High Risk Virus Alert With Trojan.Vundo
Oct 9, 2005
I'm running into a High Risk virus alert with Trojan.Vundo The object name is C:WINDOWSsystem32mljgd.dll --i've tried deleting it in safe mode through regedit but it always comes back up after i refresh.
View 3 Replies
ADVERTISEMENT
Jul 30, 2007
having problem with win virus.I have windows xp and the specialist installed CA security for my anti-virus,anti-spam.
View 11 Replies
View Related
Apr 15, 2007
I had this Trojan vundo virus about a month ago and you helped me remove it. My computer was running fine until all of the same things started happening again. Im pretty sure i still have the virus b/c my computer is running very slow and just plain bad. I ran VundoFix.exe (it found like 10 things), clicked remove vundo, and rebooted. I ran HijackThis and here is this log file.what i need to delete? ....
View 14 Replies
View Related
Oct 19, 2007
I suspect that my PC is infected with Vundo. Ran FixVundo (Symantec Trojan.Vundo Removal Tool 1.5.0)in safemode but was not detected.
Seeing gebyy.dll and pmnnnkk.dll in Hijackthis! but unable to fix (log attached).
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:54:54 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:WINDOWSsystem32ctfmon.exe
D:WINDOWSSystem32svchost.exe
D:PROGRAM FILESPROCESS EXPLORERPROCEXP.EXE
D:WINDOWSSystem32svchost.exe
D:Program FilesInternet Exploreriexplore.exe
D:Documents and SettingsBuzzDesktopHiJackThis_v2.exe
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - D:WINDOWSsystem32pmnnnkk.dll
O2 - BHO: (no name) - {CF3941B9-5A9D-4657-8E2F-D40E79C4AEDA} - D:WINDOWSsystem32gebyy.dll
O4 - HKLM..Run: [PinnacleDriverCheck] D:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 - HKCU..Run: [ctfmon.exe] D:WINDOWSsystem32ctfmon.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: pmnnnkk - D:WINDOWSSYSTEM32pmnnnkk.dll
--
End of file - 1244 bytes
View 1 Replies
View Related
Jan 22, 2006
I've got the trojan.vundo virus. I have installed and run the vundo removal tool, and it shows me that it is gone-but when I restart my computer, Norton anti-virus finds it again (and again...and again).
View 14 Replies
View Related
Nov 2, 2007
I get this trojan today and i never get viruses usually but this one reaqlly is annoying!
Ive looked at all the other posts and ive tried using the vundo fix tool etc but it does not pick it up at all. Ive tried doing it in safe mode and ive tried unistalling java to see if it was involved with that but nothing has worked so far.
I have located the file in my system32 folder and its named xxyywtq.dll but theres no way it will let me delete it as it says it is being used by another program or person.
View 1 Replies
View Related
Oct 17, 2005
I've been getting this winfixer 2005 pop up window everytime i open my pc. what i normally do is just close it. i've learned that it's something to do with the trojan.vundo.b virus. i searched the net for removal tools and downloaded one from norton but it didnt help.Now, i've been receiving virus alerts from norton.
View 14 Replies
View Related
Dec 10, 2005
We network our computers and I had alot of adware and a trojan virus on mine so I do believe she has the same. I ran a NIS scan and found a vundo trojan on this computer (hers). Had to download the tool to remove it and it appears it was successful. But the computer is still so slow and having some internet explorer errors.
View 14 Replies
View Related
Jan 18, 2005
I've been having trouble with popups recently and can't seem to clear them. I updated both Spy Bot S&D and Ad-Aware, and ran some scans in safe-mode and a normal boot. I've also ran scans with Anti Virus which detected a couple of trojans.One of the main problems is a balloon popping up in the system tray (like in XP, although I'm using 2k Pro) telling me "Your computer might be at risk. Your virus protection status is bad. Spyware Activity Detected. Click this balloon to fix this problem". I'm fairly certain this is in fact some sort of spyware itself, and not a function of windows.Anyway, after running all of those scans I'm still having problems,
View 5 Replies
View Related
Apr 2, 2006
when i am browsing i got download.trojan alert and afterwards it rebooted automatically. then i download trojan remover 6.4.8 and spybot and it removed some. but again the problem is not solved. when i run check with spysweeper it gave lot of threats. as a trial version only we can scan not remove. so plz help me these sloving problems.and i get this windows security center alert always.
View 9 Replies
View Related
Feb 11, 2005
I have of lot of trojans and can't seem to get rid of them I have ran Spy Bot,Avast,Ad-Aware,Stop Sign and found a 1 Trojan in reg32.exe =trojan.low zones
2 downloaded program files says: Trojan.downloader1097 3 System 32 sygate = Win32.HLLW.MyBot.based 4 Avenue Media Internet Optimizer Software Package = Possible spyware Application 5 Appropos Media People On Page Application = Possible Spyware
View 1 Replies
View Related
Aug 14, 2007
i used a vundo fix and got rid of all of the vundo viruses but two would not go away.
i got error message : Error: 75. Path/File access error
The two files were :
c:WINDOWSsystem32jkkjk.dll
c:WINDOWSsystem32\kjkkj.ini
why these two vundos won't go away? They won't clean from my antivirus or quarantine either.They keep popping up in my system notifying me that they are there.
View 10 Replies
View Related
Feb 27, 2007
My startup time has increased by at least 8 mins
my HJT log is:
Logfile of HijackThis v1.99.1
Scan saved at 11:33:54 PM, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesNorton SystemWorksNorton GoBackGBPoll.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:Program FilesSpyware Doctorsdhelp.exe
C:WINDOWSsystem32 cpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesJavajre1.5.0_11�injusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:PROGRA~1TASKBA~1TaskBar.exe
C:Program FilesuTorrentutorrent.exe
C:Program FilesNorton SystemWorksNorton GoBackGBTray.exe
C:WINDOWSsystem32 askmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMSN Messengerusnsvc.exe
C:Documents and Settings
.chanDesktopVundo Remove ToolshijackthisTJH.exe.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0AcrobatActiveXAcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1 oolsiesdsg.dll
O2 - BHO: (no name) - {61ACC408-B733-482E-BDF1-C020F10014FE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11�inssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)
O2 - BHO: (no name) - {CF293022-3C24-4843-B47F-4F38D7334F4D} - (no file)
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [osCheck] "C:Program FilesNorton AntiVirusosCheck.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_11�injusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Taskbar Hide] "C:PROGRA~1TASKBA~1TaskBar.exe" -Start
O4 - HKCU..Run: [�Torrent] "C:Program FilesuTorrentutorrent.exe"
O4 - HKCU..Run: [Spyware Doctor] "C:Program FilesSpyware Doctorswdoctor.exe" /Q
O4 - Global Startup: Norton GoBack.lnk = C:Program FilesNorton SystemWorksNorton GoBackGBTray.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11�inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11�inssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:Program FilesPartyPokerRunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:Program FilesPartyPokerRunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160655278677
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: mljjgda - mljjgda.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton GoBackGBPoll.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:Program FilesNorton AntiVirusisPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:Program FilesSpyware Doctorsdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
View 14 Replies
View Related
Jul 20, 2005
I have the trojan horse virus. I'm running AVG Anti-Virus.
View 1 Replies
View Related
Jul 31, 2010
Does any computer wiz out there know of an anti-virus site that will remove the rojan horse virus free? I know that all downloads are free,but once they find all the infected files,they won't remove them with out u paying for them
View 9 Replies
View Related
Aug 14, 2008
I had a trojan Virus in the computer. I think that I got rid of it, but I am not sure could anyone that can read a log please tell me if there is anything else left in the computer. The computer now doesn't stay on-line it disconnects itself. I called the company that provides me with my internet service, and they said that I need a filter for the phone line. The person told me that, that will take care of the problem of the internet disconnecting. I think that it could be the virus I had in the computer. I wasn't able to get on-line for at least a week, I had gone and checked the disk for errors and finally the anti-virus program was able to find the virus's.
View 1 Replies
View Related
Jan 2, 2010
For some unknow reason the clock time display in the lower right hand corner of the screen has 'VIRUS ALERT!' connected to the time. How do I get rid of it. I have run several different virus screening programs (Bit Defender, Norton System Works) and all say that I have no viruses contaminating my computer?
View 5 Replies
View Related
Jan 11, 2005
infected with trojan virus. What do I do?
View 10 Replies
View Related
May 23, 2006
i got a trojen virus on my computer just resently i have norton and avg but i would like to now what programs are good to have to to keep things safe.
View 2 Replies
View Related
May 11, 2007
Norton has scaned the virus named 'Trojan.PSW.WorldOnline' but it can't be deleted.
View 3 Replies
View Related
Jan 8, 2007
Following my post saying i cannot change my wallpaper i have founr out that i have "Trojan-Downloader.Win32.Agent.uj" in stalled on my PC. I am unsure how to remove this. All i know is that it collects my personal data. Can someone please let me know how to remove this from my computer Below if my HJT log
View 3 Replies
View Related
Apr 21, 2010
Recently had a window pop up that said SECURITY TOOL do you want to scan your computer blah blah blah. He clicked no and the program installed anyway. Now any time you try to open a program, the security tool pops up saying the file is infected etc. I can't even run hijack this. Here are the computer specs: Need help ASAP
View 6 Replies
View Related
Jul 18, 2005
I had a warning that C:Program FilesDirect Objectddscr.exe was a trojan virus from my Symantic AntiVirus, so i had HJT delete it. This is the log afterwards. I have Symantec AntiVirus edition 8.1.0.825 running on a Win2k with SP4 according to this log. Thanks in advance.
View 2 Replies
View Related
Sep 11, 2005
i have a XP laptop and got infected with RDRIV.SYS or the Trojan.cachecachekit virus...my Norton security keeps popping up saying it has either quranteened the virus or deleted it...but it keeps poppin up...i have deleted the file in safe mode...but it regenerated or something once i start up in normal mode.
View 14 Replies
View Related
Dec 16, 2005
My computer seems to have gotten a virus called Trojan.Vundo.B located in C:WINDOWSsystem32vtutt.dll. My anti-virus spyware detected the problem but was unable to fix the problem.
View 9 Replies
View Related
Sep 16, 2005
a few weeks ago my computer was infected with trojan.cachecachekit virus, which was associated wit the file rdriv.sys...and people have kindly lend a hand to help out. now we're back again, just now, Norton Client Security has found that this virus is in the C:System Volume Information\_restore{A0E6BDC3-F1EA-4DCD-AE99-B4951F851FC7}RP2A0000081.sys
View 4 Replies
View Related
Jan 23, 2007
I ran a scan on my PC using TREND MICRO housecall 6.5 and it found a virus that it can't delete. Here's what it found: TROJ_BRDUPDATE.D E6F1873B.DLL found in C:windowssystem32e6f1873B.dll How do i remove this from my PC?
View 9 Replies
View Related
May 10, 2009
I've seen a bunch of threads where people say they login to the computer and it won't let them open their user settings, or it does but their desktop items are gone. Long story short, everyone was told to create a new User and copy the setting over from the c:documents and settings. What happens if the files aren't there? I have rolled my mouse over the c: drive and it shows that my file size is still the same and that my files should be there. But when I do a search for them or try and find the files, they aren't there?
All of the items from my desktop, start menu (including system restore) are gone. If I search for system restore in the help settings I can run it.. But running it back further than I was having the issue still doesn't fix it?
View 7 Replies
View Related
Jul 21, 2006
Can a Virus or Trojan prevent a PC from using the Internet? If so, what type?
View 7 Replies
View Related
Sep 17, 2005
Norton AV reports Backdoor.Graybird has been discovered on computer; is not able to get rid of it.I've spent hours downloading various AV programs with no success.
View 10 Replies
View Related
Jan 25, 2009
my friends computer has a virus (note: its true its not mine). Specifically a trojanhorse, ive run avg cleaned out a heap of viruses and i keep getting popups from avg telling me ive got trojan horses and whatnot, bu i got rid of them how are they coming back?
View 2 Replies
View Related
