Tech Support Forum - View Single Post

sUBs · 10-12-2005, 04:48 PM

Download LSPFix.exe

Double click on LSPFix.exe to run it.

Once running, you will be required to tick the disclaimer - "I know what I'm doing".
You'll find a windows with 2 panes.
In the left pane which is labeled 'Keep', select all instances of this file:
- wglsp.dll
Then click on the arrow pointing to the right, >>.
This will move the entry to the right pane labeled 'Remove'
Click the Finish button to complete the fix.

Only entries similar to wglsp.dll need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop. Double-click on it to extract the files to a new folder on your desktop.

Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
At the introductory screen, press <Enter> to proceed.
When asked to type in a filepath, please key this in:

C:\WINDOWS\system32\jkklj.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Next you will be asked to type in a second filepath.
At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\efksciuk.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

The fix will run then HijackThis will open.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
O2 - BHO: Bho - {3F96A687-6137-4ab4-887C-6E51BCC020B9} - C:\WINDOWS\system32\efksciuk.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

After rebooting, continue with the instructions below.

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

Tick - Show hidden files and folder
Untick - Hide file extensions for known types
Untick - Hide protected operating system files

Click Yes to confirm & then click OK

Locate and delete the following files:

C:\WINDOWS\system32\jlkkj.bak
C:\WINDOWS\system32\jlkkj.inf
C:\WINDOWS\system32\jlkkj.tmp

Delete any file that bears the same name even if has another extension.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Then, perform an online scan with Internet Explorer with Panda ActiveScan

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.
Click on see report. Then click Save report

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

10-12-2005, 04:48 PM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,480 OS: N/A	Download LSPFix.exe Double click on LSPFix.exe to run it. Once running, you will be required to tick the disclaimer - "I know what I'm doing". You'll find a windows with 2 panes. In the left pane which is labeled 'Keep', select all instances of this file: wglsp.dll Then click on the arrow pointing to the right, >>. This will move the entry to the right pane labeled 'Remove' Click the Finish button to complete the fix. Only entries similar to wglsp.dll need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me. Please print these instructions out for use in Safe Mode. Please download VundoFix.exe to your desktop. Double-click on it to extract the files to a new folder on your desktop. Reboot your computer into Safe Mode. Restart your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat At the introductory screen, press <Enter> to proceed. When asked to type in a filepath, please key this in: C:\WINDOWS\system32\jkklj.dll Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Next you will be asked to type in a second filepath. At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\efksciuk.dll Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The fix will run then HijackThis will open. In HiJackThis, please place a check next to the following items and click FIX CHECKED: R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m O2 - BHO: Bho - {3F96A687-6137-4ab4-887C-6E51BCC020B9} - C:\WINDOWS\system32\efksciuk.dll O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer. Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * After rebooting, continue with the instructions below. If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab. Tick - Show hidden files and folder Untick - Hide file extensions for known types Untick - Hide protected operating system files Click Yes to confirm & then click OK Locate and delete the following files: C:\WINDOWS\system32\jlkkj.bak C:\WINDOWS\system32\jlkkj.inf C:\WINDOWS\system32\jlkkj.tmp Delete any file that bears the same name even if has another extension. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Download and install CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click OK Press the CleanUp! button to start the program. It may ask you to reboot at the end, click NO. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Then, perform an online scan with Internet Explorer with Panda ActiveScan Click Scan your PC & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Click on see report. Then click Save report Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic. __________________ Question - what have you done for the community today? Last edited by sUBs; 10-12-2005 at 04:49 PM.