I am running Windows ME and have not been able to get rid of the Vundo/Sysprotect thing from my computer, despite trying the Vundofix program. That identifies the files, but then doesn't remove them and can't reboot my computer, either. If I try to remove the files myself, I just get a message that they are "in use by Windows".

When I try to delete them in "safe mode", my screen goes blank, with nothing left but the words 'safe mode' in all four corners of the screen.

Here is my Hijack This log...

Logfile of HijackThis v1.99.1
Scan saved at 5:29:06 AM, on 4/12/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\SYSTEM\OPPMJ.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunOnce: [*OPPMJ] rundll32.exe C:\WINDOWS\SYSTEM\OPPMJ.DLL,CreateProtectProc rerun
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


This thing is really bugging the crap out of me!

Run VundoFix and post that log here please

Please print the below instructions or copy them to Notepad.

Go to Start->Shutdown and see if there is an option to restart into MSDOS mode. If not, just restart and tap the F8 key repeatedly until a menu shows up. Choose Command Prompt or MSDOS Prompt in the list there. You will boot into dos mode. Type in the following:

cd C:\WINDOWS\SYSTEM\

and hit Enter key. Then type in:

del OPPMJ.DLL /p

You should get a prompt to delete the file. Type Y and hit Enter. If it can't delete it for some reason, type this in first then type back that same line (see below):

attrib -r -s -h OPPMJ.DLL
del OPPMJ.DLL /p

You should get a prompt again. Choose Y to delete it. Next type in:

del JMPPO.* /p

Again...you should get a prompt. If it can't delete that either, type these in:

attrib -r -s -h JMPPO.*
del JMPPO.* /p

...prompt...Y and Enter. Ctrl+alt+del to restart your computer...

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/forums/ind...showtutorial=61 ). Make sure to close any internet browsers that may still be open.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\SYSTEM\OPPMJ.DLL
O4 - HKLM\..\RunOnce: [*OPPMJ] rundll32.exe C:\WINDOWS\SYSTEM\OPPMJ.DLL,CreateProtectProc rerun
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Restart and run a new HijackThis scan. Save the log file and post it here.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.