Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Pc Is Getting Taken Over ! Help Please !


  • Please log in to reply
4 replies to this topic

#1 shred1970

shred1970

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 31 March 2007 - 07:00 AM

Please help me... my pc is overrun by hijaking. I have manually deleted some of the baddies but it still comes back. I do know how to start in safe mode and also have "hijackthis" program although when I save the log from hijack this I dont know where to find the log to copy and send to U guys. Anyways all this occurred by running a game file that I downloaded off "winmx" (actually 2) Now I have hijacking and toolbar probs. I've discovered 2 .dll's in system 32 that were created on the day and time that I ran the downloaded game programs.... they are mljjh.dll and mlhjgec , I cant delete them and hijack this in safe mode wouldn't delete them either. My ad-aware se pro has/seems to be infected ( the program has changed option on me)
and spybot search and destroy has picked up the smitfraud toolbar 888. Also my norton (up to date) is giving me aler after alert............. please help !
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

BC AdBot (Login to Remove)

 


#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:24 PM

Posted 31 March 2007 - 08:10 AM

Hello and welcome,

To start the system in safe mode, you usually pres F8 when the computer is booting up. the hijackthis log should be in the same location as the hijack this installer.
Regards,

Alan.

#3 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:24 AM

Posted 31 March 2007 - 10:08 AM

You have a Vundo trojan. More info in the link below and it has a link for Symantec Removal Tool.

http://www.bleepingcomputer.com/forums/t/3494/how-to-remove-virtumonde-stopguard-catlevents-trojanvundo/

Turn off system restore. This will remove all restore points since some are infected and will make scanning quicker. Turn system restore back on after you are malware free.
http://www.real-knowledge.com/flushres.htm

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. This will make your scans faster. Run the cleaner again after you are malware free.
http://www.ccleaner.com/

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
(pre-Vista OS's)
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 31 March 2007 - 12:17 PM

Hi shred1970,

Your best bet is to get your log posted in the HJT forum as soon as possible. You've already been linked to the Prep Guide, but here it is again--please follow all those steps that apply to you: Preparation Guide For Use Before Posting A Hijackthis Log

Delete any copies of HijackThis.zip that you may have saved on your system before beginning Step 9. When you follow the instructions in that step exactly your log should pop up in Notepad. If for some reason this doesn't happen, look in C:\Program Files\HijackThis folder for hijackthis.log file. Any time you click on Save Log button after a scan or save it another way, this file will be saved in whatever folder HijackThis.exe is in.

You have a Vundo trojan. More info in the link below and it has a link for Symantec Removal Tool.

http://www.bleepingcomputer.com/forums/t/3494/how-to-remove-virtumonde-stopguard-catlevents-trojanvundo/

Hmm, that's an old guide for when Vundo had to be removed manually and is a bit outdated. Most of the time Symantec's removal tools will work for a day or two then the malware changes and it doesn't do much good. There is a more recent self-help guide for some removal tools that are kept more up to date here: http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/

shred1970, you can try this process first, but I would still recommend posting a log, whether it works or not. Vundo may have changed since the last time these tools were updated and infections like these often come in bunches so there may be more that needs to be fixed that the tools aren't designed for.

Turn off system restore. This will remove all restore points since some are infected and will make scanning quicker. Turn system restore back on after you are malware free.
http://www.real-knowledge.com/flushres.htm


I have to disagree with turning off System Restore at this point. I know Symantec and other AV companies include this in their removal instructions, but it is more to cover their own backsides instead of reducing scanning time. Restore Points are protected by Windows and infections may be backed up there, but won't affect a system unless System Restore is used to "Go back". Most AV's can scan and find those infected backups, but can't remove them, which leads some to believe that they are still infected and that their AV is a POS if it can't fix it. It is the policy of most malware removal forums that use HJT and other tools that System Restore be enabled in case something goes south in the removal process. An infected Restore Point is better than none.

The thing about people

is they change

when they walk away.--Mipso


#5 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 31 March 2007 - 11:01 PM

:thumbsup: Thanks everyone for all your help. My pc "seems" to be in recovery. I will have some reading up to do before I post a hijack this log, though when time permits. Thanks again :flowers:
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users