Adware.Virtumonde - Winfixer 2006 - jkkji.dll

Smoky_McPot · 07-28-2006, 11:06 PM

This is not a request for help. Ive just removed Adware.Virtumonde / Winfixer 06 from my system. Ive been browsing through help forums for hours trying to get the right information. Since there are so many forms of this malware I thought I would post the steps I took to remove this infection.

***I am not part of the Tech Support Team *** All the steps listed here were only tried after lengthy investigation and checking *** Do the following at your own risk ***

1st of all I discovered the infection by using Ewido Antispyware. It found the infected file jkkji.dll, but could not remove it.

Using Ewido, Prevx1 and Windows Defender Beta 2, the weeded out most of the infection. However the jkkji.dll file proved hard to remove, because it was loaded very early in the boot process.

HijackThis did not display the jkkji.dll entries until it was RENAMED to something other than "hijackthis.exe". "Anaylse.exe" worked for me. It would only remove the entries but they were put back again on restart.

Finally I got KillBox onto the problem. I used it to delete the file, closing processes neccessary to do so. This in itself did not fix the problem - however when explorer.exe restarted (starting your start bar etc) it allowed Prevx1 to catch the dll as it was loading and stop it. One restart later and I *finally* have no infections.

I post this up in the hope that other frustrated users find some answers, lots of removal instructions for this were out of date. Hopefully this is of benefit to someone. Also I would recommend following all of the instructions in the thread "Before Posting you HijackThis Log". This fix may not work for ALL instances of this infection, especially if jkkji.dll is not the ONLY problem file. In my case I was able to stop it from downloading other trojan antispy programs.

-Smoky

dorts · 07-29-2006, 12:14 AM

Hi,

Great work removing them.

Actually, there is an tutorial on it here.

Smoky_McPot · 07-29-2006, 03:00 AM

I did see that one, before i had renamed the HijackThis exe file. I was not sure about using the Vundo fix just because I had seen many older links to it. Im just glad its gone LOL. I am glad I found KillBox tho, It is going to stay in the software toolbox for a long time I imagine.

07-28-2006, 11:06 PM	#1 (permalink)
Smoky_McPot Registered User Join Date: Jul 2005 Posts: 2 OS: WinXP Pro	Adware.Virtumonde - Winfixer 2006 - jkkji.dll This is not a request for help. Ive just removed Adware.Virtumonde / Winfixer 06 from my system. Ive been browsing through help forums for hours trying to get the right information. Since there are so many forms of this malware I thought I would post the steps I took to remove this infection. *I am not part of the Tech Support Team * All the steps listed here were only tried after lengthy investigation and checking * Do the following at your own risk * 1st of all I discovered the infection by using Ewido Antispyware. It found the infected file jkkji.dll, but could not remove it. Using Ewido, Prevx1 and Windows Defender Beta 2, the weeded out most of the infection. However the jkkji.dll file proved hard to remove, because it was loaded very early in the boot process. HijackThis did not display the jkkji.dll entries until it was RENAMED to something other than "hijackthis.exe". "Anaylse.exe" worked for me. It would only remove the entries but they were put back again on restart. Finally I got KillBox onto the problem. I used it to delete the file, closing processes neccessary to do so. This in itself did not fix the problem - however when explorer.exe restarted (starting your start bar etc) it allowed Prevx1 to catch the dll as it was loading and stop it. One restart later and I finally have no infections. I post this up in the hope that other frustrated users find some answers, lots of removal instructions for this were out of date. Hopefully this is of benefit to someone. Also I would recommend following all of the instructions in the thread "Before Posting you HijackThis Log". This fix may not work for ALL instances of this infection, especially if jkkji.dll is not the ONLY problem file. In my case I was able to stop it from downloading other trojan antispy programs. -Smoky

07-29-2006, 12:14 AM	#2 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hi, Great work removing them. Actually, there is an tutorial on it here. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

07-29-2006, 03:00 AM	#3 (permalink)
Smoky_McPot Registered User Join Date: Jul 2005 Posts: 2 OS: WinXP Pro	I did see that one, before i had renamed the HijackThis exe file. I was not sure about using the Vundo fix just because I had seen many older links to it. Im just glad its gone LOL. I am glad I found KillBox tho, It is going to stay in the software toolbox for a long time I imagine.