Over 1 million tech questions and answers.

Vundo.CEH Infection - Cannot Delete DLL Responsible

Q: Vundo.CEH Infection - Cannot Delete DLL Responsible

Well, this is the first time that I have had to post here despite the numerous virus and malware infections I have had to deal with. For the first time the combination of CA AntiVirus and MalwareBytes has failed to clear a problem. CA Antivirus reports an infection of Vundo.CEH in a file "C:\Windows\system32\cyzystno.dll", and I cannot get this file deleted. CA-AV cannot quarintine the file, MWB cannot deal with it, Killbox cannot touch it (Rename function over-ridden by a system process), etc. There are no other viruses detected by the antivirus scan. I come waving my white flag and posting my log file. I consider myself an expert PC user, programmer and system builder, but I confess I am beat. I'm planning on having a backup boot partition from now on to better facilitate the deletion of such files in the future. <sigh>...I remember when Vundo was easy.

Here is the log - I suspect a link with the unnamed BHO entry:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Greg at 22:43:52.20 on Tue 05/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2710 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Time Zone\TimeZone.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Greg\Desktop\Virus Tools\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {40154271-d33b-445d-a1cd-931052162279} - c:\windows\system32\cwvdxah.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Timezone] "c:\program files\microsoft time zone\TimeZone.exe"
uRun: [system tool]
mRun: [USRpdA] "c:\windows\system32\usrmlnka.exe" runservices \device\3cpipe-USRpdA
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Mirabilis ICQ] "d:\progra~1\icq\ICQNet.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [ShowIcon_Apacer_CRW Series Driver v1.17r016] "c:\program files\crw\shwicon.exe" -t"apacer\CRW Series Driver v1.17r016"
mRun: [WebDriveTray] c:\program files\netdrive\webdrive.exe /trayicon
mRun: [OSSelectorReinstall] "c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRunOnce: [UninstallLockedSOSFiles] c:\docume~1\greg\locals~1\temp\UninstallLockedSOSFiles.lnk
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuswi~1.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f1u201~1.lnk - c:\program files\belkin\f1u201.401\usbshare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - d:\progra~1\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: hmbdkint - cwvdxah.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-1-5 107512]
R0 lffycjtc;lffycjtc;c:\windows\system32\drivers\lffycjtc.sys [2004-8-4 23424]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-11-18 72696]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-4-27 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-4-27 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-4-27 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-4-27 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-4-27 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-27 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-4-27 128240]
R2 ceagovhn;Software Bus Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-12-12 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-12-10 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-12-19 297464]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-27 292080]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\netdrive\rffsd.sys [2007-8-6 67032]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-12-12 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-4-27 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-4-27 108368]
RUnknown ssfs0bbc;ssfs0bbc; [x]
S3 bDMusicb;bDMusicb;c:\docume~1\greg\locals~1\temp\bDMusicb.sys [2004-6-7 29696]
S3 Inmddsystc;Inmddsystc; [x]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-8-3 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-8-3 13532]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\unlocker\UnlockerDriver4.sys [2005-4-24 3584]
S4 RFNP32;WebDrive Provider; [x]
S4 Stifdn4tauc;Stifdn4tauc; [x]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-05-05 22:00 <DIR> --d----- c:\program files\Trend Micro
2009-05-05 15:23 <DIR> --d----- c:\program files\MSSOAP
2009-05-05 15:23 1,563,008 a------- c:\windows\WRSetup.dll
2009-05-05 15:23 <DIR> --d----- c:\program files\Webroot
2009-05-05 15:23 164 a------- c:\windows\install.dat
2009-05-04 19:01 <DIR> --d----- c:\program files\Western Digital Corporation
2009-05-03 22:01 <DIR> --d----- c:\docume~1\greg\applic~1\dcumwcsi
2009-05-01 23:12 92,672 a------- c:\windows\system32\KillBox.exe
2009-04-30 13:10 <DIR> --d----- C:\!KillBox
2009-04-29 08:56 292,880 a------- c:\windows\sysguard.exe
2009-04-29 08:56 <DIR> --dsh--- c:\windows\system32\lowsec
2009-04-27 17:20 <DIR> --d----- c:\windows\CAVTemp
2009-04-27 17:13 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-04-27 17:13 <DIR> --d----- c:\program files\common files\Scanner
2009-04-27 17:13 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-04-27 17:13 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-04-27 17:13 111,856 a------- c:\windows\system32\isafprod.dll
2009-04-27 17:13 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-04-27 17:13 99,568 a------- c:\windows\system32\isafeif.dll
2009-04-27 17:13 83,256 a------- c:\windows\system32\vetredir.dll
2009-04-27 17:13 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-04-27 17:13 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-04-27 17:13 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-04-27 17:13 6,904 a------- c:\windows\system32\entitlement.xml
2009-04-27 16:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-04-25 01:21 <DIR> --d----- c:\docume~1\greg\applic~1\Microsoft Games
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-22 00:19 172,173 a------- c:\windows\system32\xlive.dll.cat

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-28 22:28 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-21 22:28 8,010 a------- c:\windows\system32\ealregsnapshot1.reg
2009-02-20 22:13 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-16 23:17 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2007-11-16 11:40 22,328 a------- c:\docume~1\greg\applic~1\PnkBstrK.sys
2007-08-04 02:39 866 a------- c:\program files\INSTALL.LOG
2008-07-07 23:30 1,377 a--sh--- c:\windows\system32\gMlkQqss.ini2
2008-11-20 11:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112020081121\index.dat

