Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VirtuMonde doesnt leave.....


  • Please log in to reply

#1
clo21

clo21

    New Member

  • Member
  • Pip
  • 6 posts
OK so I scan my computer with Spybot, Ad-Aware and HiJackThis to try and remove this and it doesnt go away. Attached to this post is my log.

I am positive that these are the problems that need to be fixed but I check these off on HJT and they are still there.
Ive tried removing those files manually and I cant delete them because it says they are open or being used by another program. Ive even manually deleted the problems spybot detected from the registry, and they still return. Please help me with this. Thanks

O2 - BHO: (no name) - {1B0D6751-EB0B-4FE9-9C4B-42A2D7316410} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonkj.dll

O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll
O20 - Winlogon Notify: winjcf32 - C:\WINDOWS\SYSTEM32\winjcf32.dll

Attached Files


  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Download ComboFix from [http://download.blee.../ComboFix.exe"]Here[/URL] or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
clo21

clo21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey loophole, thanks for replying.

I downloaded ComboFix and scanned my system. I also ran HJT again. Attached to this post are all logs. I still see these listings within the HJT log:

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonkj.dll

O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll

are these entries any threats?

Once again, thanks for your help.

Attached Files


  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Yep, Just arent detected yet, lets get them a different way


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\urqonkj.dll



Save this as ComboFix-Do.txt


Posted Image

Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

Combofix will run, please post the resulting log and a new Hijack log

Thanks
  • 0

#5
clo21

clo21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
loophole,

Attached to this post are all logs and the ComboFix-Do file just to make sure I did that right. The ComboFix scan didnt remove this:

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonkj.dll
O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll

but it removed some other dll file that it found.

Attached Files


  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
It looks like you left out file and the 2 semicolons which tells combofix what to go after, follow the above directions but make sure you include the File:: part just like this



File::
C:\WINDOWS\SYSTEM32\urqonkj.dll



Let me know how it goes :whistling:
  • 0

#7
clo21

clo21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I think the file was deleted this time. I attached the new Logs. Should I check this off on HJT:

O20 - Winlogon Notify: urqonkj - urqonkj.dll (file missing)

Also, would there be anything else in HJT that I should check off?

Thanks again.

Attached Files


  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Yes you can check and fix that one now.

Have the problems stopped?
  • 0

#9
clo21

clo21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey loop,

The problems seem to all be gone. Nothing comes up in ad-aware or spybot and you've seen the latest HJT log. Is it also ok to delete those files created by ComboFix like the Qoobox folder?

Thanks a lot
  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Yes you can delete the Qoobox folder. also all the combofix.txt combofix created :whistling:

Your very welcome

Congratulations :blink:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

  • Updating your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over.Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:

    Using Winpatrol to protect your computer from malicious software

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP