Tech Support Forum - View Single Post - Need Help - Getting too many pop-ups and lock downs. HJT included

sUBs · 08-19-2005, 03:49 PM

Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...

In the popup box that appears, type in C:\WINDOWS\CY_BG.EXE
Click the Open button.
Click NO when prompted to restart your computer.

Please download VundoFix.zip to your desktop.

Double-click VundoFix.zip and extract it to your C:\ directory.
Copy the instructions below and paste them into Notepad for reference.
- All other windows need to be closed while doing this fix!
Navigate to the new folder C:\VundoFix
Double click on KillVundo.bat
- When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
Please press any key to continue.
Wait for HiJackThis to automatically open.
When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found:
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Windows Update Setup Files\utilcat.dll
  O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
  O15 - Trusted Zone: *.coolwebsearch.com
  O15 - Trusted Zone: *.musicmatch.com
  O15 - Trusted Zone: *.musicmatch.com (HKLM)
  O15 - Trusted IP range: 206.161.125.149 (HKLM)
  O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
  O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/ins...ll/pinstall.cab
  O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
  O20 - Winlogon Notify: utilcat - C:\WINDOWS\Windows Update Setup Files\utilcat.dll
Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.

You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix

08-19-2005, 03:49 PM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot... In the popup box that appears, type in C:\WINDOWS\CY_BG.EXE Click the Open button. Click NO when prompted to restart your computer. Please download VundoFix.zip to your desktop. Double-click VundoFix.zip and extract it to your C:\ directory. Copy the instructions below and paste them into Notepad for reference. All other windows need to be closed while doing this fix! Navigate to the new folder C:\VundoFix Double click on KillVundo.bat When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do. Please press any key to continue. Wait for HiJackThis to automatically open. When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Windows Update Setup Files\utilcat.dll O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE O15 - Trusted Zone: .coolwebsearch.com O15 - Trusted Zone: .musicmatch.com O15 - Trusted Zone: .musicmatch.com (HKLM) O15 - Trusted IP range: 206.161.125.149 (HKLM) O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM) O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/ins...ll/pinstall.cab O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab O20 - Winlogon Notify: utilcat - C:\WINDOWS\Windows Update Setup Files\utilcat.dll Once they all have a check next to them, click the FIX CHECKED* button, then close HiJackThis. You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on. Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix __________________ Question - what have you done for the community today?