Scared

my computer has been acting weird, apparently it got some viruses (that I am clueless to their origins) and the boot time scan doesnt work, i’m not super computer savvy, and i’m just terrified i’m gonna loose all my music I paid for, my demos, and all my artwork…

the stuff found included:
lupeyute.dll

I had weird pop up ads and everything, currently i’m too scared to connect the computer to the internet (it is wireless only)

anyone out there know anything about this crap…please help

-Andi

windows XP home… if that helps

That lupeyute.dll looks like a variant of Vundo a Trojan, please go here http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1 and download the latest Malwarebytes Antimalware and SUPERAntispyware, http://www.superantispyware.com/ both are very effective and free and run a scan with each that should get rid of that one and any others on your PC.

:slight_smile: Hi :

Best to start by you telling us the names of ALL the security programs on your
computer .

And it might be helpful IF you told us which SPECIFIC “Service Pack” of your
Win XP, which comes in “SP1”, “SP2”, and “SP3” !?

SP3, avast. I cant connect the machine to the internet, so … can i download something and install it using a flashdrive or something? i’m using my netbook to type on here…

Yes, you can those programs are very tiny . http://www.threatexpert.com/report.aspx?md5=cf1a71050451d1f19a17023093500d78 if for more info on this please go here and scroll down that webpage and look down at number 24 on files that this creates you will see it listed the lupeyute.dll try those two programs if still in trouble await further help from others here better versed in this threat removal good luck and good nite

thanks everyone… if the scan doesnt move off a file for like…20 minutes then the number jumps waaay higher, should I worry

Are you saying the scan freezes on one file and then unfreezes much later and it acts like it scanned tons of files while it was frozen? Also, does your computer totally freeze up?

@ brandonn2008 leave malware fighting to oldman and other avast! Evangelists

@ addirockart its a good idea to back up all your music I paid for, my demos, and all my artwork… to external media like CDs or USB Flash sticks.

all that stuff is on a terabyte external harddrive, but idk the possibility of something getting on it (ie a virus) … windows and everything is on the internal hard disk C… and the computer itself isnt frozen, my mouse moves, start menu opens, etc… avast just sits on file like 151089, for twenty minutes then all of a sudden jumps to 152420…

andi

i also cant seem to get clear information on what the variations of GBL*.tmp are… uh cuz avast detects all the following as Error 42146 [Installer archive is corrupted]
File C:\Documents and Settings\Owner\Local Settings\Temp\

GBL1B.tmp\Wise0003.bin
GBL62.tmp\Wise0003.bin
GBL71.tmp\Wise0003.bin
GLBB.tmp\Wise0003.bin
GLBE.tmp\Wise0003.bin

should I just delete these files since they are in temp? It says one this page these things are installers or something http://www.prevx.com/filenames/3436096138541780490-X1/GLB1B.TMP.html

but I dont know if thats good or bad…

andi

avast found Win32:Jifas-CJ [trj] … I told it to move all to chest, Its hard to find anything on this trojan on the net tho, any idea how to prevent getting it again, where it came from, etc

I dont wanna seem like a looser or stupid, etc I am just trying to get as much info up here as I can… new development!!! (on Jifas) … for some reason my net book doesnt make the squiggly brackets, only the “[” so the brackets below are incorrect but the info is correct

File C:\System Volume Information\restore[593F298F-B7D6-4A3D-A260-6D7E68E3F587]\RP192
A0073149.dll
A0073150.dll
A0073151.dll
A0074235.dll

is infected by win32:Jifas-CJ

file c:\WINDOWS\system32\henjonozu.dll.tmp is infected by win32:jifas-CJ [trj]… file is in windows folder, are you sure you want to move?

Definitely quarantine c:\WINDOWS\system32\henjonozu.dll.tmp, this file name returns zero Google hits, which makes it very suspicious.
No other action need be taken in respect of the “unable to scan” entries, nor those relating to “system volume information” at this time. (Just don’t use system restore. Later someone will show you how to remove your restore points, taking any malware with it.)

Please scan with MBAM , a quick scan, and following that a report will be generated. Place a tick beside everything found, and select “remove selected.” If pormpted to reboot to complete removal, do so promptly.
Please post the scan report.

Clean out Windows Temp Folders with CCleaner:
http://www.ccleaner.com/download/builds <== Slim - No Toolbar

Clean out System Restore points:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

raborivo.dll
resevine.dll
sodewozi.dll
trz19.tmp
jizejuwe.dll.tmp
lupuwufe.dll

all moved to chest from windows folder… what the frick… seems like every time I think this infection is gone, and I log into my user, BOOM. new infection detected: boot time scan… then its done… then the process repeats… BUT the computer’s wireless is disabled. so… where are all the files coming from? just hiding? (Its a desktop, on a separate floor of the building from the router so I cant run a cable to it to user internet in safemode… the computer and external Hard drives would have to be moved…)

this is ridiculous… (so much for merry Christmas for my family)

PS does anybody know what the heck Win32:jifas-CJ is? I know its detected as a trojan, but I cant find any specs on it, like where you normally pick it up (Kazaa, adult sites, etc.) …Since I dont use any P2P or visit sites like those that tend to be hot targets (no facebook) I’m not sure how I got all this crap. I was wondering if emailing myself information home from school could have caused it…etc…

I’ll say it again: use MBAM.

Will the free version do everything I need done now, (if it does work I will def pay for it next pay check)… I hate all these online scans that run, then say oh you’re infected, pay us and we can fix it… reminds me of Macafee…

No to the above. It’s an application you install, not an online scan.
The free version will detect and remove a lot of the current malware, it is the first line tool of choice against trojans etc.
The pay-for version also provides resident protection.
For now, just use the free one.

More details: Important.
Given the nature of the infection you have, it would be advisable to rename both the installer and the main exe after installation. When you go to download it (using a clean computer), save the file to a (clean) flash drive, and save it as addirockart.exe. (Doesn’t have to be that name. It has to be something a bit random, that doesn’t mimic another file name on your computer. That name will do fine.)
Transfer the renamed file to the desktop of the sick computer. Doubleclick it to run, and MBAM wil be installed.
Once it is installed, go to the folder C:\Program Files\Malwarebytes’ Anti-Malware and rename MBAM.exe to addirockart.exe Double-click it from within that folder to run the application. Have it run a quick scan, and, as suggested earlier, have it remove anything found, and post the scan report.

so far, so good. sick compy is in safemode, running a quick scan with addirockart.exe… I really appreciate the help, christmas eve was my parents anniversary, and I am praying, today, christmas, we can share all the special photos and all from this year with out christmas guests we only see once, maybe twice a year. please stay on if you can, you are far more helpful that microsoft!

Cool. I’ll be here a while. At least long enough to read the scan report.