Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PopUp Nightmare [CLOSED]


  • This topic is locked This topic is locked

#16
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Could you boot into Normal Mode to get me the HijackThis log? It should be in Normal Mode and the rkfiles and remv3 should be in safe mode.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {77DDAA3C-7BD7-0EB4-1CC3-967EF812AFB4} - C:\WINDOWS\System32\cdmweb\yhmvxsgevn.dll
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vzzauv.exe reg_run


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\System32\cdmweb\
C:\WINDOWS\SYSTEM32\mc-58-12-0000079.exe
C:\WINDOWS\SYSTEM32\pop2.exe
C:\WINDOWS\SYSTEM32\US4.0-3.exe
C:\WINDOWS\SYSTEM32\xjxxmo.exe
C:\WINDOWS\SYSTEM32\ysbinstall_1003032.exe
C:\WINDOWS\SYSTEM32\eliteewt32.exe
C:\WINDOWS\SYSTEM32\eliteoei32.exe
C:\WINDOWS\SYSTEM32\eliteuxx32.exe
C:\WINDOWS\ojkzmrcb.exe
C:\WINDOWS\rrtitoajhvp.exe
C:\WINDOWS\System32\vzzauv.exe


Restart and run a new HijackThis scan. Save the log file and post it here.
  • 0

Advertisements


#17
prescottjill

prescottjill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The popups are pretty much gone. Did you get a chance to look at my logs?
  • 0

#18
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
What logs? Did you post new ones? I took a look at your other logs already which is how I got the information to give you the fix. Did you do the fix I just gave you yet? If not, do so now.

If you did it already, please repost a new HijackThis log for (hopefully) one last review.
  • 0

#19
prescottjill

prescottjill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry,
I missed this post from you somehow. I'll do this right away.
  • 0

#20
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP