Does anybody know anything about the dll awvwx.dll . Its associated
with some spyware but Google doesn't seem to have anything about what
it does or how to get rid of it.
Does anybody know anything about the dll awvwx.dll . Its associated
with some spyware but Google doesn't seem to have anything about what
it does or how to get rid of it.
From: "Victor Laszlo" <vlaszlo@worldnet.att.net>
| Does anybody know anything about the dll awvwx.dll . Its associated
| with some spyware but Google doesn't seem to have anything about what
| it does or how to get rid of it.
Most likely a Vundo Trojan.
Two phase answer...
Perform Part 1 then perform Part 2
It is suggested that you execute each tool in Normal Mode then in Safe Mode.
If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.
It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 4 (jre 6u4)
Simple check, look under...
C:\Program Files\Java
The only folder under that folder should be the latest version.
Such as...
C:\Program Files\Java\jre1.6.0_04
http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp
FYI:
http://sunsolve.sun.com/search/docum...=1-26-102557-1
http://sunsolve.sun.com/search/docum...=1-26-102622-1
http://sunsolve.sun.com/search/docum...=1-26-102648-1
http://sunsolve.sun.com/search/docum...=1-26-102729-1
http://sunsolve.sun.com/search/docum...=1-26-102732-1
http://sunsolve.sun.com/search/docum...=1-26-102760-1
Part 1
------------
Download Adware-Virtumundo Removal Tool --
http://secured2k.home.comcast.net/to...undoBeGone.exe
Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049
Part 2
------------
Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4
Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Hi David,
Actually I went ahead and removed both Java and Netscape, which
HighjackThis indicated was installing these files through Netscape.
Now that I have removed Java and Netscape 7.1 the files are coming in
through IE's Browser Helper Object facility. I have located place in
the Registry where all BHO's are loacate and deleted all of the keys
refering to anything that is NOT Spybot. But, the BHO's continue to be
reinstalled on each boot of the operating system. Any ideas how I can
put a stop to this? I don't think this is as simple as removing past
spyware. This is a new one. So new that I can't even find a name to it
yet, although it started when I tried to remove cmdServices.
On Thu, 14 Feb 2008 04:00:10 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:
>From: "Victor Laszlo" <vlaszlo@worldnet.att.net>
>
>| Does anybody know anything about the dll awvwx.dll . Its associated
>| with some spyware but Google doesn't seem to have anything about what
>| it does or how to get rid of it.
>
>Most likely a Vundo Trojan.
>
>
>Two phase answer...
>
>Perform Part 1 then perform Part 2
>
>It is suggested that you execute each tool in Normal Mode then in Safe Mode.
>
>
>If you are using any version of Sun Java that is prior to JRE Version 6.0,
>then you are strongly urged to remove any/all versions.
>There are numerous vulnerabilities in them and they are actively being exploited.
>
>It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
>Version 6.0 update 4 (jre 6u4)
>
>Simple check, look under...
>C:\Program Files\Java
>
>The only folder under that folder should be the latest version.
>
>Such as...
>C:\Program Files\Java\jre1.6.0_04
>
>http://java.sun.com/javase/downloads/index.jsp
>http://www.java.com/en/download/manual.jsp
>
>FYI:
>http://sunsolve.sun.com/search/docum...=1-26-102557-1
>http://sunsolve.sun.com/search/docum...=1-26-102622-1
>http://sunsolve.sun.com/search/docum...=1-26-102648-1
>http://sunsolve.sun.com/search/docum...=1-26-102729-1
>http://sunsolve.sun.com/search/docum...=1-26-102732-1
>http://sunsolve.sun.com/search/docum...=1-26-102760-1
>
>
>
>
>Part 1
>------------
>Download Adware-Virtumundo Removal Tool --
>http://secured2k.home.comcast.net/to...undoBeGone.exe
>
>Information on the Adware-Virtumundo Removal Tool:
>http://forums.mcafeehelp.com/viewtopic.php?t=57049
>
>Part 2
>------------
>Download Atribune's VUNDOFIX.EXE
>http://www.atribune.org/ccount/click.php?id=4
>
>Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
>
>
>* * * Please report back your results * * *
From: "Victor Laszlo" <vlaszlo@worldnet.att.net>
| Hi David,
|
| Actually I went ahead and removed both Java and Netscape, which
| HighjackThis indicated was installing these files through Netscape.
| Now that I have removed Java and Netscape 7.1 the files are coming in
| through IE's Browser Helper Object facility. I have located place in
| the Registry where all BHO's are loacate and deleted all of the keys
| refering to anything that is NOT Spybot. But, the BHO's continue to be
| reinstalled on each boot of the operating system. Any ideas how I can
| put a stop to this? I don't think this is as simple as removing past
| spyware. This is a new one. So new that I can't even find a name to it
| yet, although it started when I tried to remove cmdServices.
|
It has been a while since I replied.
Netscape was NEVER your problem. Sun Java may be realted IFF it is a vulnerable version but
upgrading to a new version and removing the vulnerable version will keep Java Applet
capabilities (if desired).
If you have a Vundo it is difficult to remove but not impossible. It may use a BHO as well
as a the Winlogon/Notify function. It also has a soem decent self preservation teqniques.
Did you actually run Atribune's VUNDOFIX.EXE as requested ?
I am willing to assist you but not if you don't reply again for almost two weeks.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Just a question from a layman..........if you get something like what's
being discussed, or any other hard to get rid of virus or Trojan, would it
be more easy to just reformat, or does that not solve the problem?
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:8Howj.33285$T8.24692@trnddc03...
> From: "Victor Laszlo" <vlaszlo@worldnet.att.net>
>
> | Hi David,
> |
> | Actually I went ahead and removed both Java and Netscape, which
> | HighjackThis indicated was installing these files through Netscape.
> | Now that I have removed Java and Netscape 7.1 the files are coming in
> | through IE's Browser Helper Object facility. I have located place in
> | the Registry where all BHO's are loacate and deleted all of the keys
> | refering to anything that is NOT Spybot. But, the BHO's continue to be
> | reinstalled on each boot of the operating system. Any ideas how I can
> | put a stop to this? I don't think this is as simple as removing past
> | spyware. This is a new one. So new that I can't even find a name to it
> | yet, although it started when I tried to remove cmdServices.
> |
>
> It has been a while since I replied.
>
> Netscape was NEVER your problem. Sun Java may be realted IFF it is a
> vulnerable version but
> upgrading to a new version and removing the vulnerable version will keep
> Java Applet
> capabilities (if desired).
>
> If you have a Vundo it is difficult to remove but not impossible. It may
> use a BHO as well
> as a the Winlogon/Notify function. It also has a soem decent self
> preservation teqniques.
>
> Did you actually run Atribune's VUNDOFIX.EXE as requested ?
>
> I am willing to assist you but not if you don't reply again for almost two
> weeks.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
From: "Bob" <roburt@grande.net>
| Just a question from a layman..........if you get something like what's
| being discussed, or any other hard to get rid of virus or Trojan, would it
| be more easy to just reformat, or does that not solve the problem?
|
That's a cost benefit analysis.
How much time to clean the PC vs. the time it takes to backup all crucial data, reinstall
the OS, update the OS, install applications and restore data, etc.
It would be up to the user to determine if one or the other would be the better router.
Wiping the PC and re-installing the OS, etc., would solve the problem but is it a costly
effort.
Additionally one may make a determination on the extent of the infection. Having a very bad
infection or numerous infectors may indicate wiping the PC and re-installing the OS, etc.,
would be the *best* option no matter how much time is involved.
In this case, an attempt to clean the PC may be easier. However, I'm not sure the OP is
going about this correctly.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
It looks like I may have an even bigger problem. I can't boot in safe
mode! Everytime I try my icons show briefly and then disappear. Then
nothing. Any ideas?
On Mon, 25 Feb 2008 01:17:56 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:
>From: "Victor Laszlo" <vlaszlo@worldnet.att.net>
>
>| Hi David,
>|
>| Actually I went ahead and removed both Java and Netscape, which
>| HighjackThis indicated was installing these files through Netscape.
>| Now that I have removed Java and Netscape 7.1 the files are coming in
>| through IE's Browser Helper Object facility. I have located place in
>| the Registry where all BHO's are loacate and deleted all of the keys
>| refering to anything that is NOT Spybot. But, the BHO's continue to be
>| reinstalled on each boot of the operating system. Any ideas how I can
>| put a stop to this? I don't think this is as simple as removing past
>| spyware. This is a new one. So new that I can't even find a name to it
>| yet, although it started when I tried to remove cmdServices.
>|
>
>It has been a while since I replied.
>
>Netscape was NEVER your problem. Sun Java may be realted IFF it is a vulnerable version but
>upgrading to a new version and removing the vulnerable version will keep Java Applet
>capabilities (if desired).
>
>If you have a Vundo it is difficult to remove but not impossible. It may use a BHO as well
>as a the Winlogon/Notify function. It also has a soem decent self preservation teqniques.
>
>Did you actually run Atribune's VUNDOFIX.EXE as requested ?
>
>I am willing to assist you but not if you don't reply again for almost two weeks.
My problem with removing anything more is I am afraid that it will
screw up my system. Everytime I do something at someone else's
suggestion it seems to make matters worse. Like now, I can't boot in
safe mode. This is after I followed the suggestions from the people at
spybot.
This is a new piece of spyware and it appears to be designed to
retalliate if some of the pieces go missing. I don't know whats going
on here.
On Mon, 25 Feb 2008 01:17:56 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:
>From: "Victor Laszlo" <vlaszlo@worldnet.att.net>
>
>| Hi David,
>|
>| Actually I went ahead and removed both Java and Netscape, which
>| HighjackThis indicated was installing these files through Netscape.
>| Now that I have removed Java and Netscape 7.1 the files are coming in
>| through IE's Browser Helper Object facility. I have located place in
>| the Registry where all BHO's are loacate and deleted all of the keys
>| refering to anything that is NOT Spybot. But, the BHO's continue to be
>| reinstalled on each boot of the operating system. Any ideas how I can
>| put a stop to this? I don't think this is as simple as removing past
>| spyware. This is a new one. So new that I can't even find a name to it
>| yet, although it started when I tried to remove cmdServices.
>|
>
>It has been a while since I replied.
>
>Netscape was NEVER your problem. Sun Java may be realted IFF it is a vulnerable version but
>upgrading to a new version and removing the vulnerable version will keep Java Applet
>capabilities (if desired).
>
>If you have a Vundo it is difficult to remove but not impossible. It may use a BHO as well
>as a the Winlogon/Notify function. It also has a soem decent self preservation teqniques.
>
>Did you actually run Atribune's VUNDOFIX.EXE as requested ?
>
>I am willing to assist you but not if you don't reply again for almost two weeks.
From: "Victor Laszlo" <vlaszlo@worldnet.att.net>
| My problem with removing anything more is I am afraid that it will
| screw up my system. Everytime I do something at someone else's
| suggestion it seems to make matters worse. Like now, I can't boot in
| safe mode. This is after I followed the suggestions from the people at
| spybot.
|
| This is a new piece of spyware and it appears to be designed to
| retalliate if some of the pieces go missing. I don't know whats going
| on here.
|
This is my LAST reply.
Your revisiting interval of this thread is too long!
Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...HJTInstall.exe
Create a HJT log file and post it in one of the below locations...
{ Please - Do NOT post the HJT Log here ! }
Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote