Tech Support Forum - View Single Post

tetonbob · 12-22-2008, 11:48 AM

Hi -

Where did you download this file from? One must be exceedingly careful when downloading files on the interent today. If you're downloading from Warez sites or sites other than the vendor's, you're more likely to get an infection on the machine than not.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open notepad and copy/paste the text in the quotebox below into it:

Code:



BHO: {d8e20dc7-a6a1-4917-91c2-f0e98d1f9376} - c:\windows\system32\fuweyuni.dll
mRun: [gidejosihi] Rundll32.exe "c:\windows\system32\vufosesa.dll",s
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

Save this as "CFScript"

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Java(TM) 6 Update 5
Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Leave Java(TM) 6 Update 11 alone, as it is the most recent.

---------------------------------------------------------------------------------------------

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

In your next post, please include logs from:

Online scan

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

12-22-2008, 11:48 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,251 OS: 2000 Pro; XP Pro; XP Home	Re: Error : vufosesa.dll on startup Hi - Where did you download this file from? One must be exceedingly careful when downloading files on the interent today. If you're downloading from Warez sites or sites other than the vendor's, you're more likely to get an infection on the machine than not. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Download & save ComboFix to your Desktop but don't run it yet Open notepad and copy/paste the text in the quotebox below into it: Code: BHO: {d8e20dc7-a6a1-4917-91c2-f0e98d1f9376} - c:\windows\system32\fuweyuni.dll mRun: [gidejosihi] Rundll32.exe "c:\windows\system32\vufosesa.dll",s IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Save this as "CFScript" Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Java(TM) 6 Update 5 Java(TM) 6 Update 7 These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this. Leave Java(TM) 6 Update 11 alone, as it is the most recent. --------------------------------------------------------------------------------------------- Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- In your next post, please include logs from: Online scan ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009