Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


IS 2010 / Vundo / Netsky Redirect Malware - Now can't boot at all

  • Please log in to reply
No replies to this topic

#1 wilberforce


  • Members
  • 1 posts
  • Local time:04:24 AM

Posted 20 January 2010 - 02:25 AM

A couple of days ago I experienced the browser random redirect problem (referred to by other posters here and elsewhere) when clicking on search results from Google.com as well as random pop-ups. I then left town for a couple of days, but on returning last night, had the same problem. Full scan by Norton 360 did not appear to pick up anything but I wanted to get rid of the problem as I feared the my system (Lenovo T61 running XP Pro) might be compromised. E-mail and Advanced Sonar Settings on Norton 360 had been switched off and could not be turned back on. Norton's One Click Support attempted to autoload on many occasions but never completed. I only had N360 and Spyware Doctor & Spyware Blaster loaded on my computer, though I can't remember if Windows Defender firewall was also active. (This whole crisis has proven disorienting, so I apologize for the lack of details and hope someone can aid me even given the scant details)

I had no problem accessing regedit (as some other posters reported) and ipconfig did not appear to indicate a problem with the DNS or ip settings on my computer.

Hoping to identify the source of the problem through internet research on my spouse's laptop, and figuring 360 might not be working correctly, I downloaded Malwarebytes. After a full scan using this and the Windows Live online scan, followed by a full 3-hour scan by Avast (which I also downloaded) my system was found to contain a variety of malware and viruses. As best I can recall, they included (in rough order of diagnosis):
Exploit Java/CVE-2008-5353.A
Trojan Java/Selace.E
CoreGuard Antivirus 2009

I also received error messages saying that there was an error loading "Windows/System32/johirija.dll" -- Specific module not found

At some point this morning, the wallpaper on my PC changed to the ugly green with the "Your System is Infected!" text, urging me to click on the pop-ups. My tray also contained the red circle with white X masquerading as a spyware solution, but I believe I steered clear of it.

At any rate, when Spyware Blaster found 20+ harmful threats, it took care of all but three but said a reboot was necessary to rid the rest. I first let the Avast scan run as well, and it identified several more threats and also requested a reboot. I was very worried about whether my computer would indeed reboot and so also took steps (suggested in one of the dozens of posts I read) to rename several apparently random-named files in my C:\ main directory. One of these files (nqvkiv.exe) was identified and quarantined by Avast. Hoping to rid every last remnant of contamination, I also (perhaps foolishly) decided to try renaming the other four (ygjst.exe ahhf.exe ajeesil.exe and auhbifch.exe) and then subsequently decided to send them to the recycling bin.

I then allowed Avast to reboot and since then, have not been able to boot my system. Not in Safe Mode, Not in Normal Mode, Not using Last Known Good Configuration.

Safe Mode only gives me a scrolling list of files in the System directory, and Normal or Last Known config boot with the Blue Screen. If it helps, the error message provides the following Technical Information:

*** STOP: 0X0000007B 0XF78BC524 0XC0000034 0X00000000 0X00000000

I would be exceedingly and eternally grateful to anyone who can come up with a means of helping me to reboot. Please help!

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users