Results 1 to 6 of 6

Thread: Permanent removal of Win32.ConHook.ah

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    11

    Default Permanent removal of Win32.ConHook.ah

    Hi, my system recently picked up Win32.ConHook.ah and I can't seem to find a way to remove it. Both Adaware personal and Spybot S&D detect it, then say they have fixed the problem, but an immediate re-scan detects the problem as still being present. Spybot S&D resident is blocking it from modifying my registry, but I still can't seem to remove it.

    Does anybody have any suggestions as to how I can remove the problem for good?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi there.

    Did you run a Spybot-S&D scan in safe mode?

    1) Reboot your computer into SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
    • Instead of Windows loading as normal, a menu should appear.
    • Select the first option, to run Windows in Safe Mode.


    2) Open Spybot-S&D while still in safe mode.
    1. Close all browsers, check for problems and fix everything found in red
    2. Repeat until no more items are found in red

    a) Close Spybot-S&D
    b) Reboot back into Windows
    If the answer to the above is yes, or if it did not resolve the problem, follow the procedure in this link:
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start your own thread in the Malware Removal Forum

    A helper will advise you when available. Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    I would like to add:

    Nomad_Disaster:

    There appears to be several detections for Win32.ConHook.ah (cookie, Trojan as well as a detection listed in beta). Please post a log of the actual detection(s) you are getting. To do that:
    • Run another scan.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    Thanks

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  4. #4
    Junior Member
    Join Date
    Jul 2007
    Posts
    11

    Default

    Okay, thanks for the swift responses, as requested I am moving this thread to the Malware forums, i'll post the logs and other information there.

  5. #5
    Junior Member
    Join Date
    Jul 2007
    Posts
    1

    Default

    Same problem here.
    win32.conhook.ah won't go away!!!

    Ran "HiJackThis", and found the address in Spybot corresponded to a file in the "02" section of HiJackThis. Also corresponds to the file vundofix.exe wanted to eliminate... c:\windows\system32\igfdlv.dll among others.

    I also found a thread on the dell forum discussing this problem, pointing people to run this vundofix.exe program.

    Ran Vundofix it in Safe Mode, it removed some files, and I THINK it's fixed. Re-ran Vundofix and Spybot S&D and no infections were detected. (FINALLY! This took me a full day to track down!)

    So the short of it - try running Vundofix.exe (use Safe Mode). That may fix your problem!!
    http://www.atribune.org/content/view/24/2/

    {breathes sigh of relief}

    PS I think it helped that I took the suspect computer off the internet. I think this Vundo program may have been trying to download new viruses/spyware as I was trying to remove them. pesky. stubborn. ugh.
    done.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello.

    Malware removal advice in given here: Malware Removal Forum

    md usa spybot fan also requested more information.

    While Atribune's tool is used in our HJT forum, we make an analysis before giving advice.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •