I'm trying to fully delete a virus from my computer and I'm stuck. I don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus, but
there are a couple of things I can't fix.

1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s

The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)

The key is recreated almost immediately after I delete it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}

I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.

In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.

Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.


2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.

Can someone please help me find out how the fully remove this virus?

Please.

CrazyHorse wrote:

> I'm trying to fully delete a virus from my computer and I'm stuck. I
> don't know the name of the virus, but it is the one that says your
> computer is
> infected and starts doing a scan. Then, your IE will be redirected to ad
> sites every couple of minutes. I used Malwarebytes to remove the virus,
> but there are a couple of things I can't fix.

(snip details)

You are still infected. At this point, you need to either get guided help at
one of the specialty forums below OR back up your data and do a clean
install of Windows. It is your choice. If you are unsure how to back up
your data or how to do a clean install, you can take your machine to a
local computer professional. I don't recommend using
BigComputerStore/GeekSquad types of places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

using one anti virus
program may not be
helpful.

and who knows, perhaps
your anti virus program is
the thing that is infecting
your system.

-------

if you back up your data,
be sure it is only your personal
files otherwise you will be backing
up the infection as well.

---------------

turn off/disable your a.v.
and try this:

http://onecare.live.com/site/en-US/default.htm



--

db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces

"CrazyHorse" <(E-Mail Removed)> wrote in message newsF851A83-E55F-4A76-8605-(E-Mail Removed)...
> I'm trying to fully delete a virus from my computer and I'm stuck. I don't
> know the name of the virus, but it is the one that says your computer is
> infected and starts doing a scan. Then, your IE will be redirected to ad
> sites every couple of minutes. I used Malwarebytes to remove the virus, but
> there are a couple of things I can't fix.
>
> 1) Can't remove these keys from the registry
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>
> kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s
>
> The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)
>
> The key is recreated almost immediately after I delete it.
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
> Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}
>
> I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.
>
> In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
> shows up as:
> hulahake.dll. Each time I disable it and restart IE, it is enabled again.
>
> Currently, I'm using Internet Explorer (with no add-ons) which seems to
> prevent being redirected.
>
>
> 2) The virus starts my internet connection and connects to the internet by
> itself. After it does
> this, the names of the dll's have changed and I'm back to square one.
>
> Can someone please help me find out how the fully remove this virus?
>
> Please.
>

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem is
still there then run my diagnostic tool called whatslivern. That file after
a few seconds, when complete, will generate a log file. That log file will
be saved in the same directory you ran the program from, using the email
link and the bottom of my page send me a copy of that log file.
http://pcbutts1.com/downloads/tools/tools.htm


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/




"CrazyHorse" <(E-Mail Removed)> wrote in message
newsF851A83-E55F-4A76-8605-(E-Mail Removed)...
> I'm trying to fully delete a virus from my computer and I'm stuck. I
> don't
> know the name of the virus, but it is the one that says your computer is
> infected and starts doing a scan. Then, your IE will be redirected to ad
> sites every couple of minutes. I used Malwarebytes to remove the virus,
> but
> there are a couple of things I can't fix.
>
> 1) Can't remove these keys from the registry
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>
> kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s
>
> The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)
>
> The key is recreated almost immediately after I delete it.
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
> Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}
>
> I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.
>
> In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
> shows up as:
> hulahake.dll. Each time I disable it and restart IE, it is enabled again.
>
> Currently, I'm using Internet Explorer (with no add-ons) which seems to
> prevent being redirected.
>
>
> 2) The virus starts my internet connection and connects to the internet by
> itself. After it does
> this, the names of the dll's have changed and I'm back to square one.
>
> Can someone please help me find out how the fully remove this virus?
>
> Please.
>

Get lost, you imposted & thief.

The Real Truth MVP wrote:
> Use my Remove-it software, it will remove that malware from your system.
> Choose yes for all options when prompted. Download it here
> http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem
> is
> still there then run my diagnostic tool called whatslivern. That file
> after
> a few seconds, when complete, will generate a log file. That log file will
> be saved in the same directory you ran the program from, using the email
> link and the bottom of my page send me a copy of that log file.
> xxxx.pcbutts1HOLE.com/downloads/tools/tools.htm
>
>
>
> "CrazyHorse" <(E-Mail Removed)> wrote in message
> newsF851A83-E55F-4A76-8605-(E-Mail Removed)...
>> I'm trying to fully delete a virus from my computer and I'm stuck. I
>> don't
>> know the name of the virus, but it is the one that says your computer is
>> infected and starts doing a scan. Then, your IE will be redirected to ad
>> sites every couple of minutes. I used Malwarebytes to remove the virus,
>> but
>> there are a couple of things I can't fix.
>>
>> 1) Can't remove these keys from the registry
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>>
>> kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s
>>
>> The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)
>>
>> The key is recreated almost immediately after I delete it.
>>
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
>> Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}
>>
>> I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.
>>
>> In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
>> shows up as:
>> hulahake.dll. Each time I disable it and restart IE, it is enabled
>> again.
>>
>> Currently, I'm using Internet Explorer (with no add-ons) which seems to
>> prevent being redirected.
>>
>>
>> 2) The virus starts my internet connection and connects to the internet
>> by
>> itself. After it does
>> this, the names of the dll's have changed and I'm back to square one.
>>
>> Can someone please help me find out how the fully remove this virus?
>>
>> Please.

This might be of some use - http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" <(E-Mail Removed)> wrote in message
newsF851A83-E55F-4A76-8605-(E-Mail Removed)...
> I'm trying to fully delete a virus from my computer and I'm stuck. I
> don't
> know the name of the virus, but it is the one that says your computer is
> infected and starts doing a scