Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help fixing computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help fixing computer

Unread postby williesbest2 » October 14th, 2005, 10:35 pm

Today, I was fixing someone's computer, and it was severly infected. (It had like every virus and trojan known to man). When I first started the computer was really slow. I updated and ran Ad-Aware and started scanning, and all of a sudden the computer shuts off, I then reboot into safe mode and continue running Ad-Aware and remove everything. She had a ton of spyware (dialers, trojan downloaders, elitebar, 180searchsolutions, and some other things). Well her computer was just not getting better after 2 different antispyware programs (Ad-Aware and Spy Sweeper) and an antivirus program (antivir). I then ran HijackThis, and since I can't post the log I wrote down all the malicious stuff that I knew was malicious. I have noticed that she has trojan.vundo. I have no idea on how to get this off. She has a Windows XP computer (2-3 year old gateway) with 128MB of RAM and a 14.6GB hard drive. The following entries that I noticed are below:

BHO: C:\Windows\System32\jkll.dll

BHO: MSEVENTS object C:\Windows\System32\awvtr.dll

BHO: (no name)- blank

Winlogon notify: C:\Windows\System32\awvtr.dll

Delus: HKLM\..\RunOnce: C:\Docume`1\Admin`1\Locals\Temp\delus.exe

ZXIKAG: "C:\Program Files\InetGet2\CP.GH2.exe"\SHUN\PC=CP.GH2\SHUN\PC=CP.GH2

BJCFD: C:\Program Files\Broad Jump\Client Foundation\CFD.exe

IPInSightLan03: "C:\Program Files\Visual Networks\Visual IPInsight\SBC\ipclient.exe

IPInsightmonitor: C:\Program Files\Visual Networks\Visual IPInsight\SBC\IPMon32.exe

FLMOFFICE 4D Mouse: C:/Program Files/Browser Mouse\mouse32a.exe
hpfsched: C:\Windows\hpfsched.exe

Hotkey kbd 9910 Daemon: SK9910DM.exe

Winlogon Notfiy: jkkll- C:\Windows\System32\jkkll.dll


Keep in mind that there is no way for me to post the entire log, because she does not have access to the internet right now, because of the computer shut offs. Please help me, fix her computer. Thanks for your help.

(O and please don't reply saying to make it a normal startup HijackThis log. This is the best I can do. I say this because a person from another board posted that)
User avatar
williesbest2
Regular Member
 
Posts: 62
Joined: September 25th, 2005, 11:50 pm
Advertisement
Register to Remove

Unread postby John McKenna » October 17th, 2005, 11:49 am

Hi and welcome to MWR. :)

Can you please start the machine in Safe Mode, scan with HijackThis and save the log to floppy.

Transfer the floppy to your own machine and post a HijackThis log please.

Can you confirm whether you have a cd writer on your own machine that you can use to burn and then transfer programs larger that 1.44mb please.
User avatar
John McKenna
Regular Member
 
Posts: 98
Joined: February 19th, 2005, 10:36 am
Location: Liverpool, England

Unread postby williesbest2 » October 17th, 2005, 10:31 pm

Well, the computer will now not boot into safe mode. I had her try a restore, she got an error and now when she boots the computer up, it goes to a BSOD. I'll post the error message tomorrow.
User avatar
williesbest2
Regular Member
 
Posts: 62
Joined: September 25th, 2005, 11:50 pm

Unread postby John McKenna » October 18th, 2005, 3:03 am

John McKenna wrote:Can you confirm whether you have a cd writer on your own machine that you can use to burn and then transfer programs larger that 1.44mb please.



Please download & run FixVundo 1.3.1
  • Copy the tool to floppy and transfer it to the infected compter.
  • Close all running programs (including any Internet Browser).
  • Locate the file on the floppy.
  • Double-click the FixVundo.exe file to start the removal tool.
  • Click Start to begin the process, and then allow the tool to run.
  • Important: Do NOT launch any new applications while the tool is running!
  • Restart the computer.
  • Run the removal tool again to ensure that the system is clean.


Does this give us any breathing space?
User avatar
John McKenna
Regular Member
 
Posts: 98
Joined: February 19th, 2005, 10:36 am
Location: Liverpool, England

Unread postby williesbest2 » October 18th, 2005, 7:04 am

Yes, I do have a cd-writer on my computer. And also I have already checked for Vundo and it had detected and removed it. Also, when the computer boots up it auto goes into a BSOD. I don't think I can launch any applications. I will be going today and looking at the computer.
User avatar
williesbest2
Regular Member
 
Posts: 62
Joined: September 25th, 2005, 11:50 pm

Unread postby John McKenna » October 18th, 2005, 7:28 am

Let me know what the state of play is then when you've had another look at it then.
User avatar
John McKenna
Regular Member
 
Posts: 98
Joined: February 19th, 2005, 10:36 am
Location: Liverpool, England

Unread postby NonSuch » November 2nd, 2005, 8:07 am

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27235
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware