0

Last wednesday Mc Fee notifiied me that I had a worm or virus and it was deleted, as it runs while computer is on.
An hour later, my computer was taken over by pop ups, if I tried to x them out my computer froze .
I ran several spyware programs, but it hasn't helped.
I found files and programs installed everywhere, and some seemed impossible to get rid of. I found one file in windows, that may have identified itself as being needed by windows, it was created the same exact time that this spyware was installed, which it turns out was the same time Mc Fee did it's delete.
Many of these files had weird names, the one I now suspect is a gnjivapg.dll.
Can anyone give me imput or suggestions on installing programs that may help.
Thanks Joal

4
Contributors
15
Replies
16
Views
13 Years
Discussion Span
Last Post by DMR
0

If you haven't done so, try running Adaware and Spybot. Be sure to update each before scanning, and reboot between each scan. You may want to also down HijackThis, be sure it is updated to version 1.98.2, and post a log so one of the experts can take a look at exactly what is running on your computer. Be sure to save it to its own permanent folder, not your desktop or a temp file, that way it can make backups in case you need them. You can download Adaware and Spybot from here:

http://www.lavasoftusa.com
http://www.safer-networking.org/en/index.html

I don't have the link for HijackThis right offhand.....if you look through some of the other threads you will find it. If I come across it before you post again, I'll have it here for you. Good luck! :)

0

...An hour later, my computer was taken over by pop ups, if I tried to x them out my computer froze...

Just a tip, whenever getting popups, it's better not to 'X' them as sometimes this will cause them to 'execute' which can create more popups (or worse!). It is better to either right-click on them and select close, or use ctrl-alt-del to close each instance or, better yet, close Internet Explorer and clear all temp files and history.

When you unzip hijackthis, put it in it's own folder (like c:\hjt\hijackthis.exe).

0

... the one I now suspect is a gnjivapg.dll.

And rightly so. Random, gibberish filenames like that are almost always components of a malicious program, and in the case of the above file that's most certainly the case.

Take the advice given by deonnanicole concerning Ad Aware, SpyBot, and HijackThis. However, before running any of those programs, do the following (assuming you're running WIn 2K or XP):

- Reboot into safe mode

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

(If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.)

- Empty your Recycle Bin.

- Reboot normally.

Then:

1. Run Ad Aware and Spybot first, have them fix everything they find in their scans.

2. Run HijackThis, but close/quit all open programs, especially your Web browser before doing so. When you do run HJT, do not have it fix anything yet! Just have it perform a scan and post the contents of the log file it generates.

0

So far I have tried many sites to download Hijackthis, none has worked so far, I did e-mail the creator of this program...I am desperate.
Also I have run Adware, Spybot, and recently tried Xoft not sure of the name.
Plus always use a cache and cookie washer, then do delete of history, temp and temp internet... have adjusted security to high, ... my computer is refusing to allow me to delete some programs and also the window file .
If I can figure out why Hijack will not load, and I can run it, will post the log.
Meanwhile many thanxs
joal

0

I eliminated xoftspy, thanks for the information, I will start a new thread.
joal

0

I eliminated xoftspy, thanks for the information, I will start a new thread.
joal

You shouldn't need to start a new thead, post your log here. That way anyone reviewing your log will know what you've already done.

0

I still cannot download Hijackthis, I went to Merijin.org, seems that there is a possibility that there is a spyware that can prevent the download, so... tried to download the program to get rid of the problem.... nope.
I have updated spybot, and have mc fee running 24/7
I would like to have a program that prevents pop ups so that I can navigate, I can't stay on line long as I get pop ups that freeze me and have to manually shut down, then do a cache and cookie wash[old one] then run spybot and hope to get on line.
Also is there a site that lists all current virus/worm trojan problems?
Whatever I have is hiding and spybot doesn't pick it up, also I suddenly got a new system file in windows , I delete gibberish ones, that are recent, everytime a pop up freezes me, it inserts these gibberish files.
joal

0

The Steve wolf .. gave me ..."unexpected error"
I am getting this when I try to download javacool blaster.
currently the latest is .."you have preformed an illegal operation" this can be waol , explorer etc.
the best I know to do is keep the gibberish files down, I accumulate at least a dozen everytime I am on line, and use spybot and cache and cookie washer.

0

Can you boot into Safe Mode with internet access and download HJT from there?

Also, while in Safe Mode:

Clean out all the Temp folders and Temporary Internet folders for all users on your computer. There could be something lurking in there that is executing. Do a search for *.tmp and delete everything found there as well.

Rerun SpyBot, Adaware, and your antivirus program from Safe Mode too.

If you can get on the web, try the free scans from TrendMicro and Panda as well.

0

Try this then:

Download HJT and any other utilities you want using a non-infected computer, burn the progrms to CD, and try to install/run them on your system from the CD.

Some of the infections which involve files with random, gibberish names can be very hard to remove- they drop components of themselves in multiple locaitons on your hard drive, and unless you remove every single piece of them they'll just generate more copies of themselves every time you boot up, start Internet Explorer, etc. Given that, you really should try to get a HJT scan done somehow, as SpyBot and a cache/cookie cleaning utility alone aren't going to do the trick for you.

0

I will have to burn a CD from a non infected computer, that didn't occur to me so many thanks for this , and to all who have contributed.
It will take some time to get someone to help, and resolve this, so this thread can be removed ....
thanks again
joal

0

I'll just close this thread for now (to keep it from getting hijacked) instead of removing it. If you want/need to continue the thread once you've had a chance to get someone to help you out, just PM me and I'll reopen it.

Good luck, let us know how things go....

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.