Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AWVVT.DLL .... Please help me remove this file :( [CLOSED]


  • This topic is locked This topic is locked

#1
dubzter

dubzter

    New Member

  • Member
  • Pip
  • 1 posts
Hi Everyone,

my computer has been infected with the AWVVT.DLL file and I've tried removing the bugger using hijack this but it keeps coming back. Microsoft Antispyware detects the file and removes it but it also keeps coming back.

My Hijackthis log file is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:51:53 AM, on 11/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
c:\jetsuite\jsdaemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Local Settings\Temp\Temporary Directory 1 for hijackthis-1.zip\HijackThis.exe

O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\awvvt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O20 - Winlogon Notify: awvvt - C:\WINDOWS\SYSTEM32\awvvt.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\m2460chsef460.dll
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe






When I run VX2 Finder, I get the following log:

Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---
awvvt
Run


Guardian Key--- is called:

Guardian Key--- :

User Agent String---
{C19F8413-0F5A-2D59-6760-57AA02B52319}

I've tried using VundoFix in safe mode (without internet attached) but I keep getting the message that it can't access the process because it is being used by another process.

My VundoFix log is as follows:

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was c:\WINDOWS\system32\awvvt.dll

The second filepath entered was c:\WINDOWS\system32\tvvwa.dll

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 136 'smss.exe'
Error 0x6 : The handle is invalid.


Killing PID 580 'explorer.exe'
Killing PID 580 'explorer.exe'

Killing PID 504 'rundll32.exe'

Killing PID 212 'winlogon.exe'
Error 0x6 : The handle is invalid.

--------------------------------------------------------------------------------------

Could not delete c:\WINDOWS\system32\awvvt.dll.
c:\WINDOWS\system32\tvvwa.dll Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------





I've tried running KILLBOX and typing in the file manually and selecting delete on reboot and end explorer shell while killling file but then I get the following message: "PendingFileRenameOperationsRegistryData has been removed by External Processes".

Is there something that I can do to get rid of this? I'm getting pop ups galore (spotresults.com and starware.com and a few others) and also flash ad pop ups which has never happened before.

Can Anyone help me PLEASE?

thanks so much,
:tazz:

Edited by dubzter, 28 November 2005 - 11:36 AM.

  • 0

Advertisements


#2
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello dubzter and welcome to Geeks To Go :tazz:

As it's been a few days are you still needing help wtih this?
  • 0

#3
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP