how cn i put my log it says that i cn only put 1000 characters in here
Either split the log over two posts or use the ‘Additional Options’ menu to attach a text file.
ok ty i’ll do that
hi there i need help for Win32:Adware-gen [Adw]
the avast warning tells that the file name is C:\WINDOWS\system32\wvUmNGYo.dll
VPS version: 080713-0, 07/13/2008
hope you guys can help thank you.
Have you tried a boot time scan with avast!? Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.
Try the usual free adware/spyware scanners.
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
Malwarebytes’ Anti-Malware
Download, install and update the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.
Run a scan with VundoFix:
Then please post a fresh HijackThis! log
It looks like you still have Symantec on your computer: run the appropriate removal tool here:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
hi attached is my new highjackthis log
i also installed Spybot Search & Destroy i got infected files and succesfully cured it.
i restarted my pc went to safe mode, download, install and update the programs. Disconnect from the internet (pull the plug) and run scan avast.
avast got 24 files infected. tried to put all the files into the chest. i am getting error that tells me it cannot be proccess. i tried to dleet the files but no sucess
i scan my pc with VundoFix i got no infected file. why is it like that?
and now i’m attaching my new log.
thank you.
remember that frewheeling said to quarantene and not delete
He meant with Spybot also 
I’d suggest that you post your new HJT, Avast and spybot logs in the Virus and Worms forum below
post a link to this thread and state that you already ran a safe mode avast scan
since you have already run spybot you could try a safe mode spybot scan
but do not delete anything
since these are .gen hits- maybe heuristics- you might want to submit them to “Virus total”
good luck
C:\WINDOWS\system32\xshret.dll
C:\WINDOWS\SYSTEM32\wvUmNGYo.dll
Please disable ‘Hide protected operating system files’ and enable ‘View Hidden Files and Folders’, and upload the above files to VirusTotal for analysis. Post the results here.
You can try removal with HijackThis! but the files might be protected, so no guarantee of sucess.
Run HihackThis! again, tick the following entries, close all other windows including this one and click ‘fix’. Reboot into Safe Mode and delete the files.
O2 - BHO: {87ffc867-a594-b879-05a4-09ded7b54575} - {57545b7d-ed90-4a50-978b-495a768cff78} - C:\WINDOWS\system32\xshret.dll
Unknown
O20 - Winlogon Notify: wvUmNGYo - C:\WINDOWS\SYSTEM32\wvUmNGYo.dll
Post a fresh HijackThis! log. If those entries are still there, we’ll have to try something else.
hi tried to upload the files C:\WINDOWS\system32\xshret.dll
C:\WINDOWS\SYSTEM32\wvUmNGYo.dll after i disable ‘Hide protected operating system files’ and enable ‘View Hidden Files and Folders’, but the files wasn’t there. somehow i think spybots gets rid of them.
i run highjack this time and i didnt find
O2 - BHO: {87ffc867-a594-b879-05a4-09ded7b54575} - {57545b7d-ed90-4a50-978b-495a768cff78} - C:\WINDOWS\system32\xshret.dll Unknown. I think its been deleted.
what i found is O20 - Winlogon Notify: wvUmNGYo - C:\WINDOWS\SYSTEM32\wvUmNGYo.dll so i tick the box and click ‘fix’.
and attached is my new highjack log. And i cn see that O20 - Winlogon Notify: wvUmNGYo - C:\WINDOWS\SYSTEM32\wvUmNGYo.dll is gone.
my only concern is the O2 - BHO: (no name) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - C:\WINDOWS\system32\wvUmNGYo.dll
do u think i also need to delete this? because it has the C:\WINDOWS\system32\wvUmNGYo.dll file too. what do you think?
and can i Restore the Defaults of my Folder Option now?
thank you.
hi sorry for i the attached the old highjacklog.
hi sorry for i the attached the old highjacklog.
hi sorry for i the attached the old highjacklog.
attached is my new highjackthis log.
thank you
hmm… for some reason there’s something wrong with my attachment.
pls. use this attached highjackthis log.
thank you very much.
These entries now say ‘file missing’, which means something has deleted the original file, so they should be inactive.
O2 - BHO: (no name) - {60CCD9A9-A035-41C6-B063-6211318D2596} - C:\WINDOWS\system32\ssqRJCRh.dll (file missing)
O2 - BHO: (no name) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - C:\WINDOWS\system32\wvUmNGYo.dll (file missing)
You can fix these entries with HijackThis!, but you’ll need to temporarily disable Spybot Teatimer first this time:
http://www.malwarehelp.org/how-to-enabledisable-spybot-teatimer.html
and can i Restore the Defaults of my Folder Option now?
Yes.
When you have finished, scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.
You Sun Java application need updating for one.
Great outcome
I learned something just by watching
first we will take a peek at HJT sometimes in this forum
second turn off t-timer when doing a fix (duh) It just never thought of it
I’ve found out that AVAST does not use heuristics but I consider the general .gen hits in sorta the same -need further investigation- catagory
thanks for the lesson
freewheeling
I’d drop ad-aware from the recommended list as a first time scanner although I use it for a third level opinion sometimes as it finds some fragments others miss
The new spybot 1.6 scanner seems to be productive
hi freewheeling,
what do u mean by ‘You can fix these entries with HijackThis’, should i open the HJT and tick these files again and hit fix?
Yes, that is what is meant by Fix.
hi freewheeling,
thank you very much for all the help and all of the guys.
You’re welcome, I trust that everything is well now.