\??\C:\WINDOWS\system32\winlogon.exe
this exe also happens to be the same one I can't shut down in order to
delete a certain dill
I picked up some spyware today (serves me right)
heeelp
\??\C:\WINDOWS\system32\winlogon.exe
this exe also happens to be the same one I can't shut down in order to
delete a certain dill
I picked up some spyware today (serves me right)
heeelp
From: "look at us we're beautiful" <brryprrsh@yahoo.com>
| \??\C:\WINDOWS\system32\winlogon.exe
|
| this exe also happens to be the same one I can't shut down in order to
| delete a certain dill
|
| I picked up some spyware today (serves me right)
|
| heeelp
What "spyware" ?
What DLL ?
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
On May 17, 9:41 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "look at us we're beautiful" <brrypr...@yahoo.com>
>
> | \??\C:\WINDOWS\system32\winlogon.exe
> |
> | this exe also happens to be the same one I can't shut down in order to
> | delete a certain dill
> |
> | I picked up some spyware today (serves me right)
> |
> | heeelp
>
> What "spyware" ?
> What DLL ?
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm
ok, Ill pass on the spyware, but this is the "new" dll I think should
be mutilated
wvuuutu.dll
earlier, while using Sec.TaskManager, I saw, "GT.exe", it's
description said, "icancu" -
after I saw THAT, lol, I installed sunbelt...
since sunbelt has been installed.. the annoying popups have stopped
haha!!! sunbelt just blocked 5 more intrusions, like I named in the OP
same message from sunbelt.
I am thinking that wvuuutu.dll while not the source.. is one step
closer to the mother mal.exe
Thanks David
I have no fear of deleting wvuuutu.dll
it's one that you can't move or rename while in use
I realize most files can be moved or renamed (for future del on next
cycle) but not this one
On May 17, 9:41 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> What "spyware" ?
> What DLL ?
I should mention there are no other files I suspect of being bad...
possibly one more beyond the wvuuutu.dll, but maybe not
I did get rid of about 5, that SEC.TaskManager showed me.
aaaand yet another intrusion blocked by sunbelt!
this blocking seems to be keeping the popups at bay
sunbelt works off of some self serving loopback, all things done must
pass through this loop... far as I can tell...
I believe I have deleted the *.exe that created wvuuutu.dll
From: "look at us we're beautiful" <brryprrsh@yahoo.com>
|
| I should mention there are no other files I suspect of being bad...
|
| possibly one more beyond the wvuuutu.dll, but maybe not
|
| I did get rid of about 5, that SEC.TaskManager showed me.
|
| aaaand yet another intrusion blocked by sunbelt!
| this blocking seems to be keeping the popups at bay
|
| sunbelt works off of some self serving loopback, all things done must
| pass through this loop... far as I can tell...
|
| I believe I have deleted the *.exe that created wvuuutu.dll
It is either a Vundo Trojan or a Conhook/Klone Trojan.
By it name, I'll take a guess that it is a Vundo Trojan.
If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.
It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 1 (jre 6u1)
Simple check, look under...
C:\Program Files\Java
The only folder under that folder should be the latest version.
Such as...
C:\Program Files\Java\jre1.6.0_01
http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp
FYI:
http://sunsolve.sun.com/search/docum...=1-26-102557-1
http://sunsolve.sun.com/search/docum...=1-26-102622-1
http://sunsolve.sun.com/search/docum...=1-26-102648-1
http://sunsolve.sun.com/search/docum...=1-26-102729-1
http://sunsolve.sun.com/search/docum...=1-26-102732-1
http://sunsolve.sun.com/search/docum...=1-26-102760-1
Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4
Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
On May 17, 10:02 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> * * * Please report back your results * * *
>
> --
>
aight then, be back in a few
On May 17, 10:02 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
it's still scanning, so far it's found two, one is dll, the other is
ini
cool deal.. so this might get rid of what I stepped in eh...
I hope so
my java happened to be the latest greatest, thanks for the sun links,
and the others.
i've got alot installed, I guess I should go make something to eat,
and let this thing scan.
On May 17, 10:02 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
FIX.EXEhttp://www.atribune.org/ccount/click.php?id=4
>
> Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
ok all done, vunofix just rebooted, im back..
it found about 6 others, Im still getting the sunbelt intrusion
message...
I see wvuuutu.dll is still running
I am getting various intrusion alerts from sunbelt firewall
I smell more spy stuff for sure. I've used this firewall before...
these are not normal messages.
now windows says.. "can't find the specified path" no matter what I
try to run...
interesting...
lemme post this incase things get worse...
On May 17, 10:02 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "look at us we're beautiful" <brrypr...@yahoo.com>
>
> |
> | I should mention there are no other files I suspect of being bad...
> |
> | possibly one more beyond the wvuuutu.dll, but maybe not
> |
> | I did get rid of about 5, that SEC.TaskManager showed me.
> |
> | aaaand yet another intrusion blocked by sunbelt!
> | this blocking seems to be keeping the popups at bay
> |
> | sunbelt works off of some self serving loopback, all things done must
> | pass through this loop... far as I can tell...
> |
> | I believe I have deleted the *.exe that created wvuuutu.dll
>
> It is either a Vundo Trojan or a Conhook/Klone Trojan.
> By it name, I'll take a guess that it is a Vundo Trojan.
ok, never mind, I had my firewall too tight.
i killed the firewall, then could run other exes...
BUT!!!! without warning, my taskbar went away..
well.. Im going to tinker with it...
lol, this is first period of problems since this install
when it rains it pours
On May 17, 10:02 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "look at us we're beautiful" <brrypr...@yahoo.com>
>
> |
> | I should mention there are no other files I suspect of being bad...
> |
> | possibly one more beyond the wvuuutu.dll, but maybe not
> |
> | I did get rid of about 5, that SEC.TaskManager showed me.
> |
> | aaaand yet another intrusion blocked by sunbelt!
> | this blocking seems to be keeping the popups at bay
> |
> | sunbelt works off of some self serving loopback, all things done must
> | pass through this loop... far as I can tell...
> |
> | I believe I have deleted the *.exe that created wvuuutu.dll
>
> It is either a Vundo Trojan or a Conhook/Klone Trojan.
> By it name, I'll take a guess that it is a Vundo Trojan.
>
> If you are using any version of Sun Java that is prior to JRE Version 6.0,
> then you are strongly urged to remove any/all versions.
> There are numerous vulnerabilities in them and they are actively being exploited.
>
> It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
> Version 6.0 update 1 (jre 6u1)
>
> Simple check, look under...
> C:\Program Files\Java
>
> The only folder under that folder should be the latest version.
>
> Such as...
> C:\Program Files\Java\jre1.6.0_01
>
> http://java.sun.com/javase/downloads...oad/manual.jsp
>
> FYI:http://sunsolve.sun.com/search/docum...=1-26-102760-1
>
> Download Atribune's VUNDOFIX.EXEhttp://www.atribune.org/ccount/click.php?id=4
>
> Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
>
> * * * Please report back your results * * *
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm
wvuuutu.dll
it got rid of everything but that, vundo thingy did good job, I ran it
twice it found different set each time, but led to believe it did not
know which was host file
only site on the web that lists wvuuutu.dll is for product called
Prevx1
installing it now... we'll see
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote