Having Problems Again!!!

**Pumpa** · 11-15-2007, 04:54 PM

Hello Judy,
I'm having problems with a pop-up or an add-on that keeps telling me that I need to update my security suite and to protect myself against spyware..
I have aleardy done the cleanup stages and have followed the Symantec procedure for removal. I could not see the registry entries to delete them and have used the Unhook ini cab file to no avail. I have delete suspect folders in my hard drive and it seems to have reduced the incidents of them popping up but not all. Internet Explorer seems to run slow and freeze.

I did get this message when booting into safe mode LoadLibrary("H:\Documents and settings\all users\application data\jmfkrkpu.dll")failed. The specific module could not be found.

Spybot search and destroy has deleted that file which is in recovery in the Zloc.uc section or folder.

Attached is my Log file.
Regards
Damian

**jholland1964** · 11-16-2007, 01:36 AM

Please print these instructions as they will be needed later when internet access is not available.
Save these instructions in word or notepad to the desktop where they can be easily found.
Download VundoFix and save it to your desktop.
When it has completed downloading, double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click the OK button.
When the computer has shutdown, turn your computer back on.

Run a new HJT scan and post that log and the VundoFix log here.
There are more than vundo showing on the computer so there are going to be more steps to take.

**Pumpa** · 11-16-2007, 03:33 PM

Hi again,
Downloaded and ran Vundo but did not detect infected files. I ran it several times but to no avail. Have attached HJT Log.
I Failed to mention that Spybot search and destroy has Virtumonde that Vundo was trying to find in recovery. Should I delete the files immediately?

Regards
Damian

**Pumpa** · 11-16-2007, 03:42 PM

OOPS forgot to add file.

**jholland1964** · 11-16-2007, 10:05 PM

Ok, well your latest log shows a Trojan that the first one didn't show...and still is showing what looked like Vundo...
Do this please;

Download this file - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Attach this log in the next post.

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

**Pumpa** · 11-18-2007, 12:22 AM

Hello,

Ok I downloaded combofix.exe and ran the program. A small window opened and displayed Abort.-07-11-08.1
Current date 2007-11-18. This copy of combofix has expired. please dowload an updated copy. When i closed the window the program seemed to run a little more then another window opened and said that it had unistalled the program. When Internet explorer had closed it had left an IE shortcut on the desktop and then followed by an IE error message that it needed to be shut down.
Wasnt sure whether to post another HJT Log but have done so.

Regards

**jholland1964** · 11-18-2007, 12:31 AM

Try this one combofix

**Pumpa** · 11-18-2007, 06:48 AM

Hi There,
Sorry but that did the same as the last one.

Cheers

**jholland1964** · 11-18-2007, 09:13 AM

Let me do some checking.

**minou30** · 11-19-2007, 12:16 AM

I am having the exact same problem with ComboFix. Getting expired message and having the application delete itself.

Thanks for letting us know what to do to get ComboFix working.

Thread: Having Problems Again!!!

Thread Tools

Display

Having Problems Again!!!

Vundo did not detect files.

HJT Log

ComboFix.exe

Combofix

Thread Information

Users Browsing this Thread

Posting Permissions