============= FINISH: 22:44:34.62 ===============

Preferred Solution: Vundo.CEH Infection - Cannot Delete DLL Responsible

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Vundo.CEH Infection - Cannot Delete DLL Responsible

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 6 answers

Hello, and thanks for your time! I had A huge problem with every virus known to man. Spyware, malware, Trojans, bho, the works!!!!!I got it mostly under control!!! Here is a list of the things that I have done to fix the problems.1. windows defender2. windows sp23. Java updated4. Spy bot s&d5. Norton 3606. every available update from Microsoft.7. Countless Hours of frustration, Swearing, and I almost cried, twice....Please help me fix this thing for good!!!!!!!!!!!!!!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:48:02 AM, on 4/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\... Read more

A:Vundo Infection, Bho Delete Problem

Hello AlittleFrustrated,

Welcome to the BleepingComputer Forums.
Since it has been a few days, please post a new HijackThis log.
Thank you for your patience.

Read other 10 answers

My computer crashed less than a half hour ago. Just turned itself off. I was able to reboot and didn't lose anything. After some searching I discovered the source of the problem: US Tech Support Framework which is a partner company with My Clean PC which is a scam. I started to download My Clean PC months ago, but discovered before I finished that it was a scam and quickly aborted the download and deleted everything. Apparently, this US Tech Support Framework downloaded itself on my computer October 14th, long after the near run in with My Clean PC. And my computer didn't have any problems until today. Needless to say, I quickly ran my anti-malware program and anti-virus program, as well as deleted US Tech Support Framework. Then I began the task of thoroughly searching my computer to delete every single file, anything related to US Tech Support Framework. The last thing I found of it was in this folder: Config.msi. in OS [C:]. I deleted everything related to US Tech inside the folder, and then tried to delete the folder itself. By the way, the folder was created the same day that US Tech found its way on my computer. But I'm not able to delete the folder. I've tried everything. I've claimed ownership on the folder, made sure I had all the permissions. I am the administrator, but every time I try to delete I get an error message that says I require permission from the administrators to make changes to this folder.

I'm at a complete loss and I want all traces of t... Read more

A:Computer Crash. Found Virus Responsible. Can't delete source folder.

You should've try to uninstall it first before deleting it with an anti-virus. But if you already deleted mostly everything already except the locked folder, i suggest getting Unlocker.


Read other 1 answers


This is my first time on your forums. I have tried everything, but my DIY has reached its wit's end. I am running a Windows XP (using Mozilla Firefox as my browers) system with a wireless DSL connection. I have been plagued by issues and I am left unable connect to the internet while still had an IP address . . . When I logged into Windows, I got a dialog box warning that mmwnd.exe was unable to load. I searched online for solutions and was lead to the spyware removal software PREVX 1.

I installed this and it found several infections, which it was able to isolate and remove. However, I was still unable to connect. Occasionally PREVX would trip on a piece of malware it called TOTOUR.EXE, upon finding this and isolating it (although it never showed in up as isolated) I was able to connect to the internet. However, when PREVX was unable to locate it on a restart I still had no connection.

So I again searched online, and saw that i should remove TOTOUR.EXE with killbox. This didn't work, apparently.

Further searching lead me to another virus checker called Superantispyware Pro. I installed this and ran it. It found, around 200 of pieces of malware/tracking cookies on my machine that it removed without incident. (To be extra sure, I ran it in safe mode too. It found a couple of hundred more(!). I scanned another time, and I actually think that it's finding the same pieces of malware but unable to remove them.

So this is where I am at. I have no internet... Read more

A:Large infection; No internet connection, possible TOTOUR.EXE responsible.

Hi, thorubos


Ty the following options:

First run SFC /Scannow

In the event there is a missing file it will be restored.
Enter your Control Panel and double-click on Network Connections
Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL, or AOL Connection.

Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Press OK twice to get out of the properties screen
Restart the computer
Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

ipconfig /flushdns (The space between g and / is needed)

Restart the computer and Test

If that does not resolve the issue follow these steps:

Reset the Internet Protocol (TCP/IP)

Go to Start->Run, type CMD and click Ok. The MSDOS window will be displayed. At the prompt type the following and press Enter after each line:

netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
Restart the computer.

Warning Programs that access or monitor the Internet such as antivirus, firewall or proxy clients may be negatively affected when you run the netsh winsock reset command. If you have a program that no longer functions correctly after you use this resolution, reinstall the program to restore functionality.

Run the following commands:

regsvr32 netshell.dll
regsvr32 netcfgx.dll
regsvr... Read more

Read other 1 answers

I just noticed today that I was getting strange popups on sites where their are none such as facebook and youtube. I scanned with Malawarebytes and it found a couple trojans. It restarted to delete them and on restart I got a RUNDLL error about the file that was just deleted and then a barrage of Avira warnings about the same DLL. When ever I try to delete it it just comes back.Thank you in advance,NecoLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:25:25 PM, on 11/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\IntelDH\CCU\AlertService.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHo... Read more

A:Vundo.H and Vundo infection / Random Popups

Hello Neco,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Do not attach your log, as that makes it hard to read. **********************Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply. Do not attach your log, as that makes it hard to read.**********************Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt
Do not attach your logs, as that makes it hard to read.

Read other 2 answers

Hello, I read your rules and tried running everything you said. I removed viewpoint media player myself and installed the ie spyad.txt file as described. Pandascan and Deckard however wouldn't work for me. Panda's site wasn't responding and dss.exe crashes when it tries to clean my temporary files. I made sure nothing else was running when running DSS as well. As for the updates, unless they're critical to removing this virus, I can't even download them in a timely manner to keep up with you as I'm on 56k. Enough rambling, I ran your Vundo removal tool and it DID remove the Vundo virus, but I still have random popups in Firefox linking back to adult sites. It's not creating the IDKFA file it was before since I ran your Vundo tool, only popups are left. Sorry for rambling so much, here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:55 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Co... Read more

A:[SOLVED] Another Vundo Infection, Vundo.N variant

Just wanted to be sure you've intentionally marked this as solved.

If you still need help, or just want to be sure....

To run DSS, do this:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please run Deckard's System Scanner once again, this time using these instructions (this assumes dss.exe is on your desktop):

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config UnTick Temp Cleanup on the left side, UnTick Event Logs on the right side.

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

Read other 2 answers

Over the past few weeks I keep getting a recurring Antivirus Pro 2010 infection. I've "cleaned" it with Malwarebytes, AdAware, and SpyBot. It keeps coming back! I subsequently ran StopZilla and was alerted to the additional infections of Vundo.A1, Vundo.A2, and PWS.ABD. I didn't want to purchase StopZilla to clean it due to my unsuccessful attempts with 3 other scanners, but it was interesting that the Vundo and PWS.ABD had not been founds with the former scanners and only StopZilla. I have run ComboFix and HijackThis logs and have attached them in the event you may find them useful. Thanks in advance for your assistance.

A:Antivirus Pro 2010, Vundo.A1, Vundo.A2, PWS.ABD Infection!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers

I've had minor infections in the past, usually solved by following the instructions of other fixed threads. This is a bad one and I really need help.

It started when I downloaded an episode of criminal minds over bit torrent that required a "content license" that turned out to be the Vundo Trojan. My google search results were being redirected to ad.yieldmanager.com and searchfindsite and AVG Free/Spybot Search & Destroy detected infections in the Windows/Temp/ directory but they kept coming back after being removed. I also tried Malwarebytes and Combofix, but the registry keys seem familiar enough to me. Two were out of place, but there must be more because I'm still having problems.

I can't boot to Safe Mode. Upon loading the DOS libraries, the system restarts. Also, Root Repeal crashes my computer when I try to run a report. Here is my DDS log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Heikkila at 1:50:51.25 on Tue 12/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1356 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsv... Read more

A:Trojan Vundo PL, Vundo H Infection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 7 answers

Have worked at least 24 hours over the past few days to rid computer of multiple Trojans. Cannot get rid of Vundo. Have run Webroot Spy Sweeper, Lavasoft AdAware, SuperAntiSpyware, and McAfee. Only SuperAntiSpyware detects anything, but even after cleaning, it comes back with a vengeance. At this point, I'm getting multiple popus/security alerts/and such decreased performance that this post is difficult to type as it doesn't take all letters entered. I also ran Hijack This and Combofix. I failed to save the Combofix log, but I'll be glad to run it again, if need be. Any help would be GREATLY appreciated!!!!!!!Hijack this (ran moments ago) . . . Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:22, on 2007-10-16Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft SQL Server\MSSQL$MI... Read more

A:Vundo/vundo Variant Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum dgm My name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Now go to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

Read other 22 answers

shalom from israel,
hi everyone, im a newbie here and im seriously needing a help since i got this nasty trojan virus TR/VUNDO.GEN since yesterday, i try to delete it in my anti-virus ( avira ) but still it keeps coming back, i did a complete scan in superantisyware and ad-aware already and i juz scan it with hijackthis v2.0.2 today, i dunno what to do with the log file so im hoping anybody out here can help me fix my problem.

thank u in advance and im patiently waiting here.

A:need to delete TR/VUNDO.gen

some1 is willing to help me plllllsss???

Read other 19 answers

I am fortunate enough to have Vundo. Have been trying to rid my system of this for a few hours. I seem to be having the same problems with Norton as everyone else: C:\WINDOWS\system32\ssttu.dll.

Here is my log

Logfile of HijackThis v1.99.1
Scan saved at 1:21:50 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.... Read more

A:Can not delete Vundo

Read other 7 answers

Hi all,
I have had incredimail for the past few weeks and suddenly my pc is having big problems. Sometimes it will not load everything when it is booting up, sometimes it just freezes completely. Also when I run windows media player it freezes too. Any ideas of whether it could be incredimail or anything else? Have scanned with AVG and also symantec scanner, and nothing found.
Many thanks in anticipation.

A:Could incredimail be responsible??

Read other 16 answers

Symptoms - cannot double, click can't scroll, now I am getting redirected on searches with google. I need help a.s.a.p to get my laptop back as I use it for school and work. It's been down for a week now. Also, if you happen to notice anything I can remove that is not needed that would be awesome too. Trying to figure out how I even got this trojan in the first place. I want to thank you in advance for your time and help! It is much appreciated.

My Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:42 AM, on 11/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\1203831485\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtr... Read more

A:Vundo trojan - won't delete, please help!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a

Having problems with spyware and pop-ups? First Steps

link at the top of each page.


Please follow our pre-posting process outlined here:


After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


Read other 1 answers

Have been besieged with popups for about a week. IE7 launches unpredictably with some kind of ad (my default browser is FireFox). XP-Home, SP2, updates are current.Mcafee finds nothing. AdAware found stuff early in the week, but it's gone now. SpywareBot finds a lot of VUNDO items: it deletes them, but they come back immediately (if I run another scan without doing anything else). Vundofix found a lot of items and removed them, but SpywareBot still finds it and I still get popups. AVG found a lot of stuff (several Downloaders, none of which were VUNDO) and deleted them; one of the items deleted was j6291937.dll, and Windows now complains that it's missing now when it boots. Stinger found nothing. I'm concerned that SpywareBot seems incapable of eradicating VUNDO. Any advice is appreciated. Hijackthis log follows.Thanks,Elizabeth and EdwardLogfile of HijackThis v1.99.1Scan saved at 4:35:46 PM, on 6/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\winlogon.exeC:\windows\system\hpsysdrv.exeC:\Program Fil... Read more

A:Can't Delete Vundo And Friends

Hello,I see you are running AdWatch. I suggest you disable it because it can interfere with the fixes.To disable AdWatch:Open AdAware SE.Go to AdWatch User Interface.Go to Tools and Preferences.At the bottom of the screen you will see 2 options Active and Automatic.Active: This will turn Ad-Watch On\Off without closing itAutomatic: Suspicious activity will be blocked automaticallyUncheck both options. You can enable these after resolving your problemThen uninstall SpywareBot, because it has a questionable reputation. Note: Do not confuse this one with Spybot Search & destroy. That one is ok.Then, * Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 8 answers

[Windows XP Professional Version 2002, SP 2] Norton Antivirus detected but cannot fix or delete trojan.vundo in c:\windows\system32\pmkjk.dll. I downloaded and ran the fix vundo tool from symantec, but it won't fix or remove the file either. When I attempt to manually delete the file, I receive this error: "Cannot delete pmkjk. It is being used by another person or program."

A:vundo: pmkjk.dll cannot delete

Read other 7 answers

Judging by this and this, you folks are magical, even with vundo. Computer's symptoms: popup windows in firefox after new searches, significantly worse performance than yesterday, long hard drive read/writes, and McAfee and ad aware both pick up files that they recognize as Vundo or Vundo!grb. I could make an attempt at a fix on my own, but I'd really like some help.Thanks very much for the help. DDS follows.DDS (Ver_09-02-01.01) - NTFSx86 Run by Owner at 23:42:53.98 on Sun 02/15/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.370 [GMT -8:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Digital Media Reader\shwicon2k.exe... Read more

A:vundo!grb / vundo infection

Never mind all that. I've reinstalled windows - couldn't take the wait. Nevertheless, it's good to know that ya'll are out there, putting up with fools like me.


Read other 2 answers

Part of our strategy to do the right thing for our teenage offspring is to try and limit the amount of time they spend glued to the computer screen playing online games etc. We've tried parental management functions in our router to put time limits on IP leases but it turns out our isp has disabled those functions in the router. So I've tried setting up user accounts with password access. Waste of time because a 2 second search of Google finds 15 ways to circumvent account passwords. I know there must be a way to lock it down so the devious little blighters can't discover the passwords. I also want to know how to block access to a certain IP address so they can't log in to the router and find or change the Wi-Fi password. Can somebody give me some pointers at all?
Thanks in advance

A:Struggling to be a responsible parent

K9 parental control
Block web sites in more than 70 categories, including pornography, gambling, drugs, violence/hate/racism, malware/spyware, phishing
Force SafeSearch on all major search engines
Set time restrictions to block web access during designated times
Configure custom lists for "always allow" and "always block"
Override a web page block with password
Trust the enhanced anti-tampering, even children can't break
View easy reports to monitor and control web activity
Real-time categorization of new adult and malicious sites
Best free parental controls software/internet filter available
Compatible with Windows or Mac machines
Edit: Or use Windows 7 parental controls.  The parental controls do not have a setting for time restrictions on internet access. It only restricts time the computer can be used.

Read other 1 answers


...Perhaps you are copying a 14 GIG file (not actually applicable) ....more or less.... within/on the same hard drive. That will take some effort and time. What component is responsible for its speed in doing so.

My guess is the GHtz of the motherboard.

Hey...I had to find out from our wonderful group that the upload of attached files in e-mails was a function of your ISP.......

Somehow I do not think that I am getting any better.....ANY useful links would be greatly appreciated........

As always.....Thanks!!!!!

A:What Component Of The System Is Responsible.........

Since this sounds very much like a school type question. You also ask for links to support the answer so you can add them as resource when you answer this question.

I'll answer it this way. There are multiple factors that control the speed of file transfer. Processor speed is not the major factor. But I'll say this, one of the major factors that affects file transfer speed on a HDD is the quantity of HDD cache.

The rest you'll have to google. And you'll find a lot of information and some links you can honestly say you found on your own.

Read other 5 answers

I'm trying to make my own advanced theme (Custom window textures and stuff) but I can not find the .dll and .exe files that contain the graphics I wish to change. Any help on the subject would be greatly appreciated.

P.S. I do not want a program to do this for me like windowblindes.

A:Where are the .dll and .exe files responsible for the look of windows?

Welcome to the Seven Forums

There are many .dll, .exe, etc. that control the look of Windows, post some screenshots of the areas you would like to change either highlighting them or use arrows to point at the areas.

Use these tutorials for posting screenshots.
Screenshot with Paint
How to Use the Snipping Tool in Vista - Vista Forums
Screenshots and Files - Upload and Post in Seven Forums


Read other 5 answers


I've had a number of issues the past two weeks and my most recent one is CPU spiking. At first it seemed to be Firefox because it was floating from 80 - 90 and using almost 100%. When I closed and reopened its stopped, but I then I had random spikes from 30 - 100, but cannot figure out what the cause is; even after 20 minutes of watching the processes. Any know what that might be?


A:CPU Spike but I don't see the process responsible

Might try this program. http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

Read other 2 answers

Norton, Super anti spyware and ad-aware removed a bunch of files but Norton was unable to remove one trojan vundo dll. My compter still boots up a little slow and I am unable to get into control panel, add/remove programs and my clock. Every time I double click these 3 it says "the operation has been cancelled due to restrictions, please contact your system admin." I was having problems with popups prior to running these 3 programs but I'm still not sure if there completely gone. I'll post my hi-jack this log again.

The trojan Source: C:\WINDOWS\System32\ljjgfde.dll
Click for more information about this threat : Trojan.Vundo

Logfile of HijackThis v1.99.1
Scan saved at 9:39:53 AM, on 10/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Syste... Read more

A:I have a trojan vundo that Norton can't delete!

Read other 6 answers

NAV is picking the backups as viruses themselves, so should i delete them?

A:should i delete any HJT backups containing the vundo virus?


Read other 2 answers

This is the one great site which is helping for a long time, My PC is affected by Trojan Vundo,,My Norton always finds and delete it, but once i restart the computer it comes again, I also tried FIX VUNDO from norton but no result, I am just since my PC , has some inportant files and I may end up Formatting it, Please help admin, here is my Hijack this log file
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:08:38 AM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Progr... Read more

A:Trojan Vundo----- Norotn Cant Delete

Read other 10 answers

please can anyone give me the right advise to finally delete this trojan from my pc, my pc is being over run by mulitple infections and i just dont know how to get rid of it !

i am using windows vista, and my antivirus is bitdefender

A:Solved: Cant delete trojan vundo

Read other 16 answers

I am running winxp and keep getting a warning from Norton that I have this virus:
Object Name: C:\Windows\system32\geebx.dll
Virus Name Trojan.Vundo
Action Taken Unable to repair this file.

I have run Norton twice plus used their removal tool, tried to even do a manual removal as instructed on the Symantec web site and none of the files they said to remove in the registry were there.

Can someone help me with this problem?

Thanks in advance.

A:Solved: Cannot delete Trojan.Vundo

Read other 16 answers

Hi, im new to this forum, and I've searched this forum and google for answers on the problems im getting and I stumbled opon winetn32.dll. I tried to delete it but i coudn't T_T. I'm guessing you will need my HiJackThis log so I will be posting that. If you need anything else to help me, please tell. Thanks, Ken.

A:Help!! can't delete winetn32.dll. Need help with Trojan.Vundo!!

Post hijack

Read other 2 answers

I am having problems with Vundo Virus. This looks like a common thread, but I realize that there are different files to remove. Any help that you can offer is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 5:12:24 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\... Read more

A:Solved: Can't Delete Vundo Virus!

Read other 9 answers

Malwarebytes' Anti-Malware 1.31 says this in my MBAM log-

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac72c2b1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

in RunAlyzer it looks like this- ac72c2b1 rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll"b

Everytime I run Malwarebytes it is still there. How can I get rid of or fix this?

Also I have two entries that I believe that I should also destroy. Should I? (listed below)

the entries are xsjfn83jkemfofght C:\DOCUME~1PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe

and they are located at




I have tried the jump to the path option to delete all three of these through Malwarebytes and RunAlyzer with no success.

Please help.

I also just discovered that when Windows first load I get a box that says

Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.

I would really appreciate any information/help.

A:I can't delete Trojan.Vundo.H and winloggn. Please help.

I ran Vundo fix and it stated that I had no infections. Then I ran malwarebytes and it found the Vundo. H. I then hit remove button. I confirmed that it was removed with runalyzer. Not sure why it worked this time. Hopefully it stays that way.

Read other 3 answers

Hello, I'm new here but in need of drastic help. Here's the problem:

After several name changes, ect, I was finally able to run Malwarebytes Anti-malware. It found the vundo trojan and 2 registry keys. I however didn't keep the log. I told it to remove these, it asked for a restart and I proceded. Everything restarted fine, and I ran the program again. Again it found the same 3 things so it never deleted it. Repeated this 2 more times without it deleting it.

I then ran Combo-fix, I shouldn't of done this because I didn't have someone helping me with assistance. It also downloaded and installed the Windows recovery program that comes with it. Combo-fix found the following:


After restart, nothing came up at all except for the blue box that says AutoScan. I can also get to the task manager using CTRL-ALT-Delete.

What should my next steps be?

Thank you very much,


A:Can't delete Vundo with mbam, and combofix

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.You have a bad one aboard that requires tools specific to the HiJack This forum. Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you cannot produce the DDS logs, then post back here and we will provide you with further instructions.Orange Blossom

Read other 1 answers

Hi, I am new here but really need help. I've had alot of problems since 07/30/07 when my computer got the Trojan.vundo virus. I was on the phone with Symantec for about 8 hours and thought the problem was solved but it wasn't. :( If I run in normal mode there are all kinds of .tmp files that come up in Norton either as removed or unable to repair.. like every few seconds. I have used Vundofix.exe but there is one pesky file that will not go away, c:\windows\system32\vtstr.dll I have rebooted as instructed by Vundofix.exe but it still won't delete. When I connect to the internet I get crazy popups and my system is extremely slow. Help :(

A:Trojan.vundo cannot delete vtstr.dll help

Please follow MicroBell's 5 Step process outlined here:


After running through all the steps, please post the requested logs.

Read other 1 answers

Here is my log file. Already scanned with Hijack This. Norton Antivirus detects it in only one location, in the windows/system32 folder, and the file is called "mllml.dll". I looked through the log file, and there are 2 entries that have to do with that name. Im not sure how to remove it, because when i navigate to the windows/system32 directory, it says that the file cannot be removed because it is currently in use by another person/program. I used a program to find out which process was using the file, and it turned out to be winlogon.exe. I also tried the removal tool made specifically for removing this trojan by Symantec AND Microsoft, but when it scans it says the computer is not infected. Thats all the info I have to offer, Thanks ahead of time. Below is the log of the Hijack This scan.

Logfile of HijackThis v1.99.1
Scan saved at 4:43:42 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\... Read more

A:Cant delete Trojan.Vundo virus

Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and double click on KillVundo.bat
You will first be presented with a warning.
It should look like this
VundoFix V2.xx by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue.... Click to expand...
At this point press enter one time.
Next you will see:
Type in the file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):

Press Enter, then press the F6 key, then press En... Read more

Read other 1 answers

Firefox has been having sudden frequent crashes. Internet Explorer shuts down and gives me the message "runtime error." These crashes most often happen on the three main websites we use most frequently (Yahoo, Facebook, and a weather website). There is no warning when the crashes happen.

I've tried all the Firefox crash troubleshooting suggestions, with no satisfactory results. I regularly run scans with Malwarebytes, SUPERAntiSpyware Free, and AVG Free. AVG does pick up something called STDRT.EXE whenever I run a Super Mario game that we downloaded. AVG gives me the option of sending to virus vault, or "allowing". I've done both. I'm fairly sure that STDRT.EXE is not the culprit, since we've been playing Mario for a couple months, and the crashes have just happened in the last couple days. I'm no expert of course, which is why I'm here for help. Since the crashes started happening, I have dumped the Mario game onto a cd and uninstalled it from the computer.

I've also tried to do a system restore to a few dates previous to when this problem started, but it says "unable to restore" or something of that nature.....

Thanks for any help you can give.

Here are the scan logs you require:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:49:45 PM, on 8/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System3... Read more

A:Is STDRT.EXE responsible for recent crashes?

Windows are also very slow in opening.

When Firefox crashes, up comes Mozilla crash reporter which gives me the option of restarting Firefox or quitting. If I choose to restart then restore session, it brings me to the page that just crashed when I clicked on a link. If I click on the link it will crash again.

On the other hand, sometimes we can browse for quite some time before a crash happens. Very confusing

Read other 1 answers

Hi all,

i have some trouble on my machine with Windows 8.1 (non pro version) - let's call it "server". I just bought new antivirus program with firewall (BitDefender Total Security 2017). On "server" side i have few shares with WebDAV protocol
(on SSL). With firewall off i can easy connect via SSL and map network drives via WebDAV protocol on clients machines. Problem occurs when i turn on firewall from BitDefender. Then i can't connect. So i need to create rule that will pass WebDAV traffic. And
here is a problem - BitDefender software can create rules only for specific *.exe file. I talked with BitdDefender staff about this problem for few weeks for now, but they solve (for now, only 1!) doesn't work and they told me that in that AV i can't open
port for non *.exe file... 

So this is my question - which file (specific exe, application) in Windows 8.1 x64 non pro are responsible for webdav communication on SSL, and where i can find it (path)?  I need to add firewall this exe file with 443 port to work ... I will be very
grateful for any answers ... :)

Read other answers

My Computer:

Dell XPS 400 with DataSafe hard drive, which is supposed to be a combination of
Norton Ghost and a hidden second hard drive (RAID 1), but I do not have Norton
Ghost on my PC, by choice
Intel Pentium D 830 (3GHz)
1GB DDR2 SDRAM at 533MHz
256MB ATI Hyper Memory
DataSafe 160GB (Secured Storage and Data Recovery Solution)

Pentium(R) D CPU 3.00Ghz
2.99 GHz, 1.00 GB of RAM

My System:

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3

My Anti-virus: McAfee SecurityCenter

My Anti-spyware: Webroot Spy Sweeper


I do not have Java on my PC because in the past, I caught a very bad virus
or trojan via a fake Java update. Also, I have Adobe Acrobat Reader 6.0,
with JavaScript disabled by choice, because I heard somewhere that that
version is less prone to trojan infection and that turning off JavaScript
in Adobe Acrobat is said to be safer.

