Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: sunbelt, block -> type code injection

  1. 05-18-2007, 05:54 AM #11
    David H. Lipman Guest

    Re: sunbelt, block -> type code injection

    From: "look at us we're beautiful" <brryprrsh@yahoo.com>


    | wvuuutu.dll
    | it got rid of everything but that, vundo thingy did good job, I ran it
    | twice it found different set each time, but led to believe it did not
    | know which was host file

    | only site on the web that lists wvuuutu.dll is for product called
    | Prevx1

    | installing it now... we'll see




    Download and execute HiJack This! (HJT)
    http://www.spywareinfo.com/~merijn/files/HijackThis.exe

    Create a HJT log file and post it in one of the below locations...

    { Please - Do NOT post the HJT Log here ! }

    Forums where you can get expert advice for HiJack This! (HJT) logs.

    NOTE: Registration is REQUIRED in any of the below before posting a log

    Suggested primary:
    http://www.thespykiller.co.uk/index.php?board=3.0

    Suggested secondary:
    http://www.bleepingcomputer.com/forums/forum22.html
    http://castlecops.com/forum67.html

    Suggested tertiary:
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/...splay.php?f=25
    http://www.atribune.org/forums/index.php?showforum=9
    http://www.geekstogo.com/forum/Malwa..._Here-f37.html
    http://gladiator-antivirus.com/forum...?showforum=170
    http://forum.networktechs.com/forumdisplay.php?f=130
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://www.5starsupport.com/ipboard/...p?showforum=18
    http://www.malwarebytes.org/forums/i...hp?showforum=7
    http://makephpbb.com/phpbb/viewforum.php?f=2
    http://forums.techguy.org/54-security/
    http://forums.security-central.us/forumdisplay.php?f=13



    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm


    Reply With Quote Reply With Quote
  2. 05-18-2007, 06:12 AM #12
    look at us we're beautiful Guest

    Re: sunbelt, block -> type code injection

    On May 18, 6:54 am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
    wrote:
    > From: "look at us we're beautiful" <brrypr...@yahoo.com>
    >
    > | wvuuutu.dll
    > | it got rid of everything but that, vundo thingy did good job, I ran it
    > | twice it found different set each time, but led to believe it did not
    > | know which was host file
    >
    > | only site on the web that lists wvuuutu.dll is for product called
    > | Prevx1
    >
    > | installing it now... we'll see
    >
    > Download and execute HiJack This! (HJT)http://www.spywareinfo.com/~merijn/files/HijackThis.exe

    yeah, I see what you mean about posting log at other site

    thing is, I feel I know the problem

    it's wvuuutu.dll

    granted, that file may not be the initiating problem.
    that file has a description of "monitors when programs startup"

    I also get, "taskman" or "defgrag" is trying to connect to internet...

    I know how to get rid of wvuuutu.dll, I could boot in dos I guess...
    only thing, this machine doesn't have a 3.5 floppy, I could doctor up
    a CD to boot me to dos, but I broke my burner.

    You didn't need to hear all that.

    at this point, Im looking for a way to del that file, I feel it is my
    problem.

    the program you told me to run form the c:\ did good. it found about
    12-14 files and zapped them, althought I suspect the ones it did find
    were just remnants and would have simply sat there with no
    coordinator, nothing to instruct them

    I appreciate your help.

    know any way to delete a file while windows is using it?
    I already know I can't move or rename this file.

    AND it is ONLY attatched to winlogin.exe


    Reply With Quote Reply With Quote
  3. 05-18-2007, 06:59 AM #13
    look at us we're beautiful Guest

    Re: sunbelt, block -> type code injection

    On May 18, 6:54 am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
    wrote:

    \---Quarantine
    +---C
    | +---Program Files
    | | \---Common Files
    | | Yazzle1162OinAdmin.exe.vir
    | | Yazzle1162OinUninstaller.exe.vir
    | |
    | \---WINDOWS
    | | svchost.exe.vir
    | |
    | \---system32
    | qcvctcct.dll.vir
    | sstts.dll.vir
    | sttss.bak1.vir
    | sttss.ini.vir
    | twmemhkx.ini.vir
    | wvuuutu.dll.vir
    | xkhmemwt.dll.vir

    check it out, I think your combofix got it
    I see wvuuutu in the quarantine list

    (not to mention all the others)

    Thanks again David

    This particular installation of XP was pretty substantial, I mean, I
    have vested a lot of work into it, and you have saved me many hours.

    Barry

    ps, I do see a donation button the one tool thingy



    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules