Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


popups again!

  • Please log in to reply
2 replies to this topic

#1 maroon


  • Members
  • 10 posts
  • Local time:06:44 PM

Posted 27 December 2008 - 07:10 PM

hey guys

right basically i was drunk last night and was on the computer and when i went on this morning as soon as i opened a webpage a pop up came of. i quickly opened AVG and ran it then spybot S&D and ran it then i tried malware antibytes and still the popups keep appearing. im getting stuff like www.searchme.com with what i just searched after it ad=addon2-searchme:visual search beta and c5.zedo.com/jsc/c5/ff2.html?
and something like spyware/adware 360 which does that fake little scan thing

help is much appreciated
thanks iin advance

Edit: Links disabled, to preclude possible infection. ~tg

Edited by tg1911, 27 December 2008 - 08:51 PM.

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:44 PM

Posted 27 December 2008 - 09:50 PM

If you use Spybot's Teatimer, disable it for now.

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here for review
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 maroon

  • Topic Starter

  • Members
  • 10 posts
  • Local time:06:44 PM

Posted 28 December 2008 - 12:05 PM

heres the log:

Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 3

28/12/2008 16:55:47
mbam-log-2008-12-28 (16-55-47).txt

Scan type: Full Scan (C:\|G:\|I:\|)
Objects scanned: 189073
Time elapsed: 2 hour(s), 27 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\jojilite.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c8efa65-268e-48d3-bb6c-31cd21011001} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c8efa65-268e-48d3-bb6c-31cd21011001} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{220a105a-16ee-44c1-a4c8-ad76c709fc1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{393c2547-b2ab-422c-87af-385238c73416} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf3fef85a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{393c2547-b2ab-422c-87af-385238c73416} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jojilite.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jojilite.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\cameron\Local Settings\Temp\snapsnet (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\cameron\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\jojilite.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\cameron\Local Settings\Temp\nxrsmewoca.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\cameron\Local Settings\Temp\snapsnet\dPI191065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP432\A0150245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\cameron\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\cameron\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users