I had two new icons on my desktop, Windows XP's "Help and Support" icon and Windows XP's "Windows Update", both pointing to http://storageprotector.com. Symptoms of this infection included sluggishness, inability to double-click "My computer" icon as well as others, depending of the configuration of the system.
I googled the NT_Kernel error 1256 and came upon the forum http://forum.bitdefe...?showtopic=3561 and after combing through the forum I found a fix mentioned called FixVundo.exe. I downloaded this third-party utility and ran it. It detected several .dlls related to this trojan and deleted all of them except for awvvu.dll and awvvu.exe The system required a reboot. Once rebooted, it DID NOT delete the final files.
However, a new error message popped up wanting to run one of the affected .dll but was unable to locate it. The two malicious icons on the desktop also remained. I was able to delete the icons. After double-clicking the C: icon, roughly 2,000+ .tmp files, all starting with the name posxxx.dll were in the root. I highlighted and deleted those files.
I entered the registry editor and went to HKEY_LOCAL_MACHINE\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and deleted the .dll in that group.
Every time I reboot my computer, it's a slow boot and I am getting plenty of POP UP Ads. I also receive a buffer overrun that McAffee catches and deals with.
I am Pretty sure all of this is stemming from the awvvu.dll and awvvu.exe files in my system32 folder. I recently ran HiJackThis and can post a log asap. The log has a run command to run [kernel] also which has it's own folder under program files. Could this be the malware kernal.exe? I think I can probably fix the problem with just checking a few boxes that look suspicious but would like some help with it.
Thanks a lot in advance.
Edited by Anchorless, 16 January 2008 - 09:45 PM.