Tech Support Forum - View Single Post

sUBs · 08-11-2007, 03:13 PM

Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:

ViewPoint
WhenU

Please note any other programs that you dont recognize in that list in your next response

---------------

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {2BC42A41-E859-4ECA-9A70-DC9FEA03C2A7} - (no file)
O2 - BHO: (no name) - {3F17C32D-CE1B-452E-8830-F0E86E79AFEF} - (no file)
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: byxwv - C:\WINDOWS\system32\byxwv.dll (file missing)
O20 - Winlogon Notify: wincsg32 - wincsg32.dll (file missing)

---------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/173288-trojan-downloader-issues.html
Collect::
C:\WINDOWS\WFXDEL.BAT
D:\autorun.bat
File::
C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\hmapekaj.ini.ren
C:\WINDOWS\system32\vwxyb.bak2
C:\WINDOWS\system32\ylsdmwij.dll.ren
C:\WINDOWS\system32\jiwmdsly.ini.ren
C:\Program Files\Viewpoint
C:\WINDOWS\system32\vwxyb.ini.ren
C:\WINDOWS\system32\vwxyb.bak2.ren
C:\WINDOWS\system32\vwxyb.bak1.ren
Folder::
C:\Program Files\Common Files\Viewpoint
C:\Program Files\Common Files\WhenU
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BC42A41-E859-4ECA-9A70-DC9FEA03C2A7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F17C32D-CE1B-452E-8830-F0E86E79AFEF}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincsg32]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

Save this as "CFScript"

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file before proceeding to the next step.

---------------

Click here perform an online scan >> Online Scanner

---------------

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Online scan

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

08-11-2007, 03:13 PM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Re: Trojan Downloader Issues Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs: ViewPoint WhenU Please note any other programs that you dont recognize in that list in your next response --------------- Do a HijackThis scan & place a check next to these items and select "Fix checked": O2 - BHO: (no name) - {2BC42A41-E859-4ECA-9A70-DC9FEA03C2A7} - (no file) O2 - BHO: (no name) - {3F17C32D-CE1B-452E-8830-F0E86E79AFEF} - (no file) O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing) O20 - Winlogon Notify: byxwv - C:\WINDOWS\system32\byxwv.dll (file missing) O20 - Winlogon Notify: wincsg32 - wincsg32.dll (file missing) --------------- Open notepad and copy/paste the text in the quotebox below into it: Code: http://www.techsupportforum.com/security-center/hijackthis-log-help/173288-trojan-downloader-issues.html Collect:: C:\WINDOWS\WFXDEL.BAT D:\autorun.bat File:: C:\WINDOWS\system32\vvvwa.bak2 C:\WINDOWS\system32\vvvwa.bak1 C:\WINDOWS\system32\hmapekaj.ini.ren C:\WINDOWS\system32\vwxyb.bak2 C:\WINDOWS\system32\ylsdmwij.dll.ren C:\WINDOWS\system32\jiwmdsly.ini.ren C:\Program Files\Viewpoint C:\WINDOWS\system32\vwxyb.ini.ren C:\WINDOWS\system32\vwxyb.bak2.ren C:\WINDOWS\system32\vwxyb.bak1.ren Folder:: C:\Program Files\Common Files\Viewpoint C:\Program Files\Common Files\WhenU Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BC42A41-E859-4ECA-9A70-DC9FEA03C2A7}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F17C32D-CE1B-452E-8830-F0E86E79AFEF}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwv] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincsg32] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] Save this as "CFScript" Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip Please submit this file before proceeding to the next step. --------------- Click here perform an online scan >> Online Scanner --------------- In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Online scan ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?