popup probs
- Thread starter DELBOY001
- Start date
- Status
tashi
Member of Team Spybot
DELBOY001 :scratch: 
:
http://forums.spybot.info/showthread.php?p=79458
Please follow the instructions in that link to produce the HJT log and copy/paste it into this topic.
:
: http://forums.spybot.info/showthread.php?p=79458
Please follow the instructions in that link to produce the HJT log and copy/paste it into this topic.
:Cant get rid of Vundo
I believe I have Vundo, I ran AVG it found nothing, DL Vundofix, it finds files I delete them, it finds more on the next run and the problem is ongoing
I would appreciate advice in getting rid once and for all, I know you people are well busy
DELBOY001
I believe I have Vundo, I ran AVG it found nothing, DL Vundofix, it finds files I delete them, it finds more on the next run and the problem is ongoing
I would appreciate advice in getting rid once and for all, I know you people are well busy
DELBOY001
Oops forgot this
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 17:26:00 11/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\gqugddol.dll
C:\WINDOWS\system32\hvcbgxgl.dll
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\vtutt.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gqugddol.dll
C:\WINDOWS\system32\gqugddol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hvcbgxgl.dll
C:\WINDOWS\system32\hvcbgxgl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 17:47:42 11/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\lubwsijb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lubwsijb.dll
C:\WINDOWS\system32\lubwsijb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 18:02:04 11/04/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 14:58:01 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\jgplqlwx.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geeda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jgplqlwx.dll
C:\WINDOWS\system32\jgplqlwx.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 17:26:00 11/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\gqugddol.dll
C:\WINDOWS\system32\hvcbgxgl.dll
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\vtutt.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gqugddol.dll
C:\WINDOWS\system32\gqugddol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hvcbgxgl.dll
C:\WINDOWS\system32\hvcbgxgl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 17:47:42 11/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\lubwsijb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lubwsijb.dll
C:\WINDOWS\system32\lubwsijb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 18:02:04 11/04/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 14:58:01 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\jgplqlwx.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geeda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jgplqlwx.dll
C:\WINDOWS\system32\jgplqlwx.dll Has been deleted!
Performing Repairs to the registry.
Done!
oK COULDNT START COMP IN NORMAL MODE THIS MORNING just hung....
ran spybot got this
--- Search result list ---
Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Araf15
Cassava: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
ReliableStats: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Cassava: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Advertising.com: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Smitfraud-C.Toolbar888: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)
Ran Vundo fix got this now
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 08:07:15 13/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\oaswsgkh.dll
C:\WINDOWS\system32\pmkhg.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\oaswsgkh.dll
C:\WINDOWS\system32\oaswsgkh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!
Performing Repairs to the registry.
Done!
I thought i had removed those old java versions in add remove program...... any ideas how to completely remove them
ran spybot got this
--- Search result list ---
Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Araf15
Cassava: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
ReliableStats: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Cassava: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Advertising.com: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Smitfraud-C.Toolbar888: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)
Ran Vundo fix got this now
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 08:07:15 13/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\oaswsgkh.dll
C:\WINDOWS\system32\pmkhg.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\oaswsgkh.dll
C:\WINDOWS\system32\oaswsgkh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!
Performing Repairs to the registry.
Done!
I thought i had removed those old java versions in add remove program...... any ideas how to completely remove them
Last edited by a moderator:
tashi
Member of Team Spybot
Hi DELBOY001.
I have merged all your topics and split off the HJT log to here: http://forums.spybot.info/showthread.php?t=12892
Post all replies to that one and provide only what is asked for, no vundo log, no Spybot-S&D log. "BEFORE you POST"
I will close this thread or helpers will think by the post count that you are already being assisted.
Cheers.
I have merged all your topics and split off the HJT log to here: http://forums.spybot.info/showthread.php?t=12892
Post all replies to that one and provide only what is asked for, no vundo log, no Spybot-S&D log. "BEFORE you POST"
I will close this thread or helpers will think by the post count that you are already being assisted.
Cheers.
- Status