BleepingComputer.com: infected w/ trojan-vundo.h

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

infected w/ trojan-vundo.h I've tried on my own for 3 days - I need help

#1 User is offline   fn_tool 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 22-October 09
  • Gender:Male
  • Location:NYC

Posted 22 October 2009 - 08:50 AM

3 Days ago - annoying pop ups started & I noticed McAfee was dis-abled - I'm not able to enable it.
I use IE 6, Firefox 3.5 & Google Chrome on XP SP2
I ran CCleaner, it did nothing
I was able to get into safe mode & run MaAfee - it found nothing
I tried Ad-ware - it found nothing
I finally tried Malwarebytes, it found trojan.vundo.h but even after the reboot to finish the deletions, it keeps coming back.
I started working through one of the directions posted in this forum: topic168812
I dl'd ATF & Superantispan, however, I cannot get superantispan to run: "unknown software exception (oxxc000409) at location (0x77f7c557)
I then joined this site, followed the begin here guide, am at step #8.


DDS (Ver_09-10-13.01) - NTFSx86
Run by tjgoldsm at 8:49:00.12 on Thu 10/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3067.1890 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Lotus\Notes\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Lotus\Notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\Program Files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Timbuktu Pro\minitb2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\tjgoldsm\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ClipTrak\ClipTrak.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Lotus\Notes\NLNOTES.EXE
D:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200811140851\win32\x86\notes2.exe
D:\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Palm\Palm.exe
D:\users\tjgoldsm\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://1675nwps01.ny.publicisgroupe.net/ippdocs/index.html
BHO: {14f69ac2-7f9c-43bb-971c-08d51ba2877a} - juvilisi.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\tjgoldsm\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [TLogonPath] "c:\program files\timbuktu pro\Tb2Logon.exe"
mRun: [NWTRAY] NWTRAY.EXE
mRun: [PDDM] c:\program files\patchlink\update agent\pddm.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [Malwarebytes Anti-Malware (reboot)] "f:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [kehifakew] Rundll32.exe "c:\windows\system32\takehola.dll",a
mRun: [yozutapono] Rundll32.exe "dukiwava.dll",s
StartupFolder: c:\docume~1\tjgoldsm\startm~1\programs\startup\cliptrak.lnk - c:\program files\cliptrak\ClipTrak.exe
StartupFolder: c:\docume~1\tjgoldsm\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\applic~1.lnk - c:\program files\novell\zenworks\NalView.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
Trusted Zone: 167.246.14.3
Trusted Zone: 167.246.8.55
Trusted Zone: adp.com
Trusted Zone: benow.com
Trusted Zone: donovandata.com
Trusted Zone: dsapps.net
Trusted Zone: gmmissioncontrol.com
Trusted Zone: google.com
Trusted Zone: ihost.com
Trusted Zone: ihost.com\iers
Trusted Zone: lbcity.biz
Trusted Zone: leoburnett.com
Trusted Zone: lionresources.com
Trusted Zone: marketforward.com
Trusted Zone: mediavestww.com
Trusted Zone: missioncontrolglobal.com
Trusted Zone: mymslpr.com
Trusted Zone: mysaatchi.com
Trusted Zone: publicis-usa.com
Trusted Zone: publicisgroupe.com
Trusted Zone: publicisgroupe.net
Trusted Zone: smvgroup.com
Trusted Zone: thenotepad.biz
Trusted Zone: us-resources.com
Trusted Zone: zozone.net
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://bottomline.webex.com/client/T25L/webex/ieatgpc.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: ckpNotify - ckpNotify.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
AppInit_DLLs: c:\windows\system32\mosisuze.dll c:\windows\system32\rumusipa.dll c:\windows\system32\vimizemu.dll c:\windows\system32\takehola.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nidivekaf - {7d7926b2-74ee-414f-8261-e39c1bb95f84} - c:\windows\system32\mosisuze.dll
SSODL: dusufusoh - {68aec21d-1f47-4bc9-987a-da8e45c601f5} - c:\windows\system32\rumusipa.dll
SSODL: julutiwoj - {c44c0a0b-9649-48d8-9299-95ea63204092} - c:\windows\system32\vimizemu.dll
SSODL: hohupuber - {3e92600a-8375-4936-b097-f3a2af626cc7} - c:\windows\system32\takehola.dll
STS: gahurihor: {7d7926b2-74ee-414f-8261-e39c1bb95f84} - c:\windows\system32\mosisuze.dll
STS: kupuhivus: {68aec21d-1f47-4bc9-987a-da8e45c601f5} - c:\windows\system32\rumusipa.dll
STS: kupuhivus: {c44c0a0b-9649-48d8-9299-95ea63204092} - c:\windows\system32\vimizemu.dll
STS: jugezatag: {3e92600a-8375-4936-b097-f3a2af626cc7} - c:\windows\system32\takehola.dll
SEH: NAL Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwv1_0

