Viruses???

**evilfantasy** · #11 31st Jul 2007, 02:39

Go to add/remove programs and remove Spyware Cleaner. This is a rouge program and is not to be trusted. Also remove anything you know should not be there.
Then install CCleaner http://www.thecomputerforums.co.uk/file6.html
Run the scans to clean remnants of anything removed in add/remove.

You have Internet Explorer v6.00 SP1 should be SP2. This is unsafe. Go to Microsoft Update and get your updates.

Have you ran AVG lately? If not then do so and let it remove any problems. Make sure it is up to date and running normally.

Webroot is a good product but it is good to use a second scanner like Spy-Bot. http://www.thecomputerforums.co.uk/file7.html
I would suggest running both programs and letting them do their job.

When you are done please repost how things are working along with a new HijackThis log.

**virusinfected** · #12 31st Jul 2007, 02:45

yea...im d/l search and destroy now...FINISHED..not sure if its a trusted site though...lol

**virusinfected** · #13 31st Jul 2007, 02:50

Quote:

Originally Posted by evilfantasy

Go to add/remove programs and remove Spyware Cleaner. This is a rouge program and is not to be trusted. Also remove anything you know should not be there.

where should it be cause i cant find it

**virusinfected** · #14 31st Jul 2007, 02:59

spybot just found it for me

**virusinfected** · #15 31st Jul 2007, 03:06

spybot says something like VirtuMonde cant be deleted
HELP

**virusinfected** · #16 31st Jul 2007, 03:11

its a specific file called... C:\WINDOWS\system32\gebyxyv.dll

**evilfantasy** · #17 31st Jul 2007, 03:16

OK, if you haven't noticed this thread has been moved to the Anti-Virus and Spyware forum.
Thanks Dave :)

That is what I meant by some require special removal. Virtumonde is one of them.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

**Hybr!d** · #18 31st Jul 2007, 03:16

Download and run this:

http://www.atribune.org/content/view/24/2/

Post a Hijack this log after running that and doing a reboot.

**virusinfected** · #19 31st Jul 2007, 03:48

that it

**Hybr!d** · #20 31st Jul 2007, 03:59

Tick the boxes next to these entrees and remove them.

O2 - BHO: (no name) - {004D3F2F-3B16-44BE-9BC5-52E856D7D50B} - C:\WINDOWS\System32\ddccd.dll (file missing)
O2 - BHO: (no name) - {07571FF3-F676-4DC9-8262-D26FB7FEFEE4} - C:\WINDOWS\System32\jkkjk.dll (file missing)
O2 - BHO: (no name) - {1CA0EC94-43C5-4FA0-9D1D-2B0836E9DD42} - C:\WINDOWS\System32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\gnjiigtu.dll
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\ccciotrh.dll",forkonce
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O20 - Winlogon Notify: ddccd - C:\WINDOWS\System32\ddccd.dll (file missing)
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\System32\jkkjk.dll (file missing)

Do another spybot scan and post the log.