For about six months, I've had this thing where my PC freezes for between
3 and 20 seconds while I hear a distant high beady sound, like that of the
PC quickly processing something.

For about a month, I've encountered the situation where I sometimes have
to click on something two (and sometimes three or four times) to get it
go. Also, when I click on a folder icon once, in order to rename it, it
opens the folder instead, which is supposed to only happen if I double-click.
And another odd thing is that highlighting text is often tricky, with the... Read more

Read other answers

although i have scanned like crazy and found nothing, recently my wife's yahoo profile was hacked/changed by someone else. i was concerned for trojan/keylogger (less likely phishing scam as my wife hasn't done anything like that) and have changed all my important pw's on another offsite computer. however, yesterday IE closed and a new browser window made to look like windows security alert for trojans popped up. it did imitate a win defender-like window which was in fact part of the html as well as a popup yellow box in lower left to imitate win msg popup. Suggestions? i have run malwarebytes, norton, adware, spybot. looked at my hijack log(though i am fairly novice to it, but uploaded for analysis).

i am dl;ing combofix. Any suggestions? i am now also concerned... about identity theft?!?>

A:malware responsible for yahoo hack?

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Please post the results of your MBAM scan for review (even if nothing was found).To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version ... Read more

Read other 3 answers

I need help in removing this file. I run Recovey Bin and when I empty my bin, 2 seconds later it returns. I am adding the log file from HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 2:07:13 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Executive Software\Undelete\UdServe.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system... Read more

A:Vundo Virus orutv.ini will not delete after Vundofix

Please do this

Download the Trial version of Superantispyware Pro (SAS):
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight ev... Read more

Read other 1 answers

Im sorry but i really need help well heres my hijackthis scan
These viruses keep coming back no matter what i do i keep deleting them and they keep coming back
i use avg
and trend micro
i also used vundofix to delte the viruses and symtec
Logfile of HijackThis v1.99.1
Scan saved at 8:40:05 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\AOL\1170712203\ee\AOLSoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Gr... Read more

A:Solved: As many times as i delete vundo it wont go away

Read other 13 answers

hi please help meeeeee, i got the trojan horse virus, and my computer is running very slow, and must run in safe mode. once the virus got in, i downloaded avira to help find and delete it. it found it and i pressed delete but it said it was locked or smth, and said that i needed administrator rights. i use winXP and it's my computer, and there's only one user. another time it also said that it would delete once restarted, but that hasnt happened. i would like to post a log from hijackthis so that techsupport can help me out. thank you for your time

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1028, on 23/7/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet... Read more

A:TR/Vundo.Gen can't delete, lost administrative rights

i have followed the five steps, but i was unable to do the panda scan, it said that there was an error in the download. the other steps, i think i did them all

i have attached the hijacklog from the program dss
thanks for the help

Read other 1 answers


I've been trying to figure out for the last two weeks how to completely remove a Vundo infection from my computer. I have no operational problems or windows popping up, etc. It's just that my SuperAntiSpyware (SAS) scan keeps showing the same dll and CLSID registry entries and can't delete them on reboot (I suspect they keep reinstallig themselves). I've tried several times to remove them and the same threats reappear.

Also, my Malwarebytes' Anti-Malware (MBAM) picks up the same CLSID registry entry as

The CLSID doesn't show up in HijackThis logs, however. I did find this CLSID listed as malware at this site: http://www.castlecops.com/tk44303-random_filename.html

The dll is C:\windows\system32\XXYYRHFC.DLL
The CLSID is {C14E6230-757D-4246-81CE-B34E2940C722}

Can someone please help me get rid of it for good so it doesn't keep installing?

BTW, I tried BitTorrent ONCE to download a program that originally came with my Sony Handycam (but I lost the installation CD) to help me download videos from the Handycam. I have since removed BitTorrent. I have no other P2P clients installed, nor will I ever again.

Thanks so much for any help you can offer.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:52 AM, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\Syst... Read more

A:SAS keeps finding Adware.Vundo variant, can't delete

Read other 16 answers

Hello:I am an experienced IT Administrator and am working on one of our top manager's personal PCs, and over the past 10 days or so (off-and-on) have been trying to get rid of the last pieces of the Trojan.Vundo.h files. I've spent several hours so far. This thing is stubborn!! Probably the worst I've dealt with in years. Have used MBAM, VundoFix, KillBox, VirtumundoBeGone, etc. to get rid on the main DLL in the system32 directory, and the 3 reg keys. No go...still there after many attempts after rebooting. I know...you've heard all this before...I've read and re-read a few posts here and other places (yours seem to be the only ones that actually accomplish the removal), and have done prep work (downloaded OTViewIt, ran the Kaspersky online AV scan, downloaded ATF-Cleaner, etc), and am ready to get rid of this thing once-and-for-all!!!So...am ready and willing for some help!!H-E-L-P!!!!******************************************************To get started...here is the log text from the last MBAM scan:Malwarebytes' Anti-Malware 1.41Database version: 3037Windows 5.1.2600 Service Pack 3 (Safe Mode)10/29/2009 2:55:13 AMmbam-log-2009-10-29 (02-55-13).txtScan type: Quick ScanObjects scanned: 3216Time elapsed: 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious ite... Read more

