Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

stupid Trojin Virus!!! Help please.


  • This topic is locked This topic is locked
3 replies to this topic

#1 spacedmonkey

spacedmonkey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:08:49 PM

Posted 08 December 2009 - 04:14 PM

Hey guys, (ok, I spelled Trojan wrong..) here is my problem.

My laptop computer started going real slow and getting pop up advertisements last Thursday.
I updated and ran McAfee. McAfee found files called Trojan Artemis! and quarantined them, I did the removal process and shut down the computer. Today I turn my computer on and it is doing the same thing.
I tried to run Spy-bot S&D but it said there were files missing, wouldn't work.
I also tried to start the computer is Safe Mode, but all that did was go to that blue screen...
Irun ATF Cleaner and then downloaded Malwarebytes so that I could scan the system. I ran ATF and it ran fine. But, I can not get Malware bytes to install. A screen pops up and s ays "unable to execute file. Create process failed;code 2. Can not find file." and will not load or install.

I then went to the malwarebyts web page and looked at there forums and there was a process to get past that screen, tried that and I get this message: "Error Code:707 (3,0)"

Here are other weird things that are happening that started at the same time.
When I start up the computer I get a pop up that says: " logon.exe - can not find logon.exe"
also a file opens that C:Program FilesCommon
I don't know if these things have anything to do with it or not.

Here is my HiJackThis log...
thanks for any help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:59 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:program filescommon filesmcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
C:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSExplorer.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSsystem32WLTRAY.exe
C:WINDOWSstsystra.exe
C:Program FilesGoogleGmail Notifiergnotify.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMySpaceIMMySpaceIM.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesIntuitQuickBooksQBUpdateqbupdate.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsSaruDesktopHiJackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (file missing)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:Program FilesStumbleUponStumbleUponIEBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:Program FilesStumbleUponStumbleUponIEBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:Program FilesGoogleGmail Notifiergnotify.exe
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [mcagent_exe] "C:Program FilesMcAfee.comAgentmcagent.exe" /runkey
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [widofowit] Rundll32.exe "c:windowssystem32hubomuhe.dll",a
O4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [MySpaceIM] C:Program FilesMySpaceIMMySpaceIM.exe
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..RunOnce: [Shockwave Updater] C:WINDOWSsystem32AdobeShockwave 11SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.0.14)_Gecko/2009082707_Firefox/3.0.14_(.NET_CLR_3.5.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?dwin=1&id=jigsawpuzzles&fullScreen=1"
O4 - HKUSS-1-5-21-1975040035-3894360844-3410339798-1006..Run: [ModemOnHold] C:Program FilesNetWaitingnetWaiting.exe (User 'QBDataServiceUser18')
O4 - HKUSS-1-5-18..Run: [MySpaceIM] C:Program FilesMySpaceIMMySpaceIM.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [MySpaceIM] C:Program FilesMySpaceIMMySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:Program FilesCommon FilesIntuitQuickBooksQBUpdateqbupdate.exe
O8 - Extra context menu item: Add to Evernote - res://C:Program FilesEvernoteEvernote3enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:Program FilesieSpellMerriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:Program FilesieSpellwikipedia.HTM
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1Office12REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:Program FilesEvernoteEvernote3enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:Program FilesEvernoteEvernote3enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47...amesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Cu...WebManager.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUp...eUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.....;/bejeweled.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49.....;/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148568090259
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...couponsbar.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42...y/tilecity.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_46.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_24.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:Program FilesIntuitQuickBooks 2005HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O20 - AppInit_DLLs: c:windowssystem32jipikudi.dll monigula.dll c:windowssystem32hubomuhe.dll c:windowssystem32yajosofo.dll
O21 - SSODL: giwobomuw - {829e6c31-7623-4315-b6a3-532aee946e79} - c:windowssystem32jipikudi.dll (file missing)
O21 - SSODL: hagofosos - {852b7967-b503-4591-95fb-e6f47f5f6049} - c:windowssystem32yajosofo.dll
O21 - SSODL: polusenub - {18524970-7242-4c90-ba81-2a19472cd96b} - c:windowssystem32hubomuhe.dll
O22 - SharedTaskScheduler: gahurihor - {829e6c31-7623-4315-b6a3-532aee946e79} - c:windowssystem32jipikudi.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {852b7967-b503-4591-95fb-e6f47f5f6049} - c:windowssystem32yajosofo.dll
O22 - SharedTaskScheduler: jugezatag - {18524970-7242-4c90-ba81-2a19472cd96b} - c:windowssystem32hubomuhe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9d238b17bbbd) (gupdate1c9d238b17bbbd) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:program filescommon filesmcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:Program FilesCommon FilesIntuitQuickBooksFCSIntuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:PROGRA~1IntuitQUICKB~1QBDBMgrN.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:Program FilesStumbleUponStumbleUponUpdateService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE

--
End of file - 16376 bytes

oh and some more info, just in case....

I was able to do another virus scan using McAfee and it didn't find the Trojin Artemis!, but it did find Vundo.gen.ab Trojan and Fake-Alert-JU Trojan.
So, I went ahead and used the "remove" option on McAfee and restarted the system.

Well Now my computer is even worse! It doesn't start up half the time (or shut down) I am getting a pop up literaly ever 2 seconds saying that McAfee has blocked a Trojin. "Vundo.gen.ab Trojin Virus Location: C:WINDOWSsystem32monigula.dll" I can't hardly run or open anything on the system.
I tryed to scan the system again, but no luck. I also tryed to download Avast to a thumbdrive and run it on the sytem, but that didn't work eather. Error message says "Scanning has encountered a problem witch it cannot recover. - error getting scan progress"

I have tryed everything that I know what to do and everthing thing that other forums have said to do but I need some help!!

Edited by boopme, 08 December 2009 - 04:40 PM.


BC AdBot (Login to Remove)

 


#2 spacedmonkey

spacedmonkey
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:08:49 PM

Posted 11 December 2009 - 11:47 AM

:( Well, I still have the issue with my computer. I can't connect to the internet now. But the McAfee pop ups have stoped. (at least for now) This morning my computer didn't even want to turn on. I'm doing another McAfee scan to see what it comes up with. But right now I don't knopw what to do next.
Anyone can help out that would be great... Thanks!!

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:49 PM

Posted 20 December 2009 - 06:58 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:49 PM

Posted 26 December 2009 - 02:50 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users