Tech Support Forum - View Single Post - Critical System Errorrs! due to adware, malware, or virus??

Linkmaster · 12-10-2006, 09:01 AM

You are very Welcome !

Download VundoFix.exe© by Atribune to your desktop.

Open Windows Explorer, locate and Delete the following folders or files in RED : (if present)

C:\WINDOWS\system32\wnsapitr.exe

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Run VundoFix
Double-click VundoFix.exe
Click the Scan for Vundo button.
When it finishes scanning, Click the Remove Vundo button
You will receive a prompt asking if you want to "remove the files", click YES
Once you click yes, your desktop will go blank as it starts removing Vundo
When completed, it will prompt that it will reboot your computer, click OK
The .txt file will be in C:\Vundofix.txt

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {40C1409A-DC7A-F4DD-2E97-F72D15DEADC5} - C:\WINDOWS\system32\xmbjbt.dll

O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {95973C5E-5287-46C4-9A10-3D6ACB05FB9F} - (no file)
O2 - BHO: (no name) - {CBC1A77D-0DAC-4EBD-8CD2-2524F8A0506C} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\system32\ixt1.dll (file missing)

O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

Post a fresh HijackThis log and the vundofix.txt file here

12-10-2006, 09:01 AM	#4 (permalink)
Linkmaster Analyst, Security Team Join Date: Jul 2006 Location: Arkansas, USA Posts: 299 OS: XP Pro	You are very Welcome ! Download VundoFix.exe© by Atribune to your desktop. Open Windows Explorer, locate and Delete the following folders or files in RED : (if present) C:\WINDOWS\system32\wnsapitr.exe Run ATF Cleaner Double-click ATF Cleaner.exe Under Main choose: Select All Click the Empty Selected button. Click Exit on the Main menu to close the program. Run VundoFix Double-click VundoFix.exe Click the Scan for Vundo button. When it finishes scanning, Click the Remove Vundo button You will receive a prompt asking if you want to "remove the files", click YES Once you click yes, your desktop will go blank as it starts removing Vundo When completed, it will prompt that it will reboot your computer, click OK The .txt file will be in C:\Vundofix.txt Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot Run HijackThis Scan and when it finishes, put a check mark only next to these following items : (if present) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {40C1409A-DC7A-F4DD-2E97-F72D15DEADC5} - C:\WINDOWS\system32\xmbjbt.dll O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file) O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {95973C5E-5287-46C4-9A10-3D6ACB05FB9F} - (no file) O2 - BHO: (no name) - {CBC1A77D-0DAC-4EBD-8CD2-2524F8A0506C} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\system32\ixt1.dll (file missing) O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing) Close all browsers and any open Windows, making sure that only HijackThis is open Click Fix Checked Close HijackThis Post a fresh HijackThis log and the vundofix.txt file here __________________ Linkmaster If I can't find it, it doesn't exist !! UNITE Member