A:Can Not Delete Trojan.Vundo.H remaining entries

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Read other 2 answers

Admin, can you please delete the VMundo post? Thanks.
AVG said it cleaned the infected files, but I still can't install any programs or access the internet. Below are the logs.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Gabriel Ayache at 2008-12-15 14:14:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (26%) free of 31 GB
Total RAM: 1151 MB (59% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D}]
C:\WINDOWS\system32\rsekd83jde.dll - C:\WINDOWS\system32\rsekd83jde.dll [2008-12-15 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f93e3ece-fdfa-45c4-a45f-af58065dfad5}]
C:\WINDOWS\system32\levipona.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-03 158208]
"QuickTime Task"=C:\Program Files\QuickTime\QTT... Read more

A:Vundo Infection

My Firefox browser was hijacked and I couldn't click on any website from a google search (including bitdefender, eset etc.) I was able to run the spybot s&d executable, but no GUI showed up. I was unable to install any virus program (McAfee, Eset) until I tried AVG free in safe mode with a manual update. Upon scanning, it found Vundo.CI, Vundo.CJ, and Vundo.H and supposedly removed the viruses upon restart. When I booted up again, I was still unable to search and the resident executables were still running. I tried to install HJT and MDAM to no avail. In both cases, the install processes showed up in task manager but there was no GUI.

Above is the RSIT logs. Is it necessary to post the the DDS logs as well?

Read other 16 answers

Hello everyone!
i have an infection of a trojan Vundo and i can't delete it just like that...
i've read others post about how to get ride of it but i'm not 100% sure of what to do!
Please help!!!

A:Vundo Infection

Hi Welcome to the forum. Please tell us if this is a a Vista,XP etc... PC.First you will need to follow the instructions in our TutorialHow To Remove Vundo/Winfixer Infection

Read other 1 answers

My laptop (runs on XP Pro) seems to be infected with vundo. I started getting pop-ups a few days back and performance degraded significantly. I downloaded malwarebytes and the quick scan showed several vundo items. I let malwarebytes remove them and on reboot I ran a quick scan again. It still shows several vundo files that malwarebytes is not able to remove. I downloaded vundofix and ran a scan, but it showed 0 infected files. Only malwarebytes scan is showing the infected files, but it is not able to remove them. I am still getting lots of popups and performance has really gone down.

Since I didn't want to try combofix without supervision, I wanted to come ask in this forum first.

A:Vundo Infection

Hello and welcome psypher, We need to see the logs so we can figure the next move.Rerun MBAMOpen MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser ... Read more

Read other 12 answers

hi,can u please help me to rid my computer of vundo.dll,ive tried everything i could think of and its still here,any help would be greatly appreciated.here is my hijackthis log.....Logfile of HijackThis v1.99.1Scan saved at 4:32:17 PM, on 6/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exec:... Read more

A:Vundo.dll Infection

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.Thanks,Charles

Read other 8 answers

Hi guys,A few days ago I logged into my computer and noticed that the screen was blue and said that I was infected with spyware. Like an idiot, I thought it was a windows alert from my computer and clicked the link to get rid of the spyware. My computer now runs super slow and Norton's claims that I have trojan.vundo and the alert will not go away. I have run all of the programs suggested and still nothing. Please help!My HijackThis log is below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:51:54 PM, on 3/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\... Read more

A:Possible Vundo Infection

Hello smt211,We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. You need to disable your Norton Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running. To disable Norton Antivirus: Please navigate to the system tray on the bottom right hand corner and look for a sign.right-click it -> chose "Disable Auto-Protect."select a duration of 5 hours (this assures no interference with the cleanup of your pc)click "Ok."a popup will warn that protection will now be disabled and the sign will now look like this: You succesfully disabled the Norton Antivirus Guard.Please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix To work properly, you must install ComboFix on the Desktop. Do not run ComboFix more than once. Be sure to install... Read more

Read other 2 answers

I'm so glad I finally found a site that can help! I noticed suspicious activity on my computer a few months back when my banking site asked me for a lot of personal info (mother's maiden name, social security #, etc.). I called my bank and they changed my account info. My virus software never caught any virus so I downloaded Norton which did catch both Vundo and BHO and said that they were removed. I've still had come problems with my computer so I just downloaded Malwarebytes Anti-Virus and ran a scan which found BHO and Deepdive and removed them (Norton did not detect these). I'm concerned that not all the virus info has been removed from my computer and there are some lingering malicious files/programs. I would greatly appreciate if someone could take a look at my logs and see if there is anything to be concerned about.Thank you! DDS (Ver_10-03-17.01) - FAT32x86 Run by Lori at 14:20:06.56 on Mon 07/05/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1475 [GMT -5:00]AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.... Read more

A:Infection Vundo and BHO

So today Malwares ran a scan and found 5 infections. Norton is running real time protection and didn't catch any of them. Now that the infections have been removed, I'm not able to access the internet at all. Firefox says that the proxy server is refusing connections. Here's a summary of what Malwares found. I can't paste the log as I'm typing on my cell phone.Memory processes infected: 1- trojan.downloaderRegistry keys infected: 4- trojan.fraudpack; rogue.antivirussuiteRegistry values infected; 2- trojan.downloaderFiles infected; 2- trojan.downloaderHelp please!

Read other 14 answers