[clo21]

OK so I scan my computer with Spybot, Ad-Aware and HiJackThis to try and remove this and it doesnt go away. Attached to this post is my log.

I am positive that these are the problems that need to be fixed but I check these off on HJT and they are still there.
Ive tried removing those files manually and I cant delete them because it says they are open or being used by another program. Ive even manually deleted the problems spybot detected from the registry, and they still return. Please help me with this. Thanks

O2 - BHO: (no name) - {1B0D6751-EB0B-4FE9-9C4B-42A2D7316410} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonkj.dll

O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll
O20 - Winlogon Notify: winjcf32 - C:\WINDOWS\SYSTEM32\winjcf32.dll

Attached Files

•  hijackthis_log.txt   6.67KB   87 downloads

[Advertisements]

Hi

Download ComboFix from [http://download.blee.../ComboFix.exe"]Here[/URL] or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[loophole]

Hi

Download ComboFix from [http://download.blee.../ComboFix.exe"]Here[/URL] or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[clo21]

Hey loophole, thanks for replying.

I downloaded ComboFix and scanned my system. I also ran HJT again. Attached to this post are all logs. I still see these listings within the HJT log:

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonkj.dll

O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll

are these entries any threats?

Once again, thanks for your help.

Attached Files

•  ComboFix.txt   11.58KB   89 downloads
•  ComboFix_quarantined_files.txt   1.24KB   111 downloads
•  HJT_Log.txt   6.35KB   102 downloads

[loophole]

Yep, Just arent detected yet, lets get them a different way


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\urqonkj.dll

Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

Combofix will run, please post the resulting log and a new Hijack log

Thanks

[clo21]

loophole,

Attached to this post are all logs and the ComboFix-Do file just to make sure I did that right. The ComboFix scan didnt remove this:

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonkj.dll
O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll

but it removed some other dll file that it found.

Attached Files

•  HJT_Log.txt   6.35KB   97 downloads
•  ComboFix.txt   11.57KB   82 downloads
•  ComboFix_Do.txt   31bytes   92 downloads

[loophole]

It looks like you left out file and the 2 semicolons which tells combofix what to go after, follow the above directions but make sure you include the File:: part just like this



File::
C:\WINDOWS\SYSTEM32\urqonkj.dll


Let me know how it goes

[clo21]

I think the file was deleted this time. I attached the new Logs. Should I check this off on HJT:

O20 - Winlogon Notify: urqonkj - urqonkj.dll (file missing)

Also, would there be anything else in HJT that I should check off?

Thanks again.

Attached Files

•  hijackthis_log.txt   6.25KB   84 downloads
•  ComboFix.txt   11.27KB   128 downloads

[loophole]

Yes you can check and fix that one now.

Have the problems stopped?

[clo21]

Hey loop,

The problems seem to all be gone. Nothing comes up in ad-aware or spybot and you've seen the latest HJT log. Is it also ok to delete those files created by ComboFix like the Qoobox folder?

Thanks a lot

[loophole]

Yes you can delete the Qoobox folder. also all the combofix.txt combofix created

Your very welcome

Congratulations

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and reenable system restore here:
  
  Windows XP System Restore Guide
  
  
• Updating your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over.Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  
  Using Winpatrol to protect your computer from malicious software

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!