Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virus hit, desktop icons gone

  • Please log in to reply
2 replies to this topic

#1 imapotato


  • Members
  • 2 posts
  • Local time:11:51 AM

Posted 29 June 2011 - 11:05 AM

Guys, have an issue where my CEO caught something from a .pdf it looks like.

It is Windows Vista

His desktop icons and start menu items are gone, he tried to do a system restore and the first one did nothing, so he did another...I think thst negates the first, so an undo is impossible...maybe?

He tried to grab malwarebytes but stopzilla has a hijack out on goggle and then he got that on his drive.

I am pretty sure I got rid of stopzilla, but even after running Rkill>Malwarebytes>super anti spyware
His icons are still gone and I have an error stating his appdata\uverugug.dll cannot boot up...but that was a virus

Here is the Malwarebytes log

Thank you in advance for your help

Malwarebytes' Anti-Malware

Database version: 6976

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

6/29/2011 11:26:52 AM
mbam-log-2011-06-29 (11-26-52).txt

Scan type: Quick scan
Objects scanned: 325897
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\davedevor\AppData\Local\uverugug.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rpofijegohewateb (Trojan.Hiloti) -> Value: Rpofijegohewateb -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\davedevor\AppData\Local\uverugug.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\davedevor\local settings\uverugug.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\davedevor\local settings\application data\uverugug.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\davedevor\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\davedevor\AppData\Roaming\Adobe\plugs\mmc146.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\davedevor\AppData\Roaming\Adobe\plugs\mmc206.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\davedevor\AppData\Roaming\Adobe\plugs\mmc2127869.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\davedevor\AppData\Roaming\Adobe\plugs\mmc2129039.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\davedevor\AppData\Roaming\Adobe\plugs\mmc57.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Edited by imapotato, 29 June 2011 - 11:06 AM.

BC AdBot (Login to Remove)


#2 techextreme


    Bleepin Tech

  • Members
  • 2,125 posts
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:51 PM

Posted 29 June 2011 - 01:16 PM

Hi imapotato,

Can you please have a look at this self-help guide and pay special attention to points 3, 4, 5, and 18.

Please walk through the entire guide but be sure to read the points I stated carefully.

When complete, please post a new Malwarebytes Log. Please also be sure to update Malwarebytes before scanning.

"Admire those who attempt great things, even though they fail."

-- Seneca

#3 imapotato

  • Topic Starter

  • Members
  • 2 posts
  • Local time:11:51 AM

Posted 29 June 2011 - 03:25 PM

Thanks TE

I did everything except the unhide me

Never encountered a childish type rootkit trojan before. Either they have been really nasty or nothing.

I overthought this one

Have a great day knowing you helped immensely!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users