HELP!!! Win anti virus pro 2007 installed itself on my computer. i tried removing it but it keeps coming back. It causes pop ups to appear every time explorer is open. i read some removal instruction online, and it have two solution, one is to remove it manually (i.e change the registery) and the other is to install another program to remove it.
Anyone have any idea how to remove it? or can i install avast virus cleaner to remove it? Please help. Thanks
It’s a rogue antispyware. Remove it with RogueRemover 1.19.
http://www.malwarebytes.org/rogueremover.php
Does it work?
It will be good if you download, install, update and run AVG Antispyware . Some users recommend SUPERantispyware , Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
the rouge antispyware managed to remove win anti virus, but now i have pop up appearing, i guess it work to an extend. i am downloading avg antispyware, hope it work.
Hi Bubble :
You get the Best recommendations WHEN you provide the SPECIFIC Name
of your Operating System, which you have NOT done at this point
in time .
system
May 28, 2007, 12:22pm
7
What is the nature of the pop up? What does it say?
sorry i should be more specific. im running windows xp home edition. i ran the avg anti-spyware, and quarantine all the cookies that the program has suggested.
the pop up that im still getting are , antivirus softwares, and maniatv pop up. i hope this help.
Thanks
system
May 29, 2007, 11:34am
10
If those don’t work try this:
Download Smitfraudfix from Here or Here . Double-click smitfraudfix.exe, Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually).
Double-click smitfraudfix.exe, Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. A reboot may be needed to finish the cleaning process.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a “RiskTool”. It is not a virus, but a program used to stop system processes.
Post the Smitfraudfix log and a HijackThis log on your next response.
system
May 30, 2007, 4:56am
11
i ran the smitfraudfix program and it didnt detect any winnet.dll. the first time i restarted my computer, an ad for tv pop up. so i restarted. and so far i have not had any pop up. but then again this is the first page i opened. But i do notice that it took along time for my computer to load after i reboot.
if all of this worked, can i uninstall the programs that i have downloaded?
Thanks for all your help.
system
May 30, 2007, 5:27am
12
ok, so i started browsing the web, and out of no where an ad page kept on poping up and would not stop. so i have to ctrl+alt+del.
again i noticed that it took a really long time (5 min) to load all my system tray. i do not have much on my system tray, just msn msger, avast, avg, NVDIA, antispyware, HP digital imaging and my wireless connection.
do you know why this is?
Thanks
Hi bubble,
Post a hijackthis log, and we can have a look as to what you have engaged yourself with on your computer.
It smells of a vundo, but without a logfile to analyse we have not got much. Follow these instructions here, then post: http://www.geekstogo.com/forum/Must-Read-Before-Posting-Hijackthis-Log-t2852.html
polonus
i do not have much on my system tray, just msn msger, avast, avg, NVDIA, antispyware, HP digital imaging and my wireless connection.
Which AVG are you talking about? The antivirus or the antispyware?
Which ‘antispyware’ is the one you’ve listed?
system
May 31, 2007, 4:03am
15
Thanks for the help. the avg i used is avg-antispyware 7.5. I hope this help.
system
May 31, 2007, 5:43pm
16
It sure does …
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from “Click the
Scan for Vundo button.” when VundoFix appears at reboot.
A log will be produced which you can post in your next response in addiiton to a fresh HJT log.
The logs may be long - feel free to use multiple posts if needed in order to fit everything.
system
June 1, 2007, 2:33am
17
Hi thanks for the help. so far i think my comp ran a little faster after rebooting. Here are the log files
system
June 1, 2007, 2:56am
18
VundoFix V6.4.1
Checking Java version…
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 7:02:07 PM 5/31/2007
Listing files found while scanning…
C:\WINDOWS\system32\aieenibl.dll
C:\WINDOWS\system32\byxxxuu.dll
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\lbineeia.ini
C:\WINDOWS\system32\mljgf.dll
Beginning removal…
Attempting to delete C:\WINDOWS\system32\aieenibl.dll
C:\WINDOWS\system32\aieenibl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxxxuu.dll
C:\WINDOWS\system32\byxxxuu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbineeia.ini
C:\WINDOWS\system32\lbineeia.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version…
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 7:20:47 PM 5/31/2007
Listing files found while scanning…
No infected files were found.
system
June 1, 2007, 2:57am
19
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:30:01 PM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\PROGRA~1\B’SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Rouge remover\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\system32\ljjjghg.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\jkmofbkn.dll
O2 - BHO: (no name) - {F0BAAC6C-49E2-4D33-9A74-F26A3E6D5E94} - C:\WINDOWS\system32\mljgf.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM..\Run: [CpRmtKey] “C:\Program Files\Toshiba Controls\CpRmtKey.EXE”
O4 - HKLM..\Run: [B’sCLiP] C:\PROGRA~1\B’SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [RoxioEngineUtility] “C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe”
O4 - HKLM..\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe”
O4 - HKLM..\Run: [RoxioAudioCentral] “C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe”
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
system
June 1, 2007, 2:59am
20
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v16.582/qboax9.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.lasvegasice.com:83/plugin/h263ctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload (dot) ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: ljjjghg - ljjjghg.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
–
End of file - 9567 bytes