Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deepscan:generic Virtumonde (mljj.dll)


  • This topic is locked This topic is locked
12 replies to this topic

#1 maxinekent

maxinekent

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wembley, London
  • Local time:02:20 AM

Posted 17 September 2007 - 07:57 AM

Had Norton but uninstalled and installed BitFender trial version as Norton let this virus through. Also have Spybot, Adaware2007, CCleaner, Vundo and PC Spyware Doctor! You would think that one of these would help me, but no. I have spent 3 hours a night and most of Sunday last week trying to get rid of this mljj.dll file. Bitfender identifies it but can't remove it, none of the others actually identify it at all. it is in windows\system32\mljj.dll and somewhere else on C drive. Every time I reboot I get even more stuff which is removable with the spyware stuff but just comes back again. I am at my wits end. HELP! :thumbsup: maxine

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:20 AM

Posted 17 September 2007 - 08:12 AM

Use the Smitfraudfix tool in the link below. Run "option #1 first and if it finds anything then run "option #2" to remove the malware.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Follow up with a scan using Super Antispyware.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Please let us know the results.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 maxinekent

maxinekent
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wembley, London
  • Local time:02:20 AM

Posted 18 September 2007 - 04:00 AM

Hi Buddy, just to let you know that I ran Smitfraud, then Spyware, then safe mode, cleaned everything and after reboot came straight back as Trojan:Winfixer and something else (sorry not at home pc). I then ran everything again (about three times) and checked MSconfig which was running in safe diagnostic mode. I checked the startup file and found a really strange program was running and disabled it and changed mode to normal. Last thing last night I ran Spyware again and this time only one unknown registry came up which I deleted. During the time I was on the PC, an error message came up saying a rundll command could not be executed, with the name of that strange program (something like Xforeaox.dll) so I guess that was the virus. I will see what happens tonight and if necessary run everything again. Do you think I should keep Adaware and Antispyware and all the other stuff, or can I uninstall some of them (PC Spyware Doctor and Spybot). Thanks so much for your help, it was wonderful not tohave that popup from Bitfender saying mljj.dll had been blocked every ten seconds. :thumbsup:

#4 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:20 AM

Posted 18 September 2007 - 04:58 AM

Looks like you had Vundo as well as Smitfraud infection.

Super Antispyware removes Smitfraud and Vundo infections but they keep reinventing themselves so the antimalware programs are always playing catch up. It would be wise to post a Hijack This log and let the experts help you and reassure you that you have rid your computer of malware. You have done the preliminaries so follow the instructions in the link below.
Be sure to post the log in the HIJACK THIS FORUM--Not in this forum.
http://www.bleepingcomputer.com/files/hija...s-installer.php

Edited by buddy215, 18 September 2007 - 05:03 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 AM

Posted 18 September 2007 - 09:20 AM

....checked MSconfig which was running in safe diagnostic mode...

Using MSConfig to access (force) safe mode is not advisable if you suspect malware on your system. Doing so could make your computer unusable. Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode. If you use the /Safeboot option on the Boot.ini Tab to force safe mode when booting into safe mode with the F8 key does not work, it could have disastrous results. The Safeboot option modifies the Boot.ini file and you may be locked in a continuous reboot loop afterwards where you cannot get back to MSConfig and undo your selection.

Follow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection".

Some variants of vundo may not be detected by vundofix so the "add more files" option is another way of ridding this malware. These files need to be identified and posting a hijackthis log will enable an expert to advise you which files to add if you continue to have problems. If the infection remains after following the steps in the self-help guide, then you should post a hijackthis log.

However, you need to rename HijackThis before using it and saving a log as some variants of this malware will hide certain entries in a hijackthis log to prevent detection. After installation, open the HijackThis Folder, find the HijackThis.exe file, right-click on it and select "rename". Type Scanner.exe and hit "Enter". Double-click on Scanner.exe (which is still HijackThis) to launch the tool, run a scan, save the logfile and copy/paste it into a new topic in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 maxinekent

maxinekent
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wembley, London
  • Local time:02:20 AM

