• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Permanent removal of Win32.ConHook.ah

N

Nomad_Disaster

New member
Hi, my system recently picked up Win32.ConHook.ah and I can't seem to find a way to remove it. Both Adaware personal and Spybot S&D detect it, then say they have fixed the problem, but an immediate re-scan detects the problem as still being present. Spybot S&D resident is blocking it from modifying my registry, but I still can't seem to remove it.

Does anybody have any suggestions as to how I can remove the problem for good?
 
Hi there.

Did you run a Spybot-S&D scan in safe mode?

1) Reboot your computer into SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
  • Instead of Windows loading as normal, a menu should appear.
  • Select the first option, to run Windows in Safe Mode.

2) Open Spybot-S&D while still in safe mode.
  1. Close all browsers, check for problems and fix everything found in red
  2. Repeat until no more items are found in red
a) Close Spybot-S&D
b) Reboot back into Windows
If the answer to the above is yes, or if it did not resolve the problem, follow the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Then start your own thread in the Malware Removal Forum

A helper will advise you when available. Regards.
 
I would like to add:

Nomad_Disaster:

There appears to be several detections for Win32.ConHook.ah (cookie, Trojan as well as a detection listed in beta). Please post a log of the actual detection(s) you are getting. To do that:
  • Run another scan.
  • When the scan completes, right click on the results list, select "Copy results to clipboard".
  • Then paste (Ctrl+V) those results to a new post in this thread.
Thanks
 
Okay, thanks for the swift responses, as requested I am moving this thread to the Malware forums, i'll post the logs and other information there.
 
Same problem here.
win32.conhook.ah won't go away!!!

Ran "HiJackThis", and found the address in Spybot corresponded to a file in the "02" section of HiJackThis. Also corresponds to the file vundofix.exe wanted to eliminate... c:\windows\system32\igfdlv.dll among others.

I also found a thread on the dell forum discussing this problem, pointing people to run this vundofix.exe program.

Ran Vundofix it in Safe Mode, it removed some files, and I THINK it's fixed. Re-ran Vundofix and Spybot S&D and no infections were detected. (FINALLY! This took me a full day to track down!)

So the short of it - try running Vundofix.exe (use Safe Mode). That may fix your problem!!
http://www.atribune.org/content/view/24/2/

{breathes sigh of relief}

PS I think it helped that I took the suspect computer off the internet. I think this Vundo program may have been trying to download new viruses/spyware as I was trying to remove them. pesky. stubborn. ugh.
done.
 
Hello.

Malware removal advice in given here: Malware Removal Forum

md usa spybot fan also requested more information.

While Atribune's tool is used in our HJT forum, we make an analysis before giving advice. ;)
 
You must log in or register to reply here.
Back
Top