You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/
Thank you for your understanding.
Nt_kernel Error 1256
To all,
Earlier this week, I started receiving an error message on my machine when I log-on.
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED.
I've seen posts on here before about how to fix it but i'm struggling.
Along with this error message, I too have two icons on my desktop 'Help and Support' and 'Windows Update'
Both of these are links to websites, and I cannot delete these.
I have run Hijack this in the past few days, and removed all things that looked dodgy.
I have run Ccleaner this morning, but now it seems that I cannot now run Hijack This to post my log!
The best I can do is a screenshot of the software before I have to close it due to an error... (attached)
Please help - How do I get rid of this message. I'm very worried that the machine will collapse completely, it's not even mine!!
Many thanks,
Rachael
Comments
-
Hello,
You may have a Virtumonde infection. Please send
E:\Windows\system32\xakftqht.dll
E:\Program Files\blipnet\wrapper.exe (this last one may be clean).
Also download BDAspy from http://www.tehnica.org/BDAspySetup.exe and create a BDAspy SysLog Info, zip it and send it to us.
Please use the password "infected" for the archives. All files should be archived as zips with this password.
Please ask if there is something unclear.
Regards,
Andrei0 -
Hello Andrei,
I have run the piece of software you suggested, and have attached the log file.
I still have two more problems...
I still cannot delete those icons from the desktop, and i've also found like a billion
pos1A00.tmp
pos1A0A.tmp etc
files in my 'My Documents' folder. I'm currently googling these to see how I can get rid of them!
Hope the attached helps,
Thanks for your assistance,
RachaelHello,
You may have a Virtumonde infection. Please send
E:\Windows\system32\xakftqht.dll
E:\Program Files\blipnet\wrapper.exe (this last one may be clean).
Also download BDAspy from http://www.tehnica.org/BDAspySetup.exe and create a BDAspy SysLog Info, zip it and send it to us.
Please use the password "infected" for the archives. All files should be archived as zips with this password.
Please ask if there is something unclear.
Regards,
Andrei/applications/core/interface/file/attachment.php?id=1403" data-fileid="1403" rel="">bd_sys_log.xml
0 -
Please send those two files!!
Please create an archive with them with the password: infected0 -
Which two files, sorry i'm a bit confused,
I'm currently re-starting the system on the PC.
It's actually a separate PC from this one, but is still on the network.
Do you mean the pos... files? there's loads of them!
Every time I try and open My Documents, Explorer seems to crash, and i'm back to where I started...
Arrgh!Please send those two files!!
Please create an archive with them with the password: infected0 -
I said in my first post:
You may have a Virtumonde infection. Please send
E:\Windows\system32\xakftqht.dll
E:\Program Files\blipnet\wrapper.exe (this last one may be clean).
I mean:
E:\Windows\system32\xakftqht.dll
and
E:\Program Files\blipnet\wrapper.exe0 -
I can't find that dll file anymore, a colleauge here has told me to delete it using Hijackthis since my first post.
I also know that the wrapper.exe is a safe file. It's part of a piece of software that runs Bluetooth applications...
I'm sorry to be such a pain - do you have any other suggestions?
I just don't know what to do anymore - everything i'm trying, and all the software i'm downloading just isn't fixing the problem!!
Thanks again for your help and your time,
RachaelI said in my first post:
I mean:
E:\Windows\system32\xakftqht.dll
and
E:\Program Files\blipnet\wrapper.exe0 -
Ok. I'll take a look on the log and will give you an answer after that.
0 -
Please send:
E:\Windows\system32\alokbkll.dll
E:\Windows\system32\wvuvs.dll
Zip, password infected !0 -
Files attached,
I think I have been able to set a password, although I'm not too sure that winrar did it properly!?
Thanks,Please send:
E:\Windows\system32\alokbkll.dll
E:\Windows\system32\wvuvs.dll
Zip, password infected !/applications/core/interface/file/attachment.php?id=1404" data-fileid="1404" rel="">Infected.zip
0 -
Files attached,
I think I have been able to set a password, although I'm not too sure that winrar did it properly!?
Thanks,
I've sent the removal to you, please check your private messages.
Download it, save it to a folder.
Run the removal, restart the computer. Run it again, restart the computer. Run it again and it should say it is clean.
If you have any problems with it (or you still can't delete some files) please send me the removal.log file (generated by removal tool) and another BDAspy Syslog Info.
If you can't download it from there try this: http://www.tehnica.org/removals/Anti-Troja....DXL-EN.exe.zip
One of the files were already detected by us, for the other one we've added detection. It should be available soon.0 -
So Far So good!
I've run the application twice, and have been able to perminantely delete the icons on the desktop!
I'm just rebooting now, but will check the pos_ .txt files and get back to you!
Many thanks for your help,
RachaelI've sent the removal to you, please check your private messages.
Download it, save it to a folder.
Run the removal, restart the computer. Run it again, restart the computer. Run it again and it should say it is clean.
If you have any problems with it (or you still can't delete some files) please send me the removal.log file (generated by removal tool) and another BDAspy Syslog Info.
If you can't download it from there try this: http://www.tehnica.org/removals/Anti-Troja....DXL-EN.exe.zip
One of the files were already detected by us, for the other one we've added detection. It should be available soon.0 -
Andrei, you have been fantastic today!
This computer holds vital software and I use it on a daily basis.
I would have been in serious trouble had it crashed or died, as we had a machine that we used to perform the same operations, and the hard-drive completely went on that about 2 years ago - hence the new PC!!
Many many many thanks for your help.
An absolutely perfect fix!
I have now been able to START my machine (without any kernel error messages)
I have deleted the icons on the desktop (and they have not returned)
I have deleted over 16,000 tmp files from both My Documents and C:\ (they have not returned)
Thank you again for your time and effort today!
Kind regards,
Rachael
(who is happy because her PC works again!)
" />" />" />0 -
Hello too.
Im also having trouble with this type of infection.
I have read a couple of subject about it but im a bit confuse on how to solve this problem.
I also have the same symptoms of temporary file or error message popping up what must i do?
I have run VundoFix 6.7.7 and the result was
C:windows/system32
pmeohkyz.dll
pmeohkyz.dllbox
Thanks for the help0 -
Here the file i optain with Hijackthis im sorry if it contains lots of crap because this is a very old computer about 10 years.
Formating should be a good idea in the future.
Well il still post it and hope that you can help me out like you did with Rachael.
Thanks again
Logfile of HijackThis v1.99.1
Scan saved at 17:23:53, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [boLVqFO] C:\WINDOWS\wbishsx.exe
O4 - HKLM\..\Run: [Xqrsqde] C:\Program Files\Tayrpjd\Hjndgon.exe
O4 - HKLM\..\Run: [starSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvxew.dll,startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [543353ce] rundll32.exe "C:\WINDOWS\system32\ultaiucj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29a273a01de11a...RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104869528493
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?312
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28177.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E35E779-1E49-4516-80BE-9B0EA168E80A}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmsjksjk.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe0 -
Rachael
Please unsubscribe from this thread if no longer interests you.
Fenbren
Please create a new topic next time instead posting in anothers one thread. Next time I will not allow it. Thanks.
Please do a BitDefender scan (from safe mode if possible), remove the detected and unwanted programs. Send me the log from this scan.
Do a BDAspy SysLog Info and send it to us.
Send us the following files:
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\wbishsx.exe
C:\Program Files\Tayrpjd\Hjndgon.exe
C:\WINDOWS\system32\ultaiucj.dll
C:\WINDOWS\system32\drvxew.dll
The files must be zipped, password infected.
Regards,
Andrei0 -
Alright sorry for the delay of this response because it tooks the scan like 5 hours.
