Tech Support Forum - View Single Post

**Pancake** · 08-27-2007, 07:23 PM

Hi...

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

================================

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Common Files\horydytal22011.exe
C:\PROGRAM FILES\WinPop
C:\Program Files\MSN\profsyvyr.html
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

================================

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [{38-8C-C7-71-ZN}] C:\DOCUME~1\Jin\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [horydytal] C:\Program Files\Common Files\horydytal22011.exe
O4 - HKLM\..\Run: [NI.UWAS6_0001_N91M1508] "C:\DOCUME~1\Jin\LOCALS~1\Temp\winaspsnet.exe" -nag
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hkpfgjcx.dll",forkonce
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\profsyvyr.html

Reboot and post a new HJT log..

08-27-2007, 07:23 PM	#2 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,405 OS: XP Pro SP3	Re: Dunno... Windows anitvirus virus? Hi... Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Put a check next to Run VundoFix as a task. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK When VundoFix re-opens, click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please post the contents of C:\vundofix.txt and a new HiJackThis log. ================================ Please download the OTMoveIt by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\Program Files\Common Files\horydytal22011.exe C:\PROGRAM FILES\WinPop C:\Program Files\MSN\profsyvyr.html Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Close OTMoveIt If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ================================ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll O4 - HKLM\..\Run: [{38-8C-C7-71-ZN}] C:\DOCUME~1\Jin\LOCALS~1\Temp\thinksnet.exe CHD003 O4 - HKLM\..\Run: [horydytal] C:\Program Files\Common Files\horydytal22011.exe O4 - HKLM\..\Run: [NI.UWAS6_0001_N91M1508] "C:\DOCUME~1\Jin\LOCALS~1\Temp\winaspsnet.exe" -nag O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hkpfgjcx.dll",forkonce O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\profsyvyr.html Reboot and post a new HJT log.. __________________ Eddy Last edited by Pancake : 08-27-2007 at 07:24 PM.