Tech Support Forum banner
Status
Not open for further replies.

Hakavuhop Virus Help

726 views 1 reply 2 participants last post by  Glaswegian 
#1 · (Edited by Moderator)
Ok. So, I have a virus on my computer. The only file that I can find related to the virus is hakavuhop.dll and it is located in the System32 directory. It is also in the startup in msconfig. I have tried stopping it from starting but it always resets my changes. I have also deleted the reg key and the actual file and it keeps coming back which leads to my believing that there are probably a few other files related to it on my computer and it is set up as a decoy. If anyone else has had this please could you help me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:36 PM, on 11/27/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\msconfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\alix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [iCall Internet Phone] "C:\Program Files\iCall\iCall.exe" /startup
O4 - HKLM\..\Run: [hakavuhop] Rundll32.exe "c:\windows\system32\gijabawu.dll",a
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlarmWiz] C:\Program Files\AlarmWiz\alarmwiz.exe startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3418695299-734488202-1628526013-1000\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [aveype] RUNDLL32.EXE C:\Windows\TEMP\mslcpezt.dll,w (User '?')
O4 - HKUS\.DEFAULT\..\Run: [aveype] RUNDLL32.EXE C:\Windows\TEMP\mslcpezt.dll,w (User 'Default user')
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\rdolib.dll,tohapuva.dll
O21 - SSODL: nabarefug - {eed354b7-f75b-4f2c-9dec-625f4d813d12} - c:\windows\system32\gijabawu.dll (file missing)
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {eed354b7-f75b-4f2c-9dec-625f4d813d12} - c:\windows\system32\gijabawu.dll (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4345 bytes
 
See less See more
#2 ·
Hi and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance.

http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top