Here are the files i could add to the zip archive altough im not sure the password was set correcly.
I notice of the files u wanted me to send to you were put in quarantine after the bitdefender scan.
I was wondering should i delete all the files into the quarantine?Or should i still send them to you if so please tell me.
There some other file into the windows folder that i wasnt able to zip.
And some files i couldnt find at all.
Here for the moment the result of the scan and the zipped files il follow u the result of the Syslog.
Thanks for your time and concern/applications/core/interface/file/attachment.php?id=1413" data-fileid="1413" rel="">Bitdefscan1.txt
/applications/core/interface/file/attachment.php?id=1414" data-fileid="1414" rel="">Infected.zip
0 -
Hello for some weird reason the SysLog Info cannot be done.
I have download the software your were saying but when I start the Syslog it seems it wont do anything.
I tested on my 2nd computer and i clearly saw the program running and producing the .xml file.
Im doubting its the infested computer seems i had alot of trouble to download files from the internet and so on...
Is there a way i can produce the report you need with another application?
Btw the rest of the software seems to work cause i had the anti-spyware run.
I also tried in safe mode and it didnt work same for the previous Bitdefender scan couldnt work in safe mode.
Im looking forward to your answer,
Thanks for the help0 -
Hello,
The archive was ok (with password too). Please follow this stepts:
1. Zip the file (if exists) C:\WINDOWS\system32\mmmsjksjk.dll with password infected (you'll send it to us to check it)
2. Get http://www.tehnica.org/removals/Anti-Trojan.Vundo.DXB-EN.zip , save it to a folder.
3. Disable virus shield.
4. Run the tool. (should say infected)
5. Restart windows.
6. Re-run the tool. (should say infected)
7. Restart windows.
8. Re-run the tool (should say it's clean)
9. Send us the log the tool creates (it's created in the folder from which you run the removal tool)
Send the zip file from step 1
Say if there were any problems with the tool.
Try again to do a BDAspy SysLog Info and if you can create the log send it to us. If you have problems with this and still can't create the log send us another HijackThis list.
10. Delete files all files in C:\Documents and Settings\Diane\Local Settings\Temp\
I suggest delete quarantine files if you don't think you'll need them.
11. Do another BitDefender Scan (but first disable virus shield from other antivirus if you have another AntiVirus running!)
If you have any questions about the above steps ask first, execute later.
Regards,
Andrei0 -
Hello again Andrei,
Alright i have followed the steps you told me to.
Ive zip the file your asked its the one called infected.
Ive run the tool three times likes you said. The weird thing is after the third time it still says infected but it might be something more because the kernel error didn't reappear after the 2nd restart.
I was able to successfully delete the temp files and the icons on the desktop.
I am sending you all log from the Trojan remover.
Ive deleted the quarantine files and the files in temp.
Through the day i will run a bit defender scan again.
Seems like everything going pretty smooth here i know there might be some others infection but you've cleared my main problem
for that I am thanks full to you.
Thank you for your time and help. I thanks god there still some honest and helpful people out there.
Thanks Andrey.
Kindly yours,
Félix/applications/core/interface/file/attachment.php?id=1419" data-fileid="1419" rel="">Infected.zip
/applications/core/interface/file/attachment.php?id=1420" data-fileid="1420" rel="">hijackthis2.zip
0 -
Hi,
Please follow this stepts:
1. Stop the BitDefedener Scan for now.
2. Get http://www.tehnica.org/removals/Anti-Troja....Small.A-EN.zip , save it to a folder.
3. Disable virus shield.
4. Run the tool. (should say infected)
5. Restart windows.
6. Re-run the tool. (should say infected)
7. Restart windows.
8. Re-run the tool (should say it's clean)
If it doesn't say it's clean please try to run BDAspy and create a Syslog Info and send it to us. It's pretty important in this case to obtain more info.
9. Send the log the removal tool creates and log Syslog from the step 8 if possible..
Have a nice day.0 -
Yay!! System clean.
I will now run the scan.
It worked you've done an awesome job man i am amazed!
I can never thank you enough your the best!
Thanks a thousand time Andrei and have a good weekend.0 -
Hello its me again and i have some bad news.
Some trouble have been reappearing i don't thinks its due to the old problems because the icons have not reappear on the desktop and the temporary files are not there either.
Symptoms:
When i get the computer running i have two icons on the bottom right tool bar saying warning and stuff that the comp is infested. Only problems when i click those icons it pop up a site where i can buy an anti virus so thats why i think its a fake and its not Microsoft like it pretends to be. Furthermore i keep getting alert telling me thats its infected its annoying has ######.
Lastly him not sure if it has to do with this new problems but seems like symantec popping up many windows sayings its analyzing some emails him sending. Only problems i ain't sending e-mail and those e-mail I pretend to send are fakes.
I'm not sure if i should post in a new thread if yes the I will recopies this.
I suspected the files pmeohkyz.dll because when i was running the antispyware scan i was getting this file but the BDscan said it couldn't move it nor repair nor delete.
So him asking your help again i couldn't run the Syslog so I've done an hijackthis.
I away your further instruction on what you'll need if you can help me solve this problem.
Thanks for your time0 -
Hello its me again and i have some bad news.
Some trouble have been reappearing i don't thinks its due to the old problems because the icons have not reappear on the desktop and the temporary files are not there either.
Symptoms:
When i get the computer running i have two icons on the bottom right tool bar saying warning and stuff that the comp is infested. Only problems when i click those icons it pop up a site where i can buy an anti virus so thats why i think its a fake and its not Microsoft like it pretends to be. Furthermore i keep getting alert telling me thats its infected its annoying has ######.
Lastly him not sure if it has to do with this new problems but seems like symantec popping up many windows sayings its analyzing some emails him sending. Only problems i ain't sending e-mail and those e-mail I pretend to send are fakes.
I'm not sure if i should post in a new thread if yes the I will recopies this.
I suspected the files pmeohkyz.dll because when i was running the antispyware scan i was getting this file but the BDscan said it couldn't move it nor repair nor delete.
So him asking your help again i couldn't run the Syslog so I've done an hijackthis.
I away your further instruction on what you'll need if you can help me solve this problem.
Thanks for your time
Hello,
Please send in a ZIP, with password "infected" the following files:
C:\WINDOWS\system32\drvhod.dll
C:\WINDOWS\system32\iblwmktd.dll
C:\WINDOWS\system32\pmeohkyz.dll
Some may not exist (please specify which).
Have a great day,
Andrei0 -
Hello its me,
For some weird reason i couldnt find the pmeohkyz.dll for some strange reason.
This is the file i had some doubt on so i included in a screenshot of the scan in the zip archive that tells me the file cannot be disinfected nor deleted.
As for the two other files i am sending them hope the password worked.
Thanks/applications/core/interface/file/attachment.php?id=1448" data-fileid="1448" rel="">Infected.zip
0 -
Hello,
Those two files were detected by us.
Please follow this steps:
1. Go to step 2.
2. Get http://www.tehnica.org/removals/Anti-Trojan.Vundo.DYL-EN.zip , save it to a folder.
3. Disable virus shield.
4. Run the tool. (should say infected)
5. Restart windows.
6. Re-run the tool. (should say infected)
7. Restart windows.
8. Re-run the tool (should say it's clean)
If it doesn't say it's clean please try to run BDAspy and create a Syslog Info and send it to us. Another HijackList if Syslog is not possible.
9. Send the log the removal tool creates and log Syslog from the step 8 if possible..
Have a nice week,
Andrei0 -
I think the infection is gone I don't seem to get some fakes pop up messages.
I will rescan and warn you if the infection ever comes back.
Again thanks for all the helpful and cheerful comment.
Helping me through this I am very grateful.
Thanks again!0
