Tech Support Forum - View Single Post - Computer almost dead:Virtumundo infected:lots of pop ups.

drosera01 · 12-28-2007, 11:43 AM

Just one more update on this issue.
After posting hijackthis log above, i did go for vundofix and it detected some files. One was same file in system32 as panda was showing as virtumundo spy. I let vundo to fix the problems but it said, could not remove one file fcccdef.dll in system 32, but gave me the option to remove after reboot. it did remove after reboot and and had to restart again but when i restart,
the computer showed me error message. Message reads like this.
"Error Loading C:\WINDOWS\system32\jkxtbf.dll The specified module could not be found"
when i clicked "ok" computer started normally. then after everytime i restart it shows same error message.
here is the Vundofix log:

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 11:55:35 PM 12/27/2007

Listing files found while scanning....

C:\windows\system32\ddcyw.dll
C:\WINDOWS\system32\fbsbtxkj.ini
C:\WINDOWS\system32\fcccdef.dll
C:\WINDOWS\system32\jkxtbsbf.dll
C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini2

Beginning removal...

Attempting to delete C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fbsbtxkj.ini
C:\WINDOWS\system32\fbsbtxkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fcccdef.dll
C:\WINDOWS\system32\fcccdef.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkxtbsbf.dll
C:\WINDOWS\system32\jkxtbsbf.dll Has been deleted!

Attempting to delete C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini Has been deleted!

Attempting to delete C:\windows\system32\wycdd.ini2
C:\windows\system32\wycdd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fcccdef.dll
C:\WINDOWS\system32\fcccdef.dll Has been deleted!

Performing Repairs to the registry.
Done!

12-28-2007, 11:43 AM	#2 (permalink)
drosera01 Registered User Join Date: Nov 2006 Posts: 49 OS: Win XP Home SP2	Re: Computer almost dead:Virtumundo infected:lots of pop ups. Just one more update on this issue. After posting hijackthis log above, i did go for vundofix and it detected some files. One was same file in system32 as panda was showing as virtumundo spy. I let vundo to fix the problems but it said, could not remove one file fcccdef.dll in system 32, but gave me the option to remove after reboot. it did remove after reboot and and had to restart again but when i restart, the computer showed me error message. Message reads like this. "Error Loading C:\WINDOWS\system32\jkxtbf.dll The specified module could not be found" when i clicked "ok" computer started normally. then after everytime i restart it shows same error message. here is the Vundofix log: VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 11:55:35 PM 12/27/2007 Listing files found while scanning.... C:\windows\system32\ddcyw.dll C:\WINDOWS\system32\fbsbtxkj.ini C:\WINDOWS\system32\fcccdef.dll C:\WINDOWS\system32\jkxtbsbf.dll C:\windows\system32\wycdd.ini C:\windows\system32\wycdd.ini2 Beginning removal... Attempting to delete C:\windows\system32\ddcyw.dll C:\windows\system32\ddcyw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fbsbtxkj.ini C:\WINDOWS\system32\fbsbtxkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\fcccdef.dll C:\WINDOWS\system32\fcccdef.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\jkxtbsbf.dll C:\WINDOWS\system32\jkxtbsbf.dll Has been deleted! Attempting to delete C:\windows\system32\wycdd.ini C:\windows\system32\wycdd.ini Has been deleted! Attempting to delete C:\windows\system32\wycdd.ini2 C:\windows\system32\wycdd.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\fcccdef.dll C:\WINDOWS\system32\fcccdef.dll Has been deleted! Performing Repairs to the registry. Done!