Tech Support Forum - View Single Post

**LonnyRJones** · 12-07-2007, 09:28 AM

Welcome to the forum
Start Hijackthis Scan and place a check next to these items If there.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (this item is legit just written a bit wrong, hijackthis will correct it)
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - (no file)
O2 - BHO: (no name) - {3ED74DAC-C3E9-45D4-950A-BDD8EF574F62} - (no file)
O4 - HKLM\..\Run: [iyyuefcx] C:\ldckbrqw.bat
====================================
Hit fix checked and close Hijackthis.
when spybots tea timer alerts click allow the changes

can you tell me what this program is ? C:\Program Files\Psi\

Post a combofix log
1. Download this file - combofix.exe to your desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
alternate link
http://www.forospyware.com/sUBs/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you already have combofix re-download please as it is updated often.

also:
submit this file at virustotal
C:\WINDOWS\system32\msjt3032Patch.dll
http://www.virustotal.com/

List the contents of this folder
C:\WINDOWS\system32\(null)

12-07-2007, 09:28 AM	#2 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,646 OS: xp	Re: Vundo Again Welcome to the forum Start Hijackthis Scan and place a check next to these items If there. F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (this item is legit just written a bit wrong, hijackthis will correct it) O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - (no file) O2 - BHO: (no name) - {3ED74DAC-C3E9-45D4-950A-BDD8EF574F62} - (no file) O4 - HKLM\..\Run: [iyyuefcx] C:\ldckbrqw.bat ==================================== Hit fix checked and close Hijackthis. when spybots tea timer alerts click allow the changes can you tell me what this program is ? C:\Program Files\Psi\ Post a combofix log 1. Download this file - combofix.exe to your desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe alternate link http://www.forospyware.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. If you already have combofix re-download please as it is updated often. also: submit this file at virustotal C:\WINDOWS\system32\msjt3032Patch.dll http://www.virustotal.com/ List the contents of this folder C:\WINDOWS\system32\(null) __________________ Our help is voluntary. But this site needs donations to operate. Last edited by LonnyRJones; 12-07-2007 at 09:31 AM.