*Log Remove*
Edited by Laura26978, 07 April 2007 - 09:24 PM.
Winfixer, Morwill pop-ups
Started by
Laura26978
, Dec 10 2005 10:10 PM
#1
Posted 10 December 2005 - 10:10 PM
Laura26978
-
- Member
-
- 5 posts
New Member
*Log Remove*
#2
Posted 13 December 2005 - 05:33 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hello 
Sorry for the delayed response, it has been very busy lately.
If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.
Thanks
Sorry for the delayed response, it has been very busy lately.
If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.
Thanks
#3
Posted 13 December 2005 - 08:20 PM
Laura26978
- Topic Starter
-
- Member
-
- 5 posts
New Member
Thank you very much for responding. You didn't take long at all. I'm still having the same problem. I've been getting Morwill,pop-ups, winfixer, and a few others. Thanks for all your help. Here's the new log
*Log Removed*
*Log Removed*
Edited by Laura26978, 07 April 2007 - 09:24 PM.
#4
Posted 13 December 2005 - 09:01 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
We have a few steps to do but we will get it
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to extract the files
- This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
- Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
- You will first be presented with a warning.
It should look like this
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....
- At this point press enter one time.
- Next you will see:
Please Type in the filepath as instructed by the forum staff
and then press enter: - At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\Fonts\comvss.dll
- Press Enter to continue with the fix.
- Next you will see:
Please type in the second filepath as instructed by the forum
staff then press enter: - At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\Fonts\ssvmoc.*
This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.* - Press Enter to continue with the fix.
- The fix will run then HijackThis will open, if it does not open automatically please open it manually.
- In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Bho - {5D867A01-9CEC-4f2f-8454-AAAB35550396} - C:\WINDOWS\system32\bldqhpvw.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\comvss.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O20 - Winlogon Notify: comvss - C:\WINDOWS\Fonts\comvss.dll
- After you have fixed these items, close Hijackthis.
- Press enter to exit the program then manually reboot your computer.
- Once your machine reboots please continue with the instructions below.
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic
#5
Posted 15 December 2005 - 12:42 PM
Laura26978
- Topic Starter
-
- Member
-
- 5 posts
New Member
Ok here's how it went......
*log removed*
*log removed*
Edited by Laura26978, 07 April 2007 - 09:25 PM.
#6
Posted 15 December 2005 - 01:27 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hijack fixes
Hello Laura26978
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Bho - {5D867A01-9CEC-4f2f-8454-AAAB35550396} - C:\WINDOWS\system32\bldqhpvw.dll (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\comvss.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [L] c:\documents and settings\laura seelaus\local settings\temp\L.exe
O4 - HKLM\..\Run: [a5SiM6BW] c:\documents and settings\laura seelaus\local settings\temp\a5SiM6BW.exe
O4 - HKLM\..\Run: [up8h36V] hosxcl40.exe
O20 - Winlogon Notify: comvss - C:\WINDOWS\Fonts\comvss.dll (file missing)
Now close all windows other than HiJackThis, then click Fix Checked
Open HiJackThis. It should open to a "New users quickstart" menu
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:
C:\WINDOWS\Buddy.exe
And select the file
Buddy.exe
Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.
Post a new Hijack log please
Hello Laura26978
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Bho - {5D867A01-9CEC-4f2f-8454-AAAB35550396} - C:\WINDOWS\system32\bldqhpvw.dll (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\comvss.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [L] c:\documents and settings\laura seelaus\local settings\temp\L.exe
O4 - HKLM\..\Run: [a5SiM6BW] c:\documents and settings\laura seelaus\local settings\temp\a5SiM6BW.exe
O4 - HKLM\..\Run: [up8h36V] hosxcl40.exe
O20 - Winlogon Notify: comvss - C:\WINDOWS\Fonts\comvss.dll (file missing)
Now close all windows other than HiJackThis, then click Fix Checked
Open HiJackThis. It should open to a "New users quickstart" menu
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:
C:\WINDOWS\Buddy.exe
And select the file
Buddy.exe
Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.
Post a new Hijack log please
#7
Posted 15 December 2005 - 05:06 PM
Laura26978
- Topic Starter
-
- Member
-
- 5 posts
New Member
Wow those little things sure like to hide...
*Log Removed*
*Log Removed*
Edited by Laura26978, 07 April 2007 - 09:26 PM.
#8
Posted 15 December 2005 - 05:10 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Yes thay do like to hide The log looks great. To clear the rest of the items panda picked up just do this and we are done
1. Click Start > Control Panel.
2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.
After reboot, go back into the Control Panel and double-click the Java icon.
3. Under Temporary Internet Files, click the Delete Files button.
There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files
4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
5. Click OK to leave the Java Control Panel.
Congratulations
your system is clean
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
The log looks great. To clear the rest of the items panda picked up just do this and we are done 1. Click Start > Control Panel.
2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.
After reboot, go back into the Control Panel and double-click the Java icon.
3. Under Temporary Internet Files, click the Delete Files button.
There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files
4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
5. Click OK to leave the Java Control Panel.
Congratulations
your system is clean
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
- Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
- AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
- SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
- SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
- IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
- CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
- Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
#9
Posted 15 December 2005 - 05:46 PM
Laura26978
- Topic Starter
-
- Member
-
- 5 posts
New Member
Thank you so much for all your help! Is it ok to use all those tools together? Hopefully this malware will stay away.
#10
Posted 15 December 2005 - 05:53 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
I use numbers1,2,3,6 and you could probably use them all together but that may be overkill. Your very welcome for the help
Good luck to you
Good luck to you
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
