viruses???

**virusinfected** · #16 31st Jul 2007, 02:11 AM

its a specific file called... C:\WINDOWS\system32\gebyxyv.dll

**evilfantasy** · #17 31st Jul 2007, 02:16 AM

OK, if you haven't noticed this thread has been moved to the Anti-Virus and Spyware forum.
Thanks Dave :)

That is what I meant by some require special removal. Virtumonde is one of them.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

**Dave Hybrid** · #18 31st Jul 2007, 02:16 AM

Download and run this:

http://www.atribune.org/content/view/24/2/

Post a Hijack this log after running that and doing a reboot.

**virusinfected** · #19 31st Jul 2007, 02:48 AM

that it

**Dave Hybrid** · #20 31st Jul 2007, 02:59 AM

Tick the boxes next to these entrees and remove them.

O2 - BHO: (no name) - {004D3F2F-3B16-44BE-9BC5-52E856D7D50B} - C:\WINDOWS\System32\ddccd.dll (file missing)
O2 - BHO: (no name) - {07571FF3-F676-4DC9-8262-D26FB7FEFEE4} - C:\WINDOWS\System32\jkkjk.dll (file missing)
O2 - BHO: (no name) - {1CA0EC94-43C5-4FA0-9D1D-2B0836E9DD42} - C:\WINDOWS\System32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\gnjiigtu.dll
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\ccciotrh.dll",forkonce
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O20 - Winlogon Notify: ddccd - C:\WINDOWS\System32\ddccd.dll (file missing)
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\System32\jkkjk.dll (file missing)

Do another spybot scan and post the log.

**evilfantasy** · #21 31st Jul 2007, 02:59 AM

Open HijackThis and choose Do a system scan only.

Check these boxes
O2 - BHO: (no name) - {004D3F2F-3B16-44BE-9BC5-52E856D7D50B} - C:\WINDOWS\System32\ddccd.dll (file missing)

O2 - BHO: (no name) - {07571FF3-F676-4DC9-8262-D26FB7FEFEE4} - C:\WINDOWS\System32\jkkjk.dll (file missing)

O2 - BHO: (no name) - {1CA0EC94-43C5-4FA0-9D1D-2B0836E9DD42} - C:\WINDOWS\System32\pmkhg.dll (file missing)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\gnjiigtu.dll

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\ccciotrh.dll",forkonce

O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

O20 - Winlogon Notify: ddccd - C:\WINDOWS\System32\ddccd.dll (file missing)

O20 - Winlogon Notify: jkkjk - C:\WINDOWS\System32\jkkjk.dll (file missing)

**IMPORTANT close all browser windows including this one.
Then click Fix Checked
Then run CCleaner
Post a new HijackThis log when done.

**evilfantasy** · #22 31st Jul 2007, 03:04 AM

You still need to go to windows update and get SP2 and any other critical updates. You may have to check twice. There will be more updates for SP2.
http://v4.windowsupdate.microsoft.com/en/default.asp

**Dave Hybrid** · #23 31st Jul 2007, 03:06 AM

I'll step aside mate, looks like I'm getting in the way here... :D

**evilfantasy** · #24 31st Jul 2007, 03:10 AM

No problem, you never know when I may need back up!

**virusinfected** · #25 31st Jul 2007, 03:15 AM

yea....on that note i would need to check legality of my xp version. i have no idea.i just bought the pc and it was on here.

thats the new search i think

**evilfantasy** · #26 31st Jul 2007, 03:21 AM

Everything is still there. Did you close all windows before hitting fix checked?

**virusinfected** · #27 31st Jul 2007, 03:27 AM

sure did

**virusinfected** · #28 31st Jul 2007, 03:35 AM

gimme 5 mins and ill put up another log

**virusinfected** · #29 31st Jul 2007, 03:36 AM

Originally Posted by evilfantasy

Open HijackThis and choose Do a system scan only.

Check these boxes
O2 - BHO: (no name) - {004D3F2F-3B16-44BE-9BC5-52E856D7D50B} - C:\WINDOWS\System32\ddccd.dll (file missing)

O2 - BHO: (no name) - {07571FF3-F676-4DC9-8262-D26FB7FEFEE4} - C:\WINDOWS\System32\jkkjk.dll (file missing)

O2 - BHO: (no name) - {1CA0EC94-43C5-4FA0-9D1D-2B0836E9DD42} - C:\WINDOWS\System32\pmkhg.dll (file missing)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\gnjiigtu.dll

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\ccciotrh.dll",forkonce

O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

O20 - Winlogon Notify: ddccd - C:\WINDOWS\System32\ddccd.dll (file missing)

O20 - Winlogon Notify: jkkjk - C:\WINDOWS\System32\jkkjk.dll (file missing)

**IMPORTANT close all browser windows including this one.
Then click Fix Checked
Then run CCleaner
Post a new HijackThis log when done.

and after ive cheked these wat do i do

**evilfantasy** · #30 31st Jul 2007, 03:39 AM

Originally Posted by virusinfected

and after ive cheked these wat do i do

Click Fix Checked towards the bottom left of HijackThis.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Tonnes of viruses, i think!!	concept	Virus, Spyware & Security	6	15th May 2008 12:12 PM
Viruses	rsteenoven	Virus, Spyware & Security	23	22nd Mar 2008 07:05 PM
How do i get rid of any viruses & spyware?	Ian M	Virus, Spyware & Security	16	31st Jul 2007 03:23 PM
How do i remove viruses from my computer?	dastine_marie	Virus, Spyware & Security	4	1st Apr 2007 08:21 AM
How do I take spyware or viruses off of a...	freakofnature	General Software Chat	3	17th Mar 2007 07:35 PM