Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pantomi.com opening by itself


  • This topic is locked This topic is locked
13 replies to this topic

#1 dschwake

dschwake

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 18 December 2008 - 09:06 AM

Hi,

While browsing using IE7, "pantomi.com" keeps opening and then directing itself to other websites. I downloaded SUPERAntispyware free & ran a scan as I read in another topic, the scan log is pasted below. Am I OK now? Not sure if it's related, but I can't get my bluetooth mouse to work now. Also, I am getting 2 error messages when I start Windows: "Error loading C:\windows\system32\zavuvuhi.dll", & "Error loading C:\windows\system32\hitakire.dll" I am using XP w/ service pack 3. How do I prevent this from happening again. I use ESET Smart Security antvirus, antispyware, & firewall with automatic updates.

Thanks for your help!
------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/17/2008 at 11:00 PM

Application Version : 4.23.1006

Core Rules Database Version : 3678
Trace Rules Database Version: 1657

Scan type : Complete Scan
Total Scan Time : 02:47:00

Memory items scanned : 166
Memory threats detected : 0
Registry items scanned : 6188
Registry threats detected : 13
File items scanned : 89931
File threats detected : 280

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PEBUBOLO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
C:\WINDOWS\SYSTEM32\ZAVUVUHI.DLL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Tracking Cookie
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt
C:\Documents and Settings\Scott\Cookies\scott@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Scott\Cookies\scott@ads.telegraph.co[1].txt
C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[2].txt
C:\Documents and Settings\Scott\Cookies\scott@122.2o7[2].txt
C:\Documents and Settings\Scott\Cookies\scott@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt
C:\Documents and Settings\Scott\Cookies\scott@xiti[1].txt
C:\Documents and Settings\Scott\Cookies\scott@at.atwola[2].txt
C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[2].txt
C:\Documents and Settings\Scott\Cookies\scott@2o7[2].txt
C:\Documents and Settings\Scott\Cookies\scott@serving-sys[2].txt
C:\Documents and Settings\Scott\Cookies\scott@tacoda[1].txt
C:\Documents and Settings\Scott\Cookies\scott@adtech[1].txt
C:\Documents and Settings\Scott\Cookies\scott@bs.serving-sys[2].txt
C:\Documents and Settings\Scott\Cookies\scott@bizrate[1].txt
C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt
C:\Documents and Settings\Scott\Cookies\scott@revsci[1].txt
C:\Documents and Settings\Scott\Cookies\scott@directtrack[1].txt
C:\Documents and Settings\Scott\Cookies\scott@clickbank[2].txt
C:\Documents and Settings\Cate\Cookies\cate@2o7[2].txt
C:\Documents and Settings\Cate\Cookies\cate@ad.yieldmanager[2].txt
C:\Documents and Settings\Cate\Cookies\cate@adrevolver[2].txt
C:\Documents and Settings\Cate\Cookies\cate@ads.gamesbannernet[2].txt
C:\Documents and Settings\Cate\Cookies\cate@ads.pointroll[2].txt
C:\Documents and Settings\Cate\Cookies\cate@ads.revsci[1].txt
C:\Documents and Settings\Cate\Cookies\cate@advertising[2].txt
C:\Documents and Settings\Cate\Cookies\cate@apmebf[2].txt
C:\Documents and Settings\Cate\Cookies\cate@atdmt[2].txt
C:\Documents and Settings\Cate\Cookies\cate@bs.serving-sys[1].txt
C:\Documents and Settings\Cate\Cookies\cate@casalemedia[1].txt
C:\Documents and Settings\Cate\Cookies\cate@doubleclick[1].txt
C:\Documents and Settings\Cate\Cookies\cate@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Cate\Cookies\cate@fastclick[2].txt
C:\Documents and Settings\Cate\Cookies\cate@hitbox[2].txt
C:\Documents and Settings\Cate\Cookies\cate@kaboose.112.2o7[1].txt
C:\Documents and Settings\Cate\Cookies\cate@media.adrevolver[2].txt
C:\Documents and Settings\Cate\Cookies\cate@media.adrevolver[3].txt
C:\Documents and Settings\Cate\Cookies\cate@media.mtvnservices[2].txt
C:\Documents and Settings\Cate\Cookies\cate@mediaplex[1].txt
C:\Documents and Settings\Cate\Cookies\cate@overture[1].txt
C:\Documents and Settings\Cate\Cookies\cate@questionmarket[1].txt
C:\Documents and Settings\Cate\Cookies\cate@serving-sys[1].txt
C:\Documents and Settings\Cate\Cookies\cate@specificclick[2].txt
C:\Documents and Settings\Cate\Cookies\cate@statse.webtrendslive[1].txt
C:\Documents and Settings\Cate\Cookies\cate@tacoda[2].txt
C:\Documents and Settings\Cate\Cookies\cate@tribalfusion[2].txt
C:\Documents and Settings\Cate\Cookies\cate@zedo[1].txt
C:\Documents and Settings\Missy\Cookies\missy@122.2o7[2].txt
C:\Documents and Settings\Missy\Cookies\missy@247realmedia[2].txt
C:\Documents and Settings\Missy\Cookies\missy@2o7[2].txt
C:\Documents and Settings\Missy\Cookies\missy@a.findarticles[1].txt
C:\Documents and Settings\Missy\Cookies\missy@a.websponsors[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ad.associatedcontent[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ad.yieldmanager[1].txt
C:\Documents and Settings\Missy\Cookies\missy@adbrite[2].txt
C:\Documents and Settings\Missy\Cookies\missy@adecn[1].txt
C:\Documents and Settings\Missy\Cookies\missy@adinterax[2].txt
C:\Documents and Settings\Missy\Cookies\missy@adlegend[1].txt
C:\Documents and Settings\Missy\Cookies\missy@adopt.euroclick[1].txt
C:\Documents and Settings\Missy\Cookies\missy@adopt.specificclick[2].txt
C:\Documents and Settings\Missy\Cookies\missy@adrevolver[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.addynamix[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.bridgetrack[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.cnn[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.emedtv[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.foodbuzz[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.llli[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.lucidmedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.ookla[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.pointroll[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.tbs[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ads.widgetbucks[1].txt
C:\Documents and Settings\Missy\Cookies\missy@adserver.adtechus[1].txt
C:\Documents and Settings\Missy\Cookies\missy@adserver1.christianitytoday[2].txt
C:\Documents and Settings\Missy\Cookies\missy@adserver2.christianitytoday[2].txt
C:\Documents and Settings\Missy\Cookies\missy@adtech[1].txt
C:\Documents and Settings\Missy\Cookies\missy@advertising[2].txt
C:\Documents and Settings\Missy\Cookies\missy@anad.tacoda[2].txt
C:\Documents and Settings\Missy\Cookies\missy@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Missy\Cookies\missy@apmebf[2].txt
C:\Documents and Settings\Missy\Cookies\missy@app.insightgrit[1].txt
C:\Documents and Settings\Missy\Cookies\missy@at.atwola[2].txt
C:\Documents and Settings\Missy\Cookies\missy@atdmt[2].txt
C:\Documents and Settings\Missy\Cookies\missy@atwola[2].txt
C:\Documents and Settings\Missy\Cookies\missy@b5media[1].txt
C:\Documents and Settings\Missy\Cookies\missy@backcountry[1].txt
C:\Documents and Settings\Missy\Cookies\missy@bizrate[1].txt
C:\Documents and Settings\Missy\Cookies\missy@blethenmaine.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@blindscom.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@bluestreak[1].txt
C:\Documents and Settings\Missy\Cookies\missy@boatdiscounters[2].txt
C:\Documents and Settings\Missy\Cookies\missy@bonniercorp.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@bs.serving-sys[1].txt
C:\Documents and Settings\Missy\Cookies\missy@burstnet[1].txt
C:\Documents and Settings\Missy\Cookies\missy@casalemedia[2].txt
C:\Documents and Settings\Missy\Cookies\missy@cbs.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@cendantchg.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@chitika[2].txt
C:\Documents and Settings\Missy\Cookies\missy@clickbank[2].txt
C:\Documents and Settings\Missy\Cookies\missy@cmpmedica.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@collective-media[2].txt
C:\Documents and Settings\Missy\Cookies\missy@counter.hitslink[1].txt
C:\Documents and Settings\Missy\Cookies\missy@data.coremetrics[1].txt
C:\Documents and Settings\Missy\Cookies\missy@directtrack[1].txt
C:\Documents and Settings\Missy\Cookies\missy@dmtracker[1].txt
C:\Documents and Settings\Missy\Cookies\missy@doubleclick[2].txt
C:\Documents and Settings\Missy\Cookies\missy@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Missy\Cookies\missy@e-2dj6wfkoahcjeao.stats.esomniture[1].txt
C:\Documents and Settings\Missy\Cookies\missy@e-2dj6wfmysocjmlo.stats.esomniture[2].txt
C:\Documents and Settings\Missy\Cookies\missy@e-2dj6wjlikjajslp.stats.esomniture[2].txt
C:\Documents and Settings\Missy\Cookies\missy@e-2dj6wjliokdpwfq.stats.esomniture[2].txt
C:\Documents and Settings\Missy\Cookies\missy@eb.adbureau[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ecnext.advertserve[1].txt
C:\Documents and Settings\Missy\Cookies\missy@edge.ru4[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-gatehousemedia.hitbox[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-nestleusainc.hitbox[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-shoes.hitbox[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-zoom.hitbox[2].txt
C:\Documents and Settings\Missy\Cookies\missy@ehg-zvents.hitbox[2].txt
C:\Documents and Settings\Missy\Cookies\missy@eyewonder[2].txt
C:\Documents and Settings\Missy\Cookies\missy@fastclick[1].txt
C:\Documents and Settings\Missy\Cookies\missy@fbtvclickr.tvclickr[1].txt
C:\Documents and Settings\Missy\Cookies\missy@fdau.adbureau[1].txt
C:\Documents and Settings\Missy\Cookies\missy@findarticles[2].txt
C:\Documents and Settings\Missy\Cookies\missy@gatehousemedia.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@glb.adtechus[1].txt
C:\Documents and Settings\Missy\Cookies\missy@hairfinder[1].txt
C:\Documents and Settings\Missy\Cookies\missy@hitbox[1].txt
C:\Documents and Settings\Missy\Cookies\missy@homestore.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@iacas.adbureau[1].txt
C:\Documents and Settings\Missy\Cookies\missy@imrworldwide[2].txt
C:\Documents and Settings\Missy\Cookies\missy@insightexpressai[1].txt
C:\Documents and Settings\Missy\Cookies\missy@interclick[2].txt
C:\Documents and Settings\Missy\Cookies\missy@kaboose.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@kontera[2].txt
C:\Documents and Settings\Missy\Cookies\missy@linksynergy[2].txt
C:\Documents and Settings\Missy\Cookies\missy@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@media.adrevolver[1].txt
C:\Documents and Settings\Missy\Cookies\missy@media.adrevolver[3].txt
C:\Documents and Settings\Missy\Cookies\missy@media.medhelp[2].txt
C:\Documents and Settings\Missy\Cookies\missy@media.ntsserve[2].txt
C:\Documents and Settings\Missy\Cookies\missy@media.zoominfo[1].txt
C:\Documents and Settings\Missy\Cookies\missy@media6degrees[1].txt
C:\Documents and Settings\Missy\Cookies\missy@mediaplex[1].txt
