Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please Newbie Infected With Virus's


  • Please log in to reply
15 replies to this topic

#1 beemerchez

beemerchez

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 28 February 2008 - 03:37 AM

hi everyone newbie woman who hasan't got a clue needs help (easy as possible please)

I have virus's on my p.c i just can not kill......
at the bottom of my desk top a ballons keeps popping up saying
a critical error could occur,stop 0x0000078 inacccessible handler or device click ballon to fix
done this but still comes back....
after all day just downloading spyware ect and running everyone
im still plagued with the things.....
ie:superiorads and keep getting microsoft windows popping up
all over the place with casino adds on
and all sorts of adverts..
i have defragged/cleaned cookies/files.all the usual stuff.
spybotted it and avg cleaner, and trend micro housecall this took 3 hours.
all yesturday i downloaded spyware trojon killers the lot
tried about 6 in all.some said can not get rid. some said no path.?
but still there there.
i have searched and deleted and even been in msconfig
there hiding somewhere but i can't find them.
now i deleted one of the spyware i think it was spybot.?
and now im left with 500 files in my documents
that wont delete.. called POSS 1B5A all these are the same but go
POSS 1B5B C D E F G >>>>> ECT ECT.
im on a p.c.world E Machine (6 months old)
netgear router and windows x.p.
can anyone help please,or is there no hope.
thanks Chez

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:46 AM

Posted 01 March 2008 - 10:20 PM

Hello and :flowers: to beemerchez,

In order to assist you, we need to know what your operating system is: Windows XP, Vista, etc.

Also, could you post the log from Spybot please?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 beemerchez

beemerchez
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 03 March 2008 - 04:51 AM

Thank you
i have since run superAntivirus and it has got rid of loads
even the ones in my documents but i think it was something to do
with Mozilla as i run a website and when i put mozilla up to do some work
it started again with all the adds.
i have used Mozilla for about a year with no problems.
i have now got rid of that and use Netscape
i still have a few problems ie: when i boot up the msconfig box comes up telling me
i have altered something in there and thats why i keep getting it
but if i click to restore it back i end up with the unchecked boxes i have done.ie:aol demo
and superiorads back checked so they come up again....
this is in selective start up mode........
i keep checking normal but it keeps going back to selective......

can i just add i keep getting this box up
saying> Malware alert trojan adware w 32 ex download spyware detected
type trojan horse system affected windows 98 2000nt4 me xp security risk 4.
then click to download anti spy ware yes or no.

i have E5 machine
windows xp Not vista
netgear router

i will show you the results of the antivirus as soon as i have worked out
how to post it on
thank you for you help (great helpfull site)
cheryl

Edited by beemerchez, 03 March 2008 - 05:13 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 03 March 2008 - 10:27 AM

Download RVAXO.exe and save to your Desktop.
  • Double-click on RVAXO.exe, then click "Installeren" to install the program. ("Bladeren" = Browse for Folder and "Annuleren" = Cancel)
  • This will install a folder called Rvaxo.
  • Open the Rvaxo folder and double-click on RVAXO.cmd.
    • You will see a small window pop up, some lines will run quickly and then the window will close by itself. This is normal behavior.
    • It may also start an uninstaller of a rogue scanner -- do not close this -- but follow all prompts there, and let it run its course.
  • When done the computer will reboot...press any key to reboot.
  • After reboot, RVAXO will run again. If not, double click on RVAXO.cmd to run the program and let it finish.
  • A log file called RVAXO-results.log will be created in C:\RVAXO-results.log
  • Copy and paste the contents of that log in your next reply.
  • You can use Uninstall.cmd to remove everything from RVAXO. It can be found in the Rvaxo folder on your desktop.
Note: Vista users will need to right-click on RVAXO.cmd and choose "Run as an Administrator".

Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".
-- If using Windows Vista be sure to Run As Administrator.

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 beemerchez

beemerchez
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 04 March 2008 - 03:05 AM

Thank you quiteman7 done it is this it....


