Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo.H Infection Toqztgo.dll


  • Please log in to reply
No replies to this topic

#1 jctbmw

jctbmw

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 17 April 2009 - 10:40 AM

Hi,

I was on the NYTimes early Tuesday and clicked on a news article link and was redirected to a chinese website with a page about Chinese sex_museum.

I then got the AntiSpy ware 2009 pop-up that started simulating a scan of my machine and finding all of these viruses.

See attached image.

Virus infection appears to be in the registry and a couple of files:

1. Toqztgo.dll
2. awhckpqo
3. Registry Entry: Winlogon/Notify/awhckpqo
4. Registry Entry: Internet Explorer/Browser Helper Object

Actions that I have taken:

1. My PC has Norton and it's up to date, it identified a bloodhound virus that it quarantined and then deleted.
2. Ran Norton Scan several times
3. Uninstalled from the control panel: Internet Explorer v7.0.8
4. Ran Malware AntiBytes several times it just quarantines the dlls and registry entries, but when I delete it comes right back.
5. Rebooted my machine in diagnostic mode and tried to delete the two dlls but still got access denied
6. Defraged harddrive, don't ask me why I did it, I was desperate.
7. Tried to rename the files, copy the files then delete, etc, don't ask why .... desperate.
8. Downloaded and ran the ComboFix utility .... Have not submitted the log for a script.

Results of action above:

1. The dll Toqztgo.dll does not show up as a running task nor does a few other viruses
2. The dlls above are still on my machine
3. I switched temporarily to using Firefox for now, but can't work as I have to VPN to my company network remotely and can't do it with this virus hanging around.

Any assistance would be appreciated.
Original Posting with screenshot

Edited by jctbmw, 17 April 2009 - 10:45 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users