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tjgoldsm\applic~1\mozilla\firefox\profiles\3kloa164.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - plugin: c:\documents and settings\tjgoldsm\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2008-10-14 34671]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-1-17 6899]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2007-6-10 331870]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-5-28 10384]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;d:\lotus\notes\nsd.exe -svcinvoke -ini "d:\lotus\notes\notes.ini" --> d:\lotus\notes\nsd.exe -svcinvoke -ini d:\lotus\notes\notes.ini [?]
R2 mdvsrv;HP Connection Manager Service;c:\program files\hpq\hp connection manager 1.1\bin\mdvsrv.exe [2008-6-12 575976]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-6-9 345336]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2004-11-22 163840]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-3 477696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-3-17 193840]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-3-27 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-10-3 41216]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2006-12-20 47616]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-6-10 110160]

=============== Created Last 30 ================

2009-10-22 08:48 <DIR> --d----- c:\temp\40.tmp
2009-10-22 08:19 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-22 08:19 <DIR> --d----- c:\docume~1\tjgoldsm\applic~1\SUPERAntiSpyware.com
2009-10-21 16:22 <DIR> --d----- c:\temp\notes758E9C
2009-10-21 16:22 <DIR> --d----- c:\docume~1\tjgoldsm\applic~1\smkits
2009-10-21 16:21 <DIR> --d----- c:\temp\WPDNSE
2009-10-21 10:30 <DIR> --d----- c:\temp\pdfdownload
2009-10-21 08:15 <DIR> --d----- C:\VundoFix Backups
2009-10-20 14:11 <DIR> --d----- C:\Malwarebytes' Anti-Malware
2009-10-20 13:14 <DIR> --d----- c:\temp\VBE
2009-10-20 11:17 <DIR> --d----- C:\Mal1
2009-10-20 11:13 <DIR> --d----- c:\windows\pss
2009-10-20 11:08 <DIR> --d----- c:\program files\Lavasoft
2009-10-20 11:07 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-20 11:07 <DIR> --d----- c:\docume~1\tjgoldsm\applic~1\Malwarebytes
2009-10-20 11:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-20 11:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 11:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 11:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-20 09:26 <DIR> --ds---- c:\temp\Temporary Internet Files
2009-10-20 09:26 <DIR> --ds---- c:\temp\History
2009-10-20 09:26 <DIR> --ds---- c:\temp\Cookies
2009-10-19 13:06 <DIR> --d----- c:\temp\plugtmp-11
2009-10-07 12:24 <DIR> --d----- c:\program files\Microsoft

==================== Find3M ====================

2009-09-02 09:43 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
1999-10-22 09:21 1,226,592 a------- c:\program files\fsync.exe
2009-07-20 20:01 51,712 a--sh--- c:\windows\system32\bemoriva.dll
2009-07-21 08:02 51,200 a--sh--- c:\windows\system32\dukiwava.dll
2009-07-21 20:02 38,912 a--sh--- c:\windows\system32\gavomiwi.dll
2009-07-20 08:01 39,424 a--sh--- c:\windows\system32\heduvehe.dll
2009-07-21 08:02 51,200 a--sh--- c:\windows\system32\hihatofo.dll
2009-07-21 08:02 51,200 a--sh--- c:\windows\system32\juvilisi.dll
2009-07-21 08:02 38,400 a--sh--- c:\windows\system32\mebokero.dll
2009-07-22 08:02 38,912 a--sh--- c:\windows\system32\nogawoju.dll

============= FINISH: 8:49:45.96 ===============

Attached File(s)


#2 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 31 October 2009 - 10:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#3 User is offline   fn_tool 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 22-October 09
  • Gender:Male
  • Location:NYC

Posted 02 November 2009 - 07:45 AM

I'm OK now...I formatted the drive, re-installed programs, etc...then I made sure my work as free from malwre after I was done.

6 hours start to finish, thanks for getting back to me, I know you guys are swamped.

#4 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 03 November 2009 - 02:20 PM

Hi,

thanks for letting us know! :(

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
_temp_
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users