Thanks for the feedback, let me provide you with some information first. You said this:
2) I want to advise you that you were running: Norton Internet Security and if you have installed another antivirus program, you need to view this information.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
Beyond that, I can comment on the HJT log.
It appears you removed Symantec, but you have additional infections. These infections will attract more, my suggestion, if you wish to continue cleaning this computer is that you keep it offline except when you are troubleshooting. This infection appear to be Vundo and we need to try and remove it first:
Scan saved at 15:29:45, on 29-03-2007 <<< this is the HJT log I am looking at and all of the infections are still in the log including these new ones. If I am to continue, you are going to have to follow my directions and stop going off on your own and downloading stuff. I makes no difference to me, but please make up your mind if you want my help or not.
VUNDO
O2 - BHO: (no name) - {15FDD0E0-28C0-430C-8CE6-25BCC9BF50E2} - C:\WINDOWS\system32\ddcdabc.dll
O20 - Winlogon Notify: ddcdabc - C:\WINDOWS\SYSTEM32\ddcdabc.dll
O2 - BHO: (no name) - {14EDF56F-48E6-4953-91A9-DD894A71562E} - C:\WINDOWS\system32\gebyv.dll
O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll
Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"
Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
Thanks to Atribune and any others who helped with this fix.
Please download VundoFix.exe to your desktop
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
I need to see the Vundofix report and a new HJT log.
Thanks
Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"
Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
Please be aware of two things 1) without seeing a log from the antivirus program, there is no way I can comment on what it did or did not remove.
2) I want to advise you that you were running: Norton Internet Security and if you have installed another antivirus program, you need to view this information.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
Beyond that, I can comment on the HJT log.
It appears you removed Symantec, but you have additional infections. These infections will attract more, my suggestion, if you wish to continue cleaning this computer is that you keep it offline except when you are troubleshooting. This infection appear to be Vundo and we need to try and remove it first:
Scan saved at 15:29:45, on 29-03-2007 <<< this is the HJT log I am looking at and all of the infections are still in the log including these new ones. If I am to continue, you are going to have to follow my directions and stop going off on your own and downloading stuff. I makes no difference to me, but please make up your mind if you want my help or not.
VUNDO
O2 - BHO: (no name) - {15FDD0E0-28C0-430C-8CE6-25BCC9BF50E2} - C:\WINDOWS\system32\ddcdabc.dll
O20 - Winlogon Notify: ddcdabc - C:\WINDOWS\SYSTEM32\ddcdabc.dll
O2 - BHO: (no name) - {14EDF56F-48E6-4953-91A9-DD894A71562E} - C:\WINDOWS\system32\gebyv.dll
O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll
Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"
Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
Thanks to Atribune and any others who helped with this fix.
Please download VundoFix.exe to your desktop
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
I need to see the Vundofix report and a new HJT log.
Thanks
Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"
Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
