Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundumonde


  • This topic is locked This topic is locked
6 replies to this topic

#1 Komyathy

Komyathy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:04:11 PM

Posted 18 July 2007 - 08:22 AM

I have run the cleanup programs as recommended in this forum, and have done so several times.
Whenever I enter IE, I get the same virus (or more than one?) back. Something funny also happens to the left hand side of my screen when I use Firefox and open cnn.com. The results of my hijackthis scan are attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:03:11 PM

Posted 18 July 2007 - 12:08 PM

Hello Komyathy,


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

Posted Image

#3 Komyathy

Komyathy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:04:11 PM

Posted 19 July 2007 - 07:01 AM

I have tried the solution posted by Grinier, (about five times) have run SDFix posted by RiP ChAiN, all to no avail. Attached to this post is my report after running SDFix. BTW, this morning my antivirus program detected windows\edyguajA.exe, and said it deleted WINDOWS\EDUGUAJA.EXE, (caps were as printed in the notification). Vundo Fix had deleted this file in its second pass the first time I ran it.

Attached Files



#4 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:03:11 PM

Posted 19 July 2007 - 07:44 PM

Hello Komyathy,

For future reference please post all of the logs you get as copy/paste and not as an attachment. Just saves saves a mouse click here and there.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#5 Komyathy

Komyathy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:04:11 PM

Posted 25 July 2007 - 05:35 AM

This may not be the place to report this, but I want to inform and thank RiP CHaiN for his help and use of ComboFix. The ad popups that were driving me nuts ceased after I ran the tool. This forum was a lifesaver.

Edited by KoanYorel, 25 July 2007 - 11:15 AM.
to merge topics


#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:03:11 PM

Posted 25 July 2007 - 03:11 PM

Hello Komyathy,

I'm glad to hear the tool worked well for you, but it's more then likely that there is more malware remaining on your pc. Please post back with a new Hijackthis log and the combofix log from earlier.
Posted Image

#7 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:03:11 PM

Posted 06 September 2007 - 12:23 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users