Please do not "Piggy Back" off of other people's posts, especially when they are as old as this one.

Make a new topic and someone will be able to help you.

Zamqish, Please don't reply to 2 year old topics that have already been solved. If you have a problem post a new thread with a meaningful title. Thanks. :)

Eh most of em are fake codecs and it usually turns out to be the zlob trojan. Nothing a scan with AVG cant handle. :)

I think the problem is that your antivirus programs are starting back up on the restart, so heres what to do. Go to Start>Run and type in "msconfig" without the quotes. Then go to the startup tab and...

Yes first delete and then redownload it. Then disconnect physically. And the easiest way to shut down your protect is to just exit them all from the taskbar by the clock. Usually if you right click...

It seem you still had coolwebsearch on your computer. Are you sure you followed these directions.

Run HJT and checkmark the following.

O2 - BHO: (no name) -...

What do you mean about "I don't know if I did it right"?

What part is confusing you? HJT isn't going to find anything so I'd really like to get combofix working. Could you tell me specificly what...

Glad to hear it. If everythings back to normal then you can mark this thread as solved.(Theres a link under this post)

Yes physically disconnecting would be unplugging the ethernet cable from the modem.

Ok please do the following.

Delete this file.

C:\Config.Msi\14d1b09.rbf


Please download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe) by sUBs

...

Hmm I can tell your infected but since its hiding itself from the scanner I don't know what to delete. Try renaming HiJackThis.exe to random.exe. Run it again and post that log here. Also I would...

Please make sure you've done this and look again.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the...

You have a few infection on your computer so lets get rid of em.

First of all open task manager(alt+ctrl+del), click the processes tab and end the following processes.

QdrModule9.exe...

Please look at the stickies and download the lastest version of HiJackThis and run a scan. Save the log and then copy and paste it here.

Your infected with Virtumondo. Please do the folloiwng.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.

* Double-click VundoFix.exe to run it....

In that case after running smitfraudfix run a scan with avg and x-clean in safemode. Then run hjt again(not in safemode) and then post that new one and the logs from smitfraudfix and avg, and xclean...

Those dlls are Virtumondo again. Run Vundofix.exe again and it should find all of those and delete them. Then rename hijackthis.exe to random.exe and run it again. post the vundofix log and the new...

Ok since Vundofix didn't work lets do the following.

Run Hjt and place a check mark in the boxes next to the following.

O2 - BHO: (no name) - {4EF67EFD-F7F1-4EAC-8AAB-0A9B3F0B7558} -...

Woah sorry I was distracted by thanksgiving. There was some smitfraud that one of your scans found so I'd like you to run the removal tools. Heres the instructions.

Please download SmitfraudFix...

Well unfortunetly I couldn't find anything malicious in the combofix log or the hjt log except for that one BHO which you can remove anytime.

This happened on my computer once or twice and this is...

This is a classic case of a Virtumondo infection. Which is actually a pretty eas fix. So do the following.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your...

Sorry bout that.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

Thats the malicious one, however still run the scan with combofix please. :)

Yes redownload it and when the box pops up choose save, and then save it to your desktop. If you don't it won't work correctly.

Still looks like an imcomplete log, but lets try this now instead.

Please download Combofix.exe from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)to your desktop. Double click it...

Yes rename HiJackThis.exe to something else that is random. It can be anything you want as long as you rename it. It should start up now so run it again and post that new log here in your next post.

lol I said it first. :P Look at my last post.

Ok do this then. Change the name of HiJackThis.exe to something random. It can be anything you want, but just change it and run hjt again. After you run the scan with hjt with a changed name post it...

Just double-checking. You did download it to your desktop right? Also do you alot of programs that run when you first turn on your computer.

If you do then go to start>run and type "msconfig"...

If everything is back to normal then you can mark this thread as solved.(there should be a link under this post) :)

Yes its a very good program with dates it also has the nice added feature of running scripts to delete most files.

Get rid of Norton, it is by far the worst virus protection availible. Here (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039)is a link to a page with the removal...

Sorry to step in again, but don't get rid of those BHOs only one of them is actually malware, the others are legit.

This is the one that is malicious an we'll remove it later.



For now...

Anywho, all symptoms have magically disappeared, must of got em with something I did, so I'm just mark this thread as solved.

I'll take a crack at it if you don't mind.

Ok heres the process of getting rid of virtumondo via vundofix.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your...

Yeah and that too. :)

Also that dll doesn't appear to be a legit windows dll or any other legit source. So I would recommend doing this.

Run HiJackThis and place a checkmark in the box next to the following.

O4 -...

Also, your HiJackThis log appears to be missing some entries, such as the Ro, R1, R2.. and several others. What I want to know is did you remove these yourself because of privacy issues(and if so...

Sorry, but I have to step in here. This is not a complete HJT log. Please redownload HJT from here (http://www.majorgeeks.com/download5554.html)and run it again. The hjt log should include the...

Sorry for the delay, but good news Combofix is working again so lets get started.


Please download Combofix.exe from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)to your desktop....

Nice Find! Now Combofix is working again so I'd like you to run it just to make sure everything is gone. Just to let you know it restarts your computer so don't freak out.

Please download...