Posted 19 September 2007 - 06:10 AM

Well, just as I thought it was safe to come out of the water .... all came back again! I am now going to start again, step by step again, (thank you Quietman for info about MSCONFIG) and have got Hijack and Stinger downloaded on my memory stick ready for tonight. Just one question, I now have all these programs installed eg Windows Defender, Bitfender, Adaware2007, PC Spyware Doctor, Spybot, CCleaner, Counterspy,Vundo,Virtumondobegone etc. etc. which of them are the best to keep and which should be on guard - at the moment Adaware scans at startup as well as Bitfender and PC Spyware Doctor is on guard which takes ages to actually make the PC get into a state where I can do something. Also, is it safe to go onto the internet to do banking or anything which uses passwords? I am even afraid to use Skype in case I infect somebody else. Thanks for all the help chaps. :thumbsup:

#7 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:20 AM

Posted 19 September 2007 - 07:44 AM

You have too much going on at startup. I suggest you stop all but one antispyware program from starting. If you have Spybot's teatimer enabled, I would choose that one.
Of all the programs you presently have, Super Antispyware has the best chance of removing Smitfraud and Vundo. Make sure you update it before running a full scan.
Post your Hijack This log. Post it in the HJT Forum. Not In this one.
Without knowing what malware is on your computer, the best advice is not to do any financial transactions over the web until you are clean. The more you go on the web, the more malware is likely to be downloaded, too.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 AM

Posted 19 September 2007 - 08:25 AM

I agree with buddy215.

A multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus provides the most complete protection. However, you can over do it with resource heavy programs that will slow down you system performance. Sometimes you just have to experiment to get the right combo for your particular system as there is no universal solution that works for everyone.

You certainly don't need both Counterspy and PC Doctor. Since PC Doctor seems to be the culprit slowing you down, why not remove it and just keep Counterspy. Plus with Counterspy, I see no need for having Defender run at startup.

The free version of SUPERAntispyware does not run in real-time mode...a purchased upgrade to the "Professional" version is required before this option can be activated. See Free vs Pro Comparison Features. If your using the free version, use it as an on-demand scanner...no need to run at startup.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 maxinekent

maxinekent
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wembley, London
  • Local time:02:20 AM

Posted 20 September 2007 - 06:55 AM

It's getting worse! Now when I run Bitfender it finds all the problem files (one the page highlighted in red) including a registry entry and then gets to 100% scan and just sits there saying scanning with the icon turning. I end up having to say stop and it won't and then I have to reboot - did that at least five times last night. What amazes me is that Adaware, Vundo and Virtumondobegone didn't find anything, and then Counter Spy found one instance, and Bitfender keeps giving me pop ups showing which file has the virus but not removing it. Tried going through all the steps last night one by one, but in the end rebooted so many times that I have no idea whether anything worked. Tonight my plan is to shutdown everything except Bitfender, update it and let it do a scan and if it finds something and deletes it then will run Hijackthis and send you log to the right place. Finally, there is a problem with Internet Explorer as well - if I try to run IExplore as opposed to BT Yahoo Broadband icon, it hangs up and I can't get onto a place where I can use Panda or Housecall because the latter says my Java has got something wrong with it!!! :thumbsup:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 AM

Posted 20 September 2007 - 07:52 AM

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

Be sure to follow the instructions I previously provided in Post #5 above to rename Hijackthis before using.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 maxinekent

maxinekent
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wembley, London
  • Local time:02:20 AM

Posted 22 September 2007 - 07:20 AM

Just to let you know have posted a Hijacklog and will let you know when receive reply. Meantime I have identified the four problems highlighted by Bitdefender, but which they haven't removed. They are C:\WINDOWS\system32\wlikymgx.dll Infected: Trojan.Vundo.DMP
C:\WINDOWS\system32\chrjqgcs.dll Infected: Trojan.Vundo.DMP
C:\WINDOWS\system32\dgsqrsjj.dll Infected: Trojan.Vundo.DMP
C:\WINDOWS\system32\cybiwpvl.dll Infected: Trojan.Vundo.DMP
C:\System Volume Information\_restore{173D0AB3-EA60-4195-9142-A4275A7BB3E7}\RP17\A0002425.dll Infected: Trojan.Vundo.DMP

Can someone tell me how I go about deleting them myself? :flowers: :trumpet: :thumbsup:

#12 ProMasser

ProMasser

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 22 September 2007 - 08:18 AM

nvm

Edited by ProMasser, 22 September 2007 - 08:33 AM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 AM

Posted 22 September 2007 - 08:51 AM

Your log is posted here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users