Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/adwares/slowcomputer


  • Please log in to reply
11 replies to this topic

#1 supahhhhH

supahhhhH

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 29 December 2008 - 04:08 AM

Hello BC forums. I am having problem with my computer for a while now, and the problem now has gone Insane. My computer is reacting really slow, taking while to load programs and my internet keeps popping up unwanted ads and other junks. I downloaded a free adware program called Ad-ware from Lavasoft 2008 and scanned it many times. Each time i scan, the same stuff appear...doesnt seem to get deleted. I also used the AVG anti-virus program, it does the same thing....after i restart my computer/scan/the same items appear. I have ran out of solution and seek technical help.


these two errors appear when i start up computer:

Microsoft C++ Runtime Library
Runtime Error!
Program: C;\Program Files\Logitech\SetPoint\LU\LuLnchr.exe
R6002
-floating point not loaded

RUNDLL
Error loading C:\WINDOWS\system32\gifepujo.dll
The specified module couldn ot be found.



I am using:

Windows XP
Mozilla Firefox
Ad-ware 2008 7.0.1.10
AVG anti-virus

Edited by supahhhhH, 29 December 2008 - 04:15 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:25 AM

Posted 29 December 2008 - 09:06 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 supahhhhH

supahhhhH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 30 December 2008 - 01:24 AM

hello! happy holidays to you...here is my log

Malwarebytes' Anti-Malware 1.31
Database version: 1573
Windows 5.1.2600 Service Pack 3

12/29/2008 10:23:05 PM
mbam-log-2008-12-29 (22-23-05).txt

Scan type: Quick Scan
Objects scanned: 52429
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ewxvuy.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549361d1-db30-4b41-ae7d-ff059e963728} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{549361d1-db30-4b41-ae7d-ff059e963728} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18204534-9c52-4703-b2cb-cf547b059221} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18204534-9c52-4703-b2cb-cf547b059221} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18204534-9c52-4703-b2cb-cf547b059221} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jekojafade (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\kevo\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\kehitulo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olutihek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mamakale.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elakamam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sukogude.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edugokus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twxombby.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybbmoxwt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewxvuy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\drfkmxxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gddbji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnqpqygs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\rmocneaswx.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\omawrsexnc.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temporary Internet Files\Content.IE5\FS66415Y\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temporary Internet Files\Content.IE5\FS66415Y\winsinstall[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temporary Internet Files\Content.IE5\YHSCBWPC\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temporary Internet Files\Content.IE5\YHSCBWPC\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 supahhhhH

supahhhhH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 30 December 2008 - 01:33 AM

i have rebooted

#5 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 30 December 2008 - 02:04 AM

I have information about the two errors.

Error loading C:\WINDOWS\system32\gifepujo.dll

-- This is an unknown browser helper object (BHO)

Microsoft C++ Runtime Library
Runtime Error!
Program: C:\Program Files\Logitech\SetPoint\LU\LuLnchr.exe
R6002
-floating point not loaded

--This can be referenced here http://support.microsoft.com/kb/98345
--This also may reference an issues with the driver of the mouse. Make sure your driver is up-to-date. Microsoft Update can provide updates for this mouse.

Edited by Jay-P VIP, 30 December 2008 - 02:09 AM.


#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio

Posted 30 December 2008 - 11:22 AM

One more time please

Open MBAM and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan.
After scan click Remove Selected, Post new scan log and Reboot.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 supahhhhH

supahhhhH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 30 December 2008 - 03:34 PM

here is the latest scan...I scanned one before it and it caught alot more, ill post that in a new reply

Malwarebytes' Anti-Malware 1.31
Database version: 1578
Windows 5.1.2600 Service Pack 3

12/30/2008 12:32:56 PM
mbam-log-2008-12-30 (12-32-56).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 191329
Time elapsed: 1 hour(s), 22 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\juruzg.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f69e2d61-0d14-48c2-b69b-7250cc15a127} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f69e2d61-0d14-48c2-b69b-7250cc15a127} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f69e2d61-0d14-48c2-b69b-7250cc15a127} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\juruzg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\kevo\Local Settings\Temporary Internet Files\Content.IE5\TD48XCZH\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cykdkhhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#8 supahhhhH

supahhhhH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 30 December 2008 - 03:44 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1573
Windows 5.1.2600 Service Pack 3

12/30/2008 10:57:56 AM
mbam-log-2008-12-30 (10-57-56).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 191449
Time elapsed: 1 hour(s), 24 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wecnglqc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUOgefe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJYOiFw.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32459ef2-3d9f-465a-976a-c6a451b96a93} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{32459ef2-3d9f-465a-976a-c6a451b96a93} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjyoifw (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{32459ef2-3d9f-465a-976a-c6a451b96a93} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e4376b0e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvuogefe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvuogefe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wvUOgefe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efegOUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efegOUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wecnglqc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cqlgncew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYOiFw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\kevo\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\xmwrsencoa.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\nocrxamews.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temp\mosarnewxc.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kevo\Local Settings\Temporary Internet Files\Content.IE5\TD48XCZH\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054721.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054722.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054723.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054730.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054740.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054741.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054743.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054752.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054786.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054788.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP307\A0054787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A4897184-C401-4337-86B6-BC86F647011F}\RP308\A0054814.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJDwvS.dll (Trojan.Vundo) -> Delete on reboot.

#9 supahhhhH

supahhhhH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 January 2009 - 06:51 AM

bump

#10 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:01:25 AM

Posted 02 January 2009 - 06:57 AM

Although im not meant to post here, please do not bump topics. If the moderator or BC Team member that was helping you hasn't replied for at least 24 hours, please PM them using the built in system. This avoids any confusion and ensures you get helped quicker,




James :thumbsup:
Please PM me if i have been assisting you and do not reply for 24 hours!

#11 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 02 January 2009 - 07:56 AM

It appears that you had Trojan.Vundo and all of its Trojan horse suite, which includes the downloader, trace of malware MS Juan, and installer of the Trojan horse. The one error for the BHO is verified. I had posted this information at an earlier time.

This BHO was a part of the traces of malware found.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

This error derived from Trojan.Vundo

I just looked up the Microsoft C++ runtime error. It seems as if this was popping up due to the infection of Trojan.Vundo. The reason this conclusion can be made is because Trojan.Vundo has the capability to throw out false errors, giving the user of the computer false information, and therefore making the user confused or frustrated.


I will let the moderator take it from here.

Edited by Jay-P VIP, 02 January 2009 - 08:09 AM.


#12 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:25 AM

Posted 02 January 2009 - 02:47 PM

It has it's hooks into the registry pretty bad. We're going to have to call in the big boys/girsl :thumbsup:
Please follow the preparation guide:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
There post the log in the proper forum, here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Good luck and have patience
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users