|
||||||
[Crossposted to Security Virus newsgroup, as OP has repost there] There's a very strong possibility that you have a Vundo infection, which is usually accompanied by ZLOB and/or SDBot infections, |
Microsoft OS Forum to Usenet Gateway is a gateway to Microsoft Windows operating system newsgroups. If you use Windows XP, Windows Vista or any other Microsoft Operating System then this is the community for you.
You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact us.
Once you register you'll stop seeing this message.
You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact us.
Once you register you'll stop seeing this message.
 |
|
|
Thread Tools | Display Modes |
10-10-2008, 11:58 AM
|
#1 | ||
|
Guest
Posts: n/a
|
[Crossposted to Security Virus newsgroup, as OP has repost there]
There's a very strong possibility that you have a Vundo infection, which is usually accompanied by ZLOB and/or SDBot infections, all of which are protected by a rootkit. Run a thorough check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_R...:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/...moving_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjuction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://spywarehammer.com/simplemachi...php?board=10.0, http://forums.spybot.info/forumdisplay.php?f=22, http://aumha.net/viewforum.php?f=30, or another appropriate forum for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. ========================================== Start a free Windows Update support incident request: https://support.microsoft.com/oas/de...spx?gprid=6527 Support for Windows Update: http://support.microsoft.com/gp/wusupport For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and in Canada or by contacting your local Microsoft subsidiary. There is no-charge for support calls that are associated with security updates. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Jim Bunton wrote: > Tried: > Run services.msc > Check Background Intelligent Transfer Service running - OK > Check Event Log running - ok > Check Automatic Updates NOT running > > Automatic Updates is disabled and it's start button is greyed out > Setting the combo to Automatic (or manual) it reverts to disabled > > ----------- > RECENT EVENTS > IeExplorer Home page began to default to MyWebHunt > When reset to normal home page on reboot reverted to MyWebHunt > --------------- > Googled mywebhunt > -------- > found: > http://www.threatexpert.com/report.a...0-24b662a299ea > The following Registry Value was modified:. [HKEY_CURRENT_USER\Software\ > Microsoft\Internet Explorer\Main]. Start Page = "http://www.mywebhunt.com" > ... > > reports the folowing registry modifications > a.. The following Registry Key was created: > a.. HKEY_LOCAL_MACHINE\SOFTWARE\GodLib > a.. The newly created Registry Values are: > a.. [HKEY_LOCAL_MACHINE\SOFTWARE\GodLib] > a.. FR = "1" > b.. BootDays = "23" > b.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] > a.. NotifyDownloadComplete = "yes" > c.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] > a.. [filename of the sample #1 without extension] = > "%Windir%\[filename of the sample #1]" > > so that [filename of the sample #1] runs every time Windows starts > > a.. The following Registry Value was modified: > a.. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] > a.. Start Page = http://www.mywebhunt.com > --------- > I HAVE DELETED > HKEY_LOCAL_MACHINE\SOFTWARE\GodLib > HKEY_LOCAL_MACHINE\SOFTWARE\GodLib] > a.. FR = "1" > b.. BootDays = "23" > in the entry > [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] > a.. [filename of the sample #1 without extension] = "%Windir%\[filename > of > the sample #1]" > I found a program named molocha.exe > AND a copy of it > in C:\Windows & Documents and Settings .. . \Temp > CREATED DATE today !! > > Deleted the registry entry > "[filename of the sample #1 without extension] = > "%Windir%\[filename of the sample #1]" " for this file > > AND, after reboot, renamed the C:\windows instance to Xmolocha.exe > AND deleted it from Documents and Settings\ . . \Temp > > ---------- > This has stopped the hijack of the web browser to MyWebHunt > BUT Internet explorer is occassionally opening new instances with > seemingly > random websites. > --- HELP! --- |
||
    
|
|
| Tags |
| run, update |
«
Previous Thread
|
Next Thread
»
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Microsoft warns users of coming update to Windows Update - InfoWorld | NewsBot | Microsoft News | 0 | 07-08-2008 06:24 AM |
| Update: Windows Update gets update - iTWire | NewsBot | Microsoft News | 0 | 07-06-2008 11:25 AM |
| Update: Windows Update gets update - iTWire | NewsBot | Microsoft News | 0 | 07-05-2008 06:52 PM |
| Extraction failed "update\update.exe is not a valid win32 applicat | Kelly | Windows Update | 1 | 06-18-2008 12:07 PM |
| Unable to install update for Windows update - Vista Ultimate Editi | Richard Wells | Windows Update | 4 | 09-15-2007 12:14 PM |
This is a Schwarz Network site.