Vundo& Virtumondo...

Try this then instead, please.

Please make sure that all programs are closed when installing Java.

  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Double click on jre-6u7-windows-i586-p.exe to install Java.
  8. After the Java installation has finished, please go to Kaspersky website and perform an online antivirus scan.
  9. Read through the requirements and privacy statement and click on Accept button.
  10. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  11. When the downloads have finished, click on Settings.
  12. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  13. Click on My Computer under Scan.
  14. Once the scan is complete, it will display the results. Click on View Scan Report.
  15. You will see a list of infected items there. Click on Save Report As....
  16. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  17. Please post this log in your next reply along with a fresh HijackThis log.
 
Hi,

I'm having problems dl Java. eep getting same error messages as trying to dl antivirus pages like kaspersky etc.

"web page declined. you are required to log in"
 
Ok, then we use offline scanner.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 
Hi,

Managed to dl java. Here's Kaspersky scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 06, 2008 07:41:17
Records in database: 1196553
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 38223
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 00:53:14


File name / Threat name / Threats count
C:\Documents and Settings\Lee\My Documents\Downloads\ZoneAlarm Pro 8.0.015.000 - Final + keygen\zapSetup_80_015_000_en.exe Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\euqkfswu.dll.vir Infected: Trojan.Win32.Monder.mcg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ikhnfsat.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.dfp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yaglia.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.dfp 1

The selected area was scanned.
 
Dl Java ok.

Here's Kaspersky scan log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 06, 2008 07:41:17
Records in database: 1196553
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 38223
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 00:53:14


File name / Threat name / Threats count
C:\Documents and Settings\Lee\My Documents\Downloads\ZoneAlarm Pro 8.0.015.000 - Final + keygen\zapSetup_80_015_000_en.exe Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\euqkfswu.dll.vir Infected: Trojan.Win32.Monder.mcg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ikhnfsat.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.dfp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yaglia.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.dfp 1

The selected area was scanned.
 
It appears that your copy of ZoneAlarm is not legit. And also it looks like that this all started from illegal download.

So next you should uninstall ZoneAlarm Pro and delete this:

C:\Documents and Settings\Lee\My Documents\Downloads\ZoneAlarm Pro 8.0.015.000 - Final + keygen\

Empty this folder:

C:\QooBox\Quarantine

Install one free firewall from below:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Post a fresh uninstall list.
 
Hi,

Done all the above.

Here's the new install log.

Adobe Flash Player ActiveX
AVG 8.0
BlueSoleil
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
C-Major Audio
Conexant D480 MDC V.92 Modem
Dell Wireless WLAN Card
DivX Codec
DivX Converter
DivX Player
DivX Web Player
getPlus(R)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
IncrediMail Xe
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet
Java(TM) 6 Update 7
Lexmark X6100 Series
Malwarebytes' Anti-Malware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MSN
Nero 7 Essentials
OpenOffice.org Installer 1.0
PCI 7510 CardBus Controller with SmartCard and Software
PowerDVD
Print to Fax
QT Lite 2.6.0
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SopCast 3.0.3
Spybot - Search & Destroy 1.5.2.20
SRS Audio Sandbox
VC 9.0 Runtime
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
ZTE Mobile Connection
Zune Desktop Theme
 
Did you also install some firewall?

I ask because I see none in uninstall list.
 
Hi ya,

Yes, it's an AVG one.

Are we clean now? Can I uninstall combofix, sdfix etc and remove them from computer, or shall I leave them?
 
The AVG package we have is a paid for version. We originally had Zone Alarm which we bought. The reason I can't reinstall it is that our ZA disc is now in packed away in storage with our computer. (This is a lap top we bought until we are in a position to get our stuff from storage).

Whatever happened to the laptop disabled zone alarm and rendered it useless. We'd un installed it and we tried to dl one from a p2p site recommended by a friend. That was the version we have just un installed.

So I'm hoping that we are now clean and protected again.
 
I see.

So then I recommend that you install one of those free firewalls :)

They are almost as good as ZA Pro, and according to some tests, Comodo and Online Armor are even better, link
 
Hi,

Installed Comodo, disabled the AVG Firewall. Is there a difference or is one better than other?

Also is it safe to run windows updates. We had problems trying to update a while ago, laptop kept crashing so we've turned them off. May have just been a dl problem...

Here's new install list:

Adobe Flash Player ActiveX
Ask Toolbar
AVG 8.0
BlueSoleil
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
C-Major Audio
COMODO Firewall Pro
COMODO SafeSurf
Conexant D480 MDC V.92 Modem
Dell Wireless WLAN Card
DivX Codec
DivX Converter
DivX Player
DivX Web Player
getPlus(R)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
IncrediMail Xe
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet
Java(TM) 6 Update 7
Lexmark X6100 Series
Malwarebytes' Anti-Malware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MSN
Nero 7 Essentials
OpenOffice.org Installer 1.0
PCI 7510 CardBus Controller with SmartCard and Software
PowerDVD
Print to Fax
QT Lite 2.6.0
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SopCast 3.0.3
Spybot - Search & Destroy 1.5.2.20
Spyware Doctor 6.0
SRS Audio Sandbox
VC 9.0 Runtime
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
ZTE Mobile Connection
Zune Desktop Theme
 
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top