---RVAXO.exe Updated: 2008-03-03---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\azviiiiy.dllbox
C:\WINDOWS\system32\errmwvmo.dllbox
C:\WINDOWS\system32\lbpobihv.dllbox
C:\WINDOWS\system32\ndsieqdl.dllbox
C:\WINDOWS\system32\unkosdsi.dllbox
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\windows
C:\Documents and Settings\oem\services.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\pac.txt
C:\n.bat
C:\z.dat
C:\x.dat

Folders Found:
C:\Program Files\outlook
C:\Temp\1cb

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 04 March 2008 - 07:45 AM

Can you post the vundofix.txt?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 beemerchez

beemerchez
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 04 March 2008 - 12:51 PM

hi ....... sorry where will i find this? please

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 04 March 2008 - 01:41 PM

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 beemerchez

beemerchez
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 04 March 2008 - 01:52 PM

thank you quiteman7 is this it i went in c and this was the only text result..
sorry if its not let me know and i will delete it off here.. bet you are banging your head against the wall with me..lol sorry. ;o(
chez
deleted as wrong
info

Edited by beemerchez, 04 March 2008 - 04:04 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 04 March 2008 - 02:29 PM

No that is not the log created by VundoFix. The name will actually say vundofix.txt. Did you run VundoFix right after running RVAXO.exe as I instructed? If not, then do so.

It will look like this:

VundoFix V6.7.10

Checking Java version...

Scan started at 5:00:16 PM 3/3/2008

Listing files found while scanning....

C:\WINDOWS\system32\awvtt.dll
Java version...

Scan started at 5:21:06 PM 3/3/2008

Listing files found while scanning....

C:\WINDOWS\system32\fngjflfn.dll

Beginning removal...


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 beemerchez

beemerchez
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 04 March 2008 - 04:32 PM

hi quiteman7 i'm back....
sorry no where on c do i have VundoFix txt
in c ..... i have run me rvaxo 1.2.3.4.5.6.7 and uninstall boxes in c
i even uninstalled and did it all again.
i dont get this part of it for some reason... >>
"Installeren" to install the program. ("Bladeren" = Browse for Folder and "Annuleren" = Cancel)

it just runs then puts that small bit of info in my notepad
i will be doing something wrong ;o(
if you dont hear from me i will get O/H to try it at the weekend,when he's here.
thank you for your help much appricated.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 04 March 2008 - 06:10 PM

Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".
-- If using Windows Vista be sure to Run As Administrator.

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 beemerchez

beemerchez
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 05 March 2008 - 03:21 AM

hi quiteman7 think i have got it..lol
but when i rebooted i got this message in a box up. >
C:\WINDOWS\system32\aqtukwfl.dll Has been deleted!
thank you chez




VundoFix V6.7.10

Checking Java version...

Scan started at 07:26:52 05/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\aqtukwfl.dll
C:\WINDOWS\system32\azviiiiy.dll
C:\WINDOWS\system32\jvxaqgwn.dll
C:\WINDOWS\system32\knbusfhh.dll
C:\WINDOWS\system32\lerjugju.dll
C:\WINDOWS\system32\tuuwuibj.dll
C:\WINDOWS\system32\ultxsjxx.dll
C:\WINDOWS\system32\unkosdsi.dll
C:\WINDOWS\system32\uvrnpmjh.dll
C:\WINDOWS\system32\uxptjejy.dll
C:\WINDOWS\system32\vysjqrhj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aqtukwfl.dll
C:\WINDOWS\system32\aqtukwfl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\azviiiiy.dll
C:\WINDOWS\system32\azviiiiy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jvxaqgwn.dll
C:\WINDOWS\system32\jvxaqgwn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\knbusfhh.dll
C:\WINDOWS\system32\knbusfhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lerjugju.dll
C:\WINDOWS\system32\lerjugju.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuuwuibj.dll
C:\WINDOWS\system32\tuuwuibj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ultxsjxx.dll
C:\WINDOWS\system32\ultxsjxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\unkosdsi.dll
C:\WINDOWS\system32\unkosdsi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvrnpmjh.dll
C:\WINDOWS\system32\uvrnpmjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uxptjejy.dll
C:\WINDOWS\system32\uxptjejy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vysjqrhj.dll
C:\WINDOWS\system32\vysjqrhj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aqtukwfl.dll
C:\WINDOWS\system32\aqtukwfl.dll Has been deleted!

Performing Repairs to the registry.
Done!

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 05 March 2008 - 09:53 AM

Its not unusual to receive such an error after using specialized fix tools.

The "Cannot find...", "Could not run..." or "Error loading..." message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the file(s) in the error message.
  • Right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 beemerchez

beemerchez
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 10 March 2008 - 06:19 AM

Just want to say a big THANK YOU :thumbsup:
it is all sorted,
no more pop ups and the little error box at start up has also now gone.
what would we do without a forum like this.
thanks, chez




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users