Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vundoo/boaxxe Virus?

  • This topic is locked This topic is locked
4 replies to this topic

#1 mizdachubz


  • Members
  • 4 posts
  • Local time:11:16 AM

Posted 06 August 2008 - 02:32 PM

Hi, I'm new to this site, but I see that you guys seem to be successful in many cases. I was trying to find the latest drivers for my graphics card the other day, and then I think I got a virus. My McAfee keeps saying Boaxxe.dll was detected and deleted. But it never deleted, I believe its called a "rootkit?" I'm not sure. When I try to go on the internet, the virus makes me stuck on certain sites, it won't let me move. Like when I turn on firefox, it makes me not able to navigate to other pages. Also some windows pop up saying that your computer is slow etc etc click okay to install antivirus. And I also tried to delete the DLL. I found it in my system32 files. And the virus would be slowed down, but never fully removed. So everytime I restart my computer I need to delete those dlls. And its always a long weird chain of letters.

But yeah here is my log from hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:21 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\Program Files\AlienGUIse\wbload.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\SiteAdvisor\6172\SiteAdv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\McAfee\MSK\MskSrver.exe
D:\Program Files\SiteAdvisor\6172\SAService.exe
D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Documents and Settings\Andrew Wu\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mcagent_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM2786e887] Rundll32.exe "D:\WINDOWS\system32\cdfamsag.dll",s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Antispyware] D:\Program Files\Antispyware\Antispyware.exe -boot
O4 - Startup: Alienware Dock.lnk = D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Launchy.lnk = D:\Program Files\Launchy\Launchy.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: McAfee Application Installer Cleanup (0313071218050524) (0313071218050524mcinstcleanup) - McAfee, Inc. - D:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\031307~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - D:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\6172\SAService.exe

End of file - 4223 bytes

Thanks in advance.

BC AdBot (Login to Remove)


#2 mizdachubz

  • Topic Starter

  • Members
  • 4 posts
  • Local time:11:16 AM

Posted 07 August 2008 - 01:40 PM

UPDATE: I've realized that everytime I delete the DLL files of the virus, it regenerates with another dll with some random letters, it regenerates every 24 hours. I believe the virus scheduled itself, I hope this helped.

#3 mizdachubz

  • Topic Starter

  • Members
  • 4 posts
  • Local time:11:16 AM

Posted 07 August 2008 - 03:57 PM

More info, this is what my McAfee says.

McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Boaxxe.dll (Trojan), Boaxxe.dll (Trojan)
Location: D:\Documents and Settings\Andrew Wu\Local Settings\Temporary Internet Files\Content.IE5\GHXAHXJE\3077htsbdjyf[4].dll

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

I hope that helped,

#4 mizdachubz

  • Topic Starter

  • Members
  • 4 posts
  • Local time:11:16 AM

Posted 08 August 2008 - 05:25 PM

You can close this thread. I had a very helpful specialist at aumha.net that helped me! Yeah, my problem is solved now. So happy

#5 htv8


  • Members
  • 1,694 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:16 PM

Posted 09 August 2008 - 02:28 AM

As the problem here seems to be resolved, this topic is now closed.
To get it reopened, PM a staff member with the address of this thread. This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users