Thread: slowed computer, games uninstall/install doesn't work anymore.
View Single Post
Old 01-08-2006, 03:26 AM   #2 (permalink)
POADB
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Welcome to TSF.

You're infected with a trojan...TWICE!.

There is a procedure for removing the duplicate infection in one go, but I can't remember. So, we are going to run the tool twice instead.


Please print these instructions out for use in Safe Mode. Or Save them to Wordpad so that you can access them in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
Go into Add/Remove and uninstall:

Viewpoint Media Player

Delete the folder:

C:\Program Files\Viewpoint
    1. Restart the computer. The computer begins processing a set of instructions known as BIOS.
    2. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
    3. Continue to do so until the 'Windows Advanced Options' menu appears.
    4. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this
    Quote:
    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....
  • Press 'Enter' to continue!
  • Next you will see:
    Quote:
    Please Type in the filepath as instructed by the forum staff
    and then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\awtqr.dll
  • Press Enter to continue with the fix.
  • Next you will see:
    Quote:
    Please type in the second filepath as instructed by the forum
    staff then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\rqtwa.*
  • Press Enter to continue with the fix.
  • The fix will run and then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
    • O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ddcyw.dll
      O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awtqr.dll
      O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O20 - Winlogon Notify: awtqr - C:\WINDOWS\SYSTEM32\awtqr.dll
      O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.

Reboot back into Safe Mode and run the Tool again. This time:

Quote:
Please Type in the filepath as instructed by the forum staff
and then press enter:
[*]At this point please type the following file path (make sure to enter it exactly as below!):
  • C:\WINDOWS\system32\ddcyw.dll
[*]Press Enter to continue with the fix.[*] Next you will see:
Quote:
Please type in the second filepath as instructed by the forum
staff then press enter:
[*]At this point please type the following file path (make sure to enter it exactly as below!):
  • C:\WINDOWS\system32\wycdd.*
[*]Press Enter to continue with the fix.[*]The fix will run and then HijackThis will open, if it does not open automatically please open it manually.[*]In HiJackThis, please place a check next to the following items and click FIX CHECKED IF They Still Exist:
  • O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ddcyw.dll
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awtqr.dll
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O20 - Winlogon Notify: awtqr - C:\WINDOWS\SYSTEM32\awtqr.dll
    O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
[*]After you have fixed these items, close Hijackthis.[*]Press enter to exit the program then manually reboot your computer.[*]Once your machine reboots please continue with the instructions below.[/list]
Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
__________________
POADB is offline