my computer has been acting weird, apparently it got some viruses (that I am clueless to their origins) and the boot time scan doesnt work, i’m not super computer savvy, and i’m just terrified i’m gonna loose all my music I paid for, my demos, and all my artwork…
the stuff found included:
lupeyute.dll
I had weird pop up ads and everything, currently i’m too scared to connect the computer to the internet (it is wireless only)
anyone out there know anything about this crap…please help
SP3, avast. I cant connect the machine to the internet, so … can i download something and install it using a flashdrive or something? i’m using my netbook to type on here…
Yes, you can those programs are very tiny . http://www.threatexpert.com/report.aspx?md5=cf1a71050451d1f19a17023093500d78 if for more info on this please go here and scroll down that webpage and look down at number 24 on files that this creates you will see it listed the lupeyute.dll try those two programs if still in trouble await further help from others here better versed in this threat removal good luck and good nite
Are you saying the scan freezes on one file and then unfreezes much later and it acts like it scanned tons of files while it was frozen? Also, does your computer totally freeze up?
all that stuff is on a terabyte external harddrive, but idk the possibility of something getting on it (ie a virus) … windows and everything is on the internal hard disk C… and the computer itself isnt frozen, my mouse moves, start menu opens, etc… avast just sits on file like 151089, for twenty minutes then all of a sudden jumps to 152420…
i also cant seem to get clear information on what the variations of GBL*.tmp are… uh cuz avast detects all the following as Error 42146 [Installer archive is corrupted]
File C:\Documents and Settings\Owner\Local Settings\Temp\
avast found Win32:Jifas-CJ [trj] … I told it to move all to chest, Its hard to find anything on this trojan on the net tho, any idea how to prevent getting it again, where it came from, etc
I dont wanna seem like a looser or stupid, etc I am just trying to get as much info up here as I can… new development!!! (on Jifas) … for some reason my net book doesnt make the squiggly brackets, only the “[” so the brackets below are incorrect but the info is correct
Definitely quarantine c:\WINDOWS\system32\henjonozu.dll.tmp, this file name returns zero Google hits, which makes it very suspicious.
No other action need be taken in respect of the “unable to scan” entries, nor those relating to “system volume information” at this time. (Just don’t use system restore. Later someone will show you how to remove your restore points, taking any malware with it.)
Please scan with MBAM , a quick scan, and following that a report will be generated. Place a tick beside everything found, and select “remove selected.” If pormpted to reboot to complete removal, do so promptly.
Please post the scan report.
all moved to chest from windows folder… what the frick… seems like every time I think this infection is gone, and I log into my user, BOOM. new infection detected: boot time scan… then its done… then the process repeats… BUT the computer’s wireless is disabled. so… where are all the files coming from? just hiding? (Its a desktop, on a separate floor of the building from the router so I cant run a cable to it to user internet in safemode… the computer and external Hard drives would have to be moved…)
this is ridiculous… (so much for merry Christmas for my family)
PS does anybody know what the heck Win32:jifas-CJ is? I know its detected as a trojan, but I cant find any specs on it, like where you normally pick it up (Kazaa, adult sites, etc.) …Since I dont use any P2P or visit sites like those that tend to be hot targets (no facebook) I’m not sure how I got all this crap. I was wondering if emailing myself information home from school could have caused it…etc…
Will the free version do everything I need done now, (if it does work I will def pay for it next pay check)… I hate all these online scans that run, then say oh you’re infected, pay us and we can fix it… reminds me of Macafee…
No to the above. It’s an application you install, not an online scan.
The free version will detect and remove a lot of the current malware, it is the first line tool of choice against trojans etc.
The pay-for version also provides resident protection.
For now, just use the free one.
More details: Important.
Given the nature of the infection you have, it would be advisable to rename both the installer and the main exe after installation. When you go to download it (using a clean computer), save the file to a (clean) flash drive, and save it as addirockart.exe. (Doesn’t have to be that name. It has to be something a bit random, that doesn’t mimic another file name on your computer. That name will do fine.)
Transfer the renamed file to the desktop of the sick computer. Doubleclick it to run, and MBAM wil be installed.
Once it is installed, go to the folder C:\Program Files\Malwarebytes’ Anti-Malware and rename MBAM.exe to addirockart.exe Double-click it from within that folder to run the application. Have it run a quick scan, and, as suggested earlier, have it remove anything found, and post the scan report.
so far, so good. sick compy is in safemode, running a quick scan with addirockart.exe… I really appreciate the help, christmas eve was my parents anniversary, and I am praying, today, christmas, we can share all the special photos and all from this year with out christmas guests we only see once, maybe twice a year. please stay on if you can, you are far more helpful that microsoft!