended. The online scans and windows defender were the ONLY parts I was unable to complete. This is in addition to my own AVG and Killbox.exe attempts on the above .dll files. I've used Ewidow, AVG, HJT, Killbox and then on top of that, the guide that was given. I'm not in any way trying to "cop out" on doing the steps, I just cant complete the online scans.

I've spent over 12 hours scanning, rebooting, scanning, rebooting, etc. and this is my last resort.

New HJT log attached from c:/hijackthis

 

Please post your AVG log

 

AVG came up clean, Ewidow came up with several items. Log from that attached.

 

Please follow the steps in This Thread

Don't forget to post the log back here for me to look at.

 

Done, and DONE. Scanning with Ewidow now. HJT log attached after running vundofix.

-A

 

I don't need a hjt log right now I need the log file from VundoFix (C:\vundofix.txt).

 

I realized you want the VUndofix log. It's attached to this one now.

-A

 

Hows the Ewidow scan now ?

Can you run any of the other scans more successfully ?

 

Ewidow is the same. Still coming up with Virtualmonde and some other cookies (it's mid scan now, will attach log when done). I'll run AVG after this. This thing is killin me. I even ran symantec's virtualmonde remover and came up with nothin.
I had the idea of running the vundo fix in safe mode. Do you think that'd help at all?

 

According to your vundo log, it didn't even detect them as being infected.

Please rename hijackthis to analyze.exe and post a fresh log.

I will get someone to look over it as this may be a new variant.

 

OK, did that. I think it might've come up with some new stuff. Check it out.

 

You may notice now that those 2 files you mentioned at first are now appearing in your hjt log file ?

You still have killbox handy ?




Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

 

OK, Ewidow log attached. Running AVG now then it's onto Adaware. Ewidow seems to "fix" the problems but it doesn't do anything.

 

OK they seem to be fixed now. I suggest you don't leave the file in quarentine but remove them completly..

Please post another HJT log (from the now renamed analyze.exe)

 

I want to kiiil kill kiiiiil the virus.

Still there. I did the killbox thing. BTW, when it says that the pending operations were canceled by an external process... I rebooted anyway but AFTER clicking OK because windows wouldn't reboot. I don't know if that's stopping them from being deleted but I tried it in safe mode and that didn't do anything either.

I need nuclear kill box or something. this thing will NOT leave.

 

Your ewido log is clean now. It says it has quarentined the files and doesn't show them in system32 anymore. what makes you think it is still there ?

can you see the files in system32 ?

 

HJT says they're there after I ran ewido. The thing that makes me thing they're still there is that I've run ewidow and "deleted" the files at least 4 times. The same files HJT shows them in system 32 if you look at it and that's from AFTER the ewidow and Killbox attempts.

Lemme scan w/ewidow again but I'm pretty damn sure they'll still be there.

BTW, I appreciate every ounce of help you're giving me.

-A

 

New Ewidow log. Even more files this time. damn.

Attached.

Question: If I reinstall. What are the chances of this sucker sticking around?

-A

 

There is nothing wrong with that log file. Don't worry about the cookies.

Please stop running scans every ten seconds just follow the steps I give you.

Post a fresh HJT log (from analyze.exe)

 

oh, I attached the ewido file. Did you want HTJ as well? it's attached to this one.

 

Run HijackThis.

Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

MAKE SURE ALL BROWSER WINDOWS ARE CLOSED INCLUDING THIS ONE.

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Reboot into safe mode

check for these 2 files. If found delete them

Tell me if you find them or not and whether you can delete them or not

C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\opnopnn.dll


reboot into normal mode.

Post a frech HJT log (from the renamed analyze.exe)

 

OK, I did the scan, checked the fix boxes and fixed them. Rebooted into safe mode. Files were still there in system32 tried manual delete, tried killbox, rebooted and this is my current HJT log (attached). Is there any hope?

-A

 

There is always hope.

I am going to ask someone more experienced than me to look at this for me. Please just stick with us.

Matt

 

ok cool.

-A

 

OK, you have a couple of different things going on here. I need the BitDefender Online and Panda ActiveScan logs from the Tutorial Matt linked to at the beginning of this thread.

In Additon follow teh directions for Running WinPfind by OldTimer.

Post WinPFind.txt along with the above logs. We may have to remove this infection manually and I will need those logs.

 

Sorry, went to sleep. I'll get on this right now and post the logs.

-A

 

We'll be here