Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Quake


  • Please log in to reply
7 replies to this topic

#1 dustin79

dustin79

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 02 June 2006 - 01:34 AM

Hi, I went through the automatic tutorial here:

http://www.bleepingcomputer.com/forums/top....html#automated

I still have the 'your computer is infected' box in the bottom right.

Here is my task.txt:

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb}"="fumarases"


sharedtaskkey: a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb
---------------------------------------------------
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb}]

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb}\InProcServer32]
@="C:\\WINDOWS\\System32\\vhywj.dll"
"ThreadingModel"="Apartment"

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:25 AM

Posted 02 June 2006 - 02:47 AM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 AM

Posted 02 June 2006 - 10:12 AM

Yup its a new variant. Follow the instructions and when looking for dlls to rename, rename that one as well. I will update the guide soon.

#4 dustin79

dustin79
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 02 June 2006 - 11:48 AM

Does the automatic method fix those dlls or should I go through the manual method? And are those the updates that are on the replies at the bottom of that page or are the updates still coming?

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 AM

Posted 02 June 2006 - 01:04 PM

There are always updates coming..but you identified the bad dll, so do the manual fix and delete that particular file when you are at that part.

#6 dustin79

dustin79
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 02 June 2006 - 02:14 PM

I'm sorry for being a noob but where did i id the bad dll... is it this from task.txt:

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb}\InProcServer32]
@="C:\\WINDOWS\\System32\\vhywj.dll"

?


Also, is VCodec or whatever installed of this gone also?

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 AM

Posted 02 June 2006 - 02:32 PM

C:\\WINDOWS\\System32\\vhywj.dll

Thats the bad dll

Gimme 10 minutes and ill update the guide for you.

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 AM

Posted 02 June 2006 - 04:09 PM

Guide has been updated




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users