C:\Documents and Settings\Missy\Cookies\missy@metacafe.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@msnbc.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@msnportal.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@nbcuniversal.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@network.realmedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@nextag[2].txt
C:\Documents and Settings\Missy\Cookies\missy@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@openx.tvclickr[2].txt
C:\Documents and Settings\Missy\Cookies\missy@overture[2].txt
C:\Documents and Settings\Missy\Cookies\missy@paypal.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@perf.overture[1].txt
C:\Documents and Settings\Missy\Cookies\missy@pro-market[2].txt
C:\Documents and Settings\Missy\Cookies\missy@protected-clicks-system[1].txt
C:\Documents and Settings\Missy\Cookies\missy@qnsr[1].txt
C:\Documents and Settings\Missy\Cookies\missy@questionmarket[1].txt
C:\Documents and Settings\Missy\Cookies\missy@realmedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@revenue[2].txt
C:\Documents and Settings\Missy\Cookies\missy@revsci[1].txt
C:\Documents and Settings\Missy\Cookies\missy@richmedia.yahoo[2].txt
C:\Documents and Settings\Missy\Cookies\missy@rogersmedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@roiservice[1].txt
C:\Documents and Settings\Missy\Cookies\missy@rotator.adjuggler[2].txt
C:\Documents and Settings\Missy\Cookies\missy@s.clickability[2].txt
C:\Documents and Settings\Missy\Cookies\missy@sales.liveperson[1].txt
C:\Documents and Settings\Missy\Cookies\missy@sales.liveperson[3].txt
C:\Documents and Settings\Missy\Cookies\missy@server.iad.liveperson[1].txt
C:\Documents and Settings\Missy\Cookies\missy@server.iad.liveperson[2].txt
C:\Documents and Settings\Missy\Cookies\missy@server.iad.liveperson[3].txt
C:\Documents and Settings\Missy\Cookies\missy@server.iad.liveperson[4].txt
C:\Documents and Settings\Missy\Cookies\missy@server.iad.liveperson[5].txt
C:\Documents and Settings\Missy\Cookies\missy@server.iad.liveperson[7].txt
C:\Documents and Settings\Missy\Cookies\missy@serving-sys[1].txt
C:\Documents and Settings\Missy\Cookies\missy@silo.thefind[2].txt
C:\Documents and Settings\Missy\Cookies\missy@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Missy\Cookies\missy@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Missy\Cookies\missy@sixapart.adbureau[1].txt
C:\Documents and Settings\Missy\Cookies\missy@snapfish.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@socialmedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@specificclick[1].txt
C:\Documents and Settings\Missy\Cookies\missy@specificmedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ssm.directtrack[2].txt
C:\Documents and Settings\Missy\Cookies\missy@stat.dealtime[2].txt
C:\Documents and Settings\Missy\Cookies\missy@statcounter[1].txt
C:\Documents and Settings\Missy\Cookies\missy@stats.paypal[2].txt
C:\Documents and Settings\Missy\Cookies\missy@statse.webtrendslive[1].txt
C:\Documents and Settings\Missy\Cookies\missy@stopzilla[1].txt
C:\Documents and Settings\Missy\Cookies\missy@superpages.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@tacoda[2].txt
C:\Documents and Settings\Missy\Cookies\missy@thefind[1].txt
C:\Documents and Settings\Missy\Cookies\missy@thestreet.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@track.cbs[1].txt
C:\Documents and Settings\Missy\Cookies\missy@track.websitetrafficreport[1].txt
C:\Documents and Settings\Missy\Cookies\missy@tradedoubler[1].txt
C:\Documents and Settings\Missy\Cookies\missy@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\Missy\Cookies\missy@trafficdashboard[1].txt
C:\Documents and Settings\Missy\Cookies\missy@trafficmp[2].txt
C:\Documents and Settings\Missy\Cookies\missy@trafficregenerator[1].txt
C:\Documents and Settings\Missy\Cookies\missy@tremor.adbureau[2].txt
C:\Documents and Settings\Missy\Cookies\missy@tribalfusion[1].txt
C:\Documents and Settings\Missy\Cookies\missy@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@valueclick[1].txt
C:\Documents and Settings\Missy\Cookies\missy@vermontteddybear.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@videoegg.adbureau[2].txt
C:\Documents and Settings\Missy\Cookies\missy@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@webanalytics.112.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@webxites.122.2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@windowsmedia[2].txt
C:\Documents and Settings\Missy\Cookies\missy@www.backcountry[2].txt
C:\Documents and Settings\Missy\Cookies\missy@www.backcountry[3].txt
C:\Documents and Settings\Missy\Cookies\missy@www.burstbeacon[1].txt
C:\Documents and Settings\Missy\Cookies\missy@www.burstnet[2].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[1].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[3].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[4].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[5].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[6].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[7].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[8].txt
C:\Documents and Settings\Missy\Cookies\missy@www.googleadservices[9].txt
C:\Documents and Settings\Missy\Cookies\missy@www.kelbymediagroup[1].txt
C:\Documents and Settings\Missy\Cookies\missy@www.stopzilla[2].txt
C:\Documents and Settings\Missy\Cookies\missy@yadro[1].txt
C:\Documents and Settings\Missy\Cookies\missy@yieldmanager[1].txt
C:\Documents and Settings\Missy\Cookies\missy@zedo[2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-2799750194-4147722344-727644650-1006\SOFTWARE\Microsoft\fias4013

Adware.Vundo Variant/ESET
C:\WINDOWS\SYSTEM32\DEDITAMI.DLL
C:\WINDOWS\SYSTEM32\DIGEZURU.DLL
C:\WINDOWS\SYSTEM32\FETUNIGU.DLL
C:\WINDOWS\SYSTEM32\JAMIRITO.DLL
C:\WINDOWS\SYSTEM32\MAZETOLE.DLL
C:\WINDOWS\SYSTEM32\MIYIPAVU.DLL
C:\WINDOWS\SYSTEM32\MONETEHE.DLL
C:\WINDOWS\SYSTEM32\MOZUBOLU.DLL
C:\WINDOWS\SYSTEM32\MUKAFIWI.DLL
C:\WINDOWS\SYSTEM32\MURIBABI.DLL
C:\WINDOWS\SYSTEM32\PINADILI.DLL
C:\WINDOWS\SYSTEM32\PUYEJIFU.DLL
C:\WINDOWS\SYSTEM32\RIMUNEYO.DLL
C:\WINDOWS\SYSTEM32\ROMAKIWI.DLL
C:\WINDOWS\SYSTEM32\TOLOYOZU.DLL
C:\WINDOWS\SYSTEM32\VEFABIDU.DLL
C:\WINDOWS\SYSTEM32\VEFINIWI.DLL
C:\WINDOWS\SYSTEM32\VIDADORI.DLL
C:\WINDOWS\SYSTEM32\YEBUKOBE.DLL

Adware.Vundo/Variant-Trace
C:\WINDOWS\SYSTEM32\EBOKUBEY.INI
C:\WINDOWS\SYSTEM32\EDULOPAL.INI
C:\WINDOWS\SYSTEM32\EHETENOM.INI
C:\WINDOWS\SYSTEM32\IBABIRUM.INI
C:\WINDOWS\SYSTEM32\IWIFAKUM.INI
C:\WINDOWS\SYSTEM32\IWINIFEV.INI
C:\WINDOWS\SYSTEM32\OLOTIYEH.INI
C:\WINDOWS\SYSTEM32\OTIRIMAJ.INI
C:\WINDOWS\SYSTEM32\OYENUMIR.INI
C:\WINDOWS\SYSTEM32\OZEHIJAZ.INI
C:\WINDOWS\SYSTEM32\UGINUTEF.INI
C:\WINDOWS\SYSTEM32\ULOBUZOM.INI
C:\WINDOWS\SYSTEM32\UVAPIYIM.INI

Adware.Vundo Variant/HAL
C:\WINDOWS\SYSTEM32\MIZEFUSE.DLL
C:\WINDOWS\SYSTEM32\ZEDAPEYE.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Missy\Local Settings\Temporary Internet Files\Content.IE5\ELQSH5A5\indexsg[1].htm
C:\Documents and Settings\Missy\Local Settings\Temporary Internet Files\Content.IE5\8RUR029H\l.s.bg1z[1].gif
C:\Documents and Settings\Missy\Local Settings\Temporary Internet Files\Content.IE5\DX7UYQ4G\l.s.bg2z[1].gif
C:\Documents and Settings\Missy\Local Settings\Temporary Internet Files\Content.IE5\P58OINN2\favicon[1].ico
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\GL3NJRQR\indexsg[1].htm
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\HJ9L8HNW\l.s.bg2z[1].gif
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\GL3NJRQR\favicon[9].ico
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\HJ9L8HNW\systembooster2009com[1].jpg
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\4HCXV7H6\l.s.bg1z[1].gif

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:52 PM

Posted 18 December 2008 - 12:08 PM

If you did not scan with Super Antispyware in Safe Mode, do that.

Vundo can be very difficult to get rid of. Best to run more than one program. Those two files you see mentioned during startup are part of the malware that SAS removed. Hopefully scanning in safe mode or with MBAM will remove those. If not, we will do something else.

MalwareBytes AntiMalware: Be Sure To UPDATE after installing and before boting into safe mode.
http://www.bleepingcomputer.com/forums/ind...st&p=944365

Use Ccleaner to remove temporary files, logs, cookies, etc. During install you will be offered the Yahoo Toolbar. UNcheck if not wanted. http://www.ccleaner.com/

Allow Secunia online scanner to scan your computer for missing security updates. IE browser, Adobe flash, Adobe Reader, and Java have recently been exploited. Updating them will prevent that. http://secunia.com/vulnerability_scanning/online/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 18 December 2008 - 12:21 PM

I did run the SAS scan in Safe Mode, I will try the other things you recommened and report back. Thank you very much for your help.!

#4 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 19 December 2008 - 09:02 AM

Here's the MBAM log, am I good now? Seems to be running better, and I don't get the .dll errors anymore when starting Windows.

---------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1517
Windows 5.1.2600 Service Pack 3

12/18/2008 6:52:28 PM
mbam-log-2008-12-18 (18-52-28).txt

Scan type: Quick Scan
Objects scanned: 83976
Time elapsed: 11 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e28aebf0-aefa-48ac-9ba3-57087432d690} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e28aebf0-aefa-48ac-9ba3-57087432d690} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdff05216 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yihiregosu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdff05216 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fipofofo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jolujara.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\purewari.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hitakire.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\furozuga.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zetidili.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

#5 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:52 PM

Posted 19 December 2008 - 09:27 AM

Update both programs and rescan. Vundo is constantly changing to hide itself from the security programs. There are newer updates for both programs.

It is also very important that you update all of your programs as instructed in my first post.

Please post back with the new logs and for final instructions.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 20 December 2008 - 08:55 AM

OK, I've updated & run both MBAB and SAS a few times. Seems that they both find something everytime they're run. I've also used CCleaner & run the Secunia scanner as you instructed. Secunia tells me I need updates for several programs, including MS IE7, but when I link to the MS Update site & it scans my computer, it tells me no High Priority Updates are available for my computer. Here are the last few logs from MBAB & SAS, am I free & clear yet?
-------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/19/2008 at 08:55 PM

Application Version : 4.23.1006

Core Rules Database Version : 3678
Trace Rules Database Version: 1657

Scan type : Complete Scan
Total Scan Time : 00:49:03

Memory items scanned : 483
Memory threats detected : 0
Registry items scanned : 6225
Registry threats detected : 3
File items scanned : 84467
File threats detected : 17

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32

Adware.Tracking Cookie
C:\Documents and Settings\Scott\Cookies\scott@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Missy\Cookies\missy@247realmedia[1].txt
C:\Documents and Settings\Missy\Cookies\missy@2o7[1].txt
C:\Documents and Settings\Missy\Cookies\missy@ad.yieldmanager[2].txt
C:\Documents and Settings\Missy\Cookies\missy@advertising[1].txt
C:\Documents and Settings\Missy\Cookies\missy@chitika[1].txt
C:\Documents and Settings\Missy\Cookies\missy@doubleclick[1].txt
C:\Documents and Settings\Missy\Cookies\missy@fastclick[2].txt
C:\Documents and Settings\Missy\Cookies\missy@interclick[1].txt
C:\Documents and Settings\Missy\Cookies\missy@mediaplex[2].txt
C:\Documents and Settings\Missy\Cookies\missy@questionmarket[2].txt
C:\Documents and Settings\Missy\Cookies\missy@realmedia[2].txt
C:\Documents and Settings\Missy\Cookies\missy@richmedia.yahoo[1].txt
C:\Documents and Settings\Missy\Cookies\missy@sales.liveperson[2].txt
C:\Documents and Settings\Missy\Cookies\missy@specificclick[2].txt
C:\Documents and Settings\Missy\Cookies\missy@trafficmp[1].txt
C:\Documents and Settings\Missy\Cookies\missy@zedo[1].txt
-------------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/19/2008 at 10:09 PM

Application Version : 4.23.1006

Core Rules Database Version : 3680
Trace Rules Database Version: 1659

Scan type : Complete Scan
Total Scan Time : 00:47:54

Memory items scanned : 483
Memory threats detected : 0
Registry items scanned : 6225
Registry threats detected : 3
File items scanned : 84487
File threats detected : 0

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
----------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1523
Windows 5.1.2600 Service Pack 3

12/19/2008 8:00:30 PM
mbam-log-2008-12-19 (20-00-30).txt

Scan type: Quick Scan
Objects scanned: 81870
Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------

Malwarebytes' Anti-Malware 1.31
Database version: 1517
Windows 5.1.2600 Service Pack 3

12/18/2008 7:25:55 PM
mbam-log-2008-12-18 (19-25-55).txt

Scan type: Quick Scan
Objects scanned: 81322
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:52 PM

Posted 20 December 2008 - 09:55 AM

Trojan.bho is not being removed by those two programs. Try one more and if that doesn't find and remove it you will need to post a HJT log in the HJT forum. NOT IN THIS FORUM. Instructions are in the links below.

In the link below are instructions for using DrWeb Cureit.
http://www.bleepingcomputer.com/forums/ind...t&p=1042539

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 20 December 2008 - 11:27 AM

Thanks, the link to the DrWeb Curit instructions doesn't work for me.

#9 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:52 PM

Posted 20 December 2008 - 11:34 AM

Try this link
http://www.bleepingcomputer.com/forums/ind...st&p=961952
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 20 December 2008 - 03:35 PM

Log from DrWeb, did this take care of it?
--------------------------------------------------
A0015948.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204;Trojan.Virtumod.1534;Deleted.;
A0015949.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204;Trojan.Virtumod.1534;Deleted.;
A0015950.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204;Trojan.Virtumod.1534;Deleted.;
A0018094.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209;Trojan.DownLoad.12946;Deleted.;
A0018095.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209;Trojan.DownLoad.12946;Deleted.;
A0018096.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP209;Trojan.DownLoad.12946;Deleted.;
A0019147.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019148.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019149.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019150.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019151.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019152.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019153.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019154.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019155.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019156.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019157.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019158.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019159.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019160.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019161.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.DownLoad.12946;Deleted.;
A0019162.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019163.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019164.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019165.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Siggen.568;Deleted.;
A0019179.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.DownLoad.12946;Deleted.;
A0019180.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.DownLoad.12946;Deleted.;
A0019182.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;
A0019183.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211;Trojan.Virtumod.1459;Deleted.;

#11 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:52 PM

Posted 20 December 2008 - 03:47 PM

No, those files are in system restore and will be removed last. They won't cause a problem as long as you don't use "system restore".

Suggest you update MBAM and do a quick scan and if it doesn't find and remove the trojan.bho you should post a HJT log by following the instructions in the link in my last post. DO NOT POST THE HJT LOG IN THIS FORUM.

There is one other scan you might try. http://www.bitdefender.com/scan8/ie.html
Allow it to quarantine or remove whatever it finds. The Bit Defender online scanner uses activex so it will only work in the IE browser.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 dschwake

dschwake
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 20 December 2008 - 10:45 PM

I don't think those 2 scans did it for me, right? MBAM & Bitdefender logs below. Time to move on to the HJT forum? Thanks for your help Buddy.
-----------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1526
Windows 5.1.2600 Service Pack 3

12/20/2008 5:24:13 PM
mbam-log-2008-12-20 (17-24-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 137249
Time elapsed: 38 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Dec 20, 2008 - 21:38:53
--------------------------------------------------------------------------------
Scan Info
Scanned Files
348481
Infected Files
0
Virus Detected
No virus found.
--------------------------------------------------------------------------------
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

#13 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:52 PM

Posted 21 December 2008 - 07:55 AM

Yes, post the HJT log in the HJT Forum.
It may take a few days for one of the HJT team members to get to you, especially with the holidays coming up.

You can block the Ad/ tracking cookies from ever installing on your computer by following the steps below.
This applies to Internet explorer browsers.
Click on tools
click on internet options
click on privacy tab
click on advanced button
put a check in the box next to override automatic cookie handling
put a check in the box next to first party accept
put a check in the box next to block third party cookies (those are the ad/ tracking cookies that AVG deletes)
Click OK to exit
Then run a scan with SAS to remove the existing third party cookies.

If you haven't updated your programs as suggested in my first post, it is important that you do that. MBAM says that the malware that you have is installed by an exploit. Likely a Java one. After installing the latest Java, be sure to go to the Add/Remove program and delete ALL old Java programs.

There is a great little program called Spyware Blaster that blocks dangerous ActiveX exploits, sites used to install malware, etc. It use no computer resources. Only requires updating twice a month. Here is a link.
http://www.javacoolsoftware.com/spywareblaster.html

Edited by buddy215, 21 December 2008 - 08:15 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:52 PM

Posted 22 December 2008 - 11:15 PM

Hello dschwake,

Now that you have a log is posted here: http://www.bleepingcomputer.com/forums/t/188369/infected-with-vundo/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users