Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


What Did I Get Hit With?

  • This topic is locked This topic is locked
3 replies to this topic

#1 H Cuz

H Cuz

  • Members
  • 1 posts
  • Local time:02:36 PM

Posted 25 May 2007 - 11:22 PM

Wednesday, while I was browsing the Web, my Trojan Guard informed me of a threat. Before I knew it, a program called "WinAntiVirus Pro 2007" had installed itself on my computer. I tried some damage control, uninstalled the program, dealt with a number of popup windows, and ran TrojanHunter Scanner. Opening AVG caused it to warn me of a whole bunch of nasty-looking programs (PurityScan, et. al.) which I had it clean and quarantine.

After a reboot, Spybot Search & Destroy started asking me to add a couple registry entries; I denied and blacklisted them, and now I have a constant run of Spybot "Registry Change Denied" messages flooding the right side of my screen and slowing down my computer.

"Resident denied the change of {F36EA455-EE72-4D73-BCC9-8325121642EC} (category Browser Helper Object) based on your black list"
"Resident denied the change of {489263D0-1E71-4B29-B4D1-46DAA5856DF7} (category Browser Helper Object) based on your black list"
"Resident denied the change of dbfont (category Winlogon Notifiers) based on your black list"

And it's just those three over and over again.

It also routinely tells me "wlballoon" has been deleted and then asks me to add it back, which I do, since I'm pretty sure wlballoon is important.

I had AVG do a scan and quarantined all the results that came up, but this problem is still going. (I'm running AVG again now and it's found one of the same trojans -- Trojan.Small -- I thought I got rid of a couple days ago.) Posted about this on two other forums, haven't gotten any help yet. Tried to fix what I could in HijackThis, but no real results from that.

The constant barrage of Spybot "Registry Change Denied" messages has slowed down my computer and to be frank I'm kind of apprehensive about rebooting before I get help.


BC AdBot (Login to Remove)


#2 oldf@rt


  • Members
  • 2,609 posts
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:12:36 PM

Posted 25 May 2007 - 11:41 PM

There are two programs that should be able to clear up your problems, SuperantiSpyware: http://www.superantispyware.com and Rogue Remover, http://www.malwarebytes.org/rogueremover.php you will neet to run both of them. Make sure that you update the programs completely, and restart the computer after you install and update superantispyware. When you restart, use safe mode. Run rogue remover and let it clean everything that it wants to. then run a complete scan with SAS, let it clean everything that it finds, and then restart the computer again.

If there are any additional problems, please post a hijack this log in the correct forum, not here.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 buddy215


  • Moderator
  • 13,420 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 26 May 2007 - 06:59 AM

Sounds like Vundo is there, too.
Please download http://www.atribune.org/content/view/24/2/
to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,953 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:36 PM

Posted 26 May 2007 - 02:25 PM

Hello H Cuz

I see you have already posted a hijackthis log here. Please be patient while waiting for assistance. HJT Helpers are all volunteers regardless where you post a log. While waiting for a response, you should not ask for help elsewhere or make changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the HJT Helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

If you had posted your log here, similar rules would apply. We would ask that you be patient while awaiting a reply and refrain from asking for help elsewhere.

If you followed any of the advice already provided above, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusing, I am closing this thread. Should you need it reopened after your log has been reviewed and you have been cleared, please PM me or another moderator.

Thanks for your cooperation.

Edited by quietman7, 26 May 2007 - 02:30 PM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users