spyware help please.

**ironmaiden5536** · 05-06-2007, 12:20 AM

Lately I've been getting random pop ups in ie and a rundll error at startup that says: Error loading C:\WINDOWS\system32\mjthfllq.dll. Along with the rundll error i get a virus message from Norton AV that i cant get to go away that says:
Object Name C:\WINDOWS\system32\pmkjh.dll
Virus Name Trojan.Vundo
Action Taken Access to the file was denied.
I hit OK on the Virus Alert but it just comes back and never stops.

My computer has also been running slowly. Attached is the HijackThis log, AVG Antispyware log, and a Panda Online Virus Scan log.

**jholland1964** · 05-06-2007, 11:31 AM

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

**ironmaiden5536** · 05-06-2007, 05:05 PM

i ran the VundoFix.exe and it found stuff and deleted it and seems to have gotten rid of the virus alert I have been getting (fingers crossed). But i am still getting the rundll error at startup. Attached is the HJT log, the vundofix log, and a picture of the rundll error message so you can see exactly what it is.

**jholland1964** · 05-06-2007, 05:19 PM

Run HiJackThis again.
Place checkmarks next to the following entries if they still exist.

O2 - BHO: (no name) - {650A4931-6F2B-4A0D-BAAF-230DA16468D9} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINDOWS\system32\hggdcyv.dll (file missing)

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\mjthfllq.dll",realset

O20 - Winlogon Notify: hggdcyv - hggdcyv.dll (file missing)

Once you have placed the checkmarks then click the FIX button.
Exit HJT.
Reboot.
See if you get the error again.
Run a new HJT scan and post the log.
Judy

**ironmaiden5536** · 05-06-2007, 05:19 PM

literally about 1 minute after i posted the prior post, a new Trojan.Vundo alert came up so i ran the VundoFix.exe again but it didnt find anything. When i hit OK on the Virus Alert it just comes back. Attached is a picture of it.

**jholland1964** · 05-06-2007, 05:21 PM

THis is the deleted vundo file I believe.
open windows exporer, go to tools, folder options,view, remove the check from "hide protected operating system files" you can then view the c:\recycler folder, right click on it and left click on empty.
It may be you will have to empty this in safe mode.

**ironmaiden5536** · 05-06-2007, 05:32 PM

Well i emptied the bins in c:\recycler and did the fixes on the HJT log. Both the rundll error and the Virus Alert did not come up upon restart so it seems like everything worked. Thanks for the help. Here is a new HJT log just to make sure everything is clean.
One more thing, can i delete the backups folder created by HijackThis in the folder after i did the cleaning?

Thread: spyware help please.

Thread Tools

Display

Hybrid View

spyware help please.

Thread Information

Users Browsing this Thread

Posting Permissions