I Cant Remove A Certain Number Of Malware

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

I Cant Remove A Certain Number Of Malware, there are malware that keeps poppin up even if i already run vundo fix

Options

rafraf16 View Member Profile	Jan 19 2008, 11:48 PM Post #1
New Member Group: Members Posts: 1 Joined: 19-January 08 Member No.: 184,717	hi. thanks for reading my concern. i accidentally opened a bad application and some malware just spread. although popups werent there, im really concerned about my security. i ran vundo fix 6.7.7 and it somehow removed some of the files, but others just keep coming back. this is the log from vundo fix. VundoFix V6.7.7 Checking Java version... Scan started at 11:21:05 AM 1/20/2008 Listing files found while scanning.... C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\bcbeg.ini2 C:\WINDOWS\system32\DrvMon.exe C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.exe C:\WINDOWS\system32\khfgfda.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\bcbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\bcbeg.ini2 C:\WINDOWS\system32\bcbeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\DrvMon.exe C:\WINDOWS\system32\DrvMon.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\gebcb.exe C:\WINDOWS\system32\gebcb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\khfgfda.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\bcbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\bcbeg.ini2 C:\WINDOWS\system32\bcbeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\khfgfda.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Scan started at 11:40:53 AM 1/20/2008 Listing files found while scanning.... C:\WINDOWS\system32\gebcb.exe C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\pqstv.ini2 C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\vtsqp.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\gebcb.exe C:\WINDOWS\system32\gebcb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\khfgfda.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\pqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pqstv.ini2 C:\WINDOWS\system32\pqstv.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\vtsqp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqp.exe C:\WINDOWS\system32\vtsqp.exe Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\khfgfda.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Scan started at 12:15:06 PM 1/20/2008 Listing files found while scanning.... C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\pqstv.ini2 C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\vtsqp.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\khfgfda.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\pqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pqstv.ini2 C:\WINDOWS\system32\pqstv.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\vtsqp.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\vtsqp.exe C:\WINDOWS\system32\vtsqp.exe Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\khfgfda.dll C:\WINDOWS\system32\khfgfda.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\pqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pqstv.ini2 C:\WINDOWS\system32\pqstv.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\vtsqp.dll Has been deleted! Performing Repairs to the registry. Done!

rookie147 View Member Profile	Jan 20 2008, 09:01 AM Post #2
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	Hello rafraf16, and welcome to BleepingComputer. Download Dr Web-Cureit! to your Desktop. Don't run it yet. Download KillBox from the following link : http://www.bleepingcomputer.com/files/killbox.php Unzip the folder to your desktop. Start Killbox.exe Select the "Delete on Reboot" option. Click on the "All Files" button (!important!),which will then flash green. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C: C:\WINDOWS\system32\khfgfda.dll Open 'file' in the killbox menu on top and choose Paste from clipboard You must use the file menu--pasting by right-clicking the mouse will only enter one file. Then press the button that looks like a red circle with a white X in it. Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes". Click OK at any Pending File Rename Operations prompts, let me know if there appear. If you don't get that message, reboot manually. Your computer should reboot now, press F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support. Run Dr Web-Cureit! by double-clicking on the drweb-cureit.exe file. Click OK in the prompt window that will open, asking "Start the express scan now". It will first make a quick scan of your system, let it clean what it finds. When it says "Done" in the lower left corner click on all your drives. A red dot will mark the selected drive(s) . Then click the pedestrian who now has turned green. It will scan ALL your drives, say Yes to all. Select 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click File \| Save Report List. Save the report to your Desktop. The report will be called DrWeb.csv Reboot normally. Please post this log in your reply -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 04:01 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides