Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Cant Remove A Certain Number Of Malware


  • Please log in to reply
1 reply to this topic

#1 rafraf16

rafraf16

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 19 January 2008 - 11:48 PM

hi. thanks for reading my concern. i accidentally opened a bad application and some malware just spread. although popups werent there, im really concerned about my security. i ran vundo fix 6.7.7 and it somehow removed some of the files, but others just keep coming back. this is the log from vundo fix.


VundoFix V6.7.7

Checking Java version...

Scan started at 11:21:05 AM 1/20/2008

Listing files found while scanning....

C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\khfgfda.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\DrvMon.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\gebcb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Scan started at 11:40:53 AM 1/20/2008

Listing files found while scanning....

C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\gebcb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.exe
C:\WINDOWS\system32\vtsqp.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Scan started at 12:15:06 PM 1/20/2008

Listing files found while scanning....

C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vtsqp.exe
C:\WINDOWS\system32\vtsqp.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfgfda.dll
C:\WINDOWS\system32\khfgfda.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

Performing Repairs to the registry.
Done!

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 20 January 2008 - 09:01 AM

Hello rafraf16, and welcome to BleepingComputer. Download Dr Web-Cureit! to your Desktop.
Don't run it yet.
Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\khfgfda.dll

Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now, press F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Run Dr Web-Cureit! by double-clicking on the drweb-cureit.exe file.
  • Click OK in the prompt window that will open, asking "Start the express scan now".
  • It will first make a quick scan of your system, let it clean what it finds.
  • When it says "Done" in the lower left corner click on all your drives.
  • A red dot will mark the selected drive(s) .
  • Then click the pedestrian who now has turned green.
  • It will scan ALL your drives, say Yes to all.
  • Select 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File | Save Report List.
  • Save the report to your Desktop. The report will be called DrWeb.csv
Reboot normally.
Please post this log in your reply

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users