Tech Support Forum - View Single Post

sUBs · 10-09-2005, 02:15 AM

This would probably require several passes

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop. Double-click on it to extract the files to a new folder on your desktop.

Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
At the introductory screen, press <Enter> to proceed.
When asked to type in a filepath, please key this in:

C:\WINDOWS\system32\ssqpq.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Next you will be asked to type in a second filepath.
At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\qpqss.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

The fix will run then HijackThis will open.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ssqpq.dll
O2 - BHO: Bho - {EFDAC3FE-F44A-4030-8589-1E23BC6573D5} - C:\WINDOWS\system32\spubmteo.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://66.149.164.244:60010/kxhcm10.ocx
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\ssqpq.dll
O20 - Winlogon Notify: ssttu - C:\WINDOWS\SYSTEM32\ssttu.dll

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Once your machine reboots please post a new HJT log

10-09-2005, 02:15 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,465 OS: N/A	This would probably require several passes Please print these instructions out for use in Safe Mode. Please download VundoFix.exe to your desktop. Double-click on it to extract the files to a new folder on your desktop. Reboot your computer into Safe Mode. Restart your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat At the introductory screen, press <Enter> to proceed. When asked to type in a filepath, please key this in: C:\WINDOWS\system32\ssqpq.dll Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Next you will be asked to type in a second filepath. At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\qpqss.* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The fix will run then HijackThis will open. In HiJackThis, please place a check next to the following items and click FIX CHECKED: R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ssttu.dll O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ssqpq.dll O2 - BHO: Bho - {EFDAC3FE-F44A-4030-8589-1E23BC6573D5} - C:\WINDOWS\system32\spubmteo.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://66.149.164.244:60010/kxhcm10.ocx O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\ssqpq.dll O20 - Winlogon Notify: ssttu - C:\WINDOWS\SYSTEM32\ssttu.dll After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer. Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Once your machine reboots please post a new HJT log __________________ Question - what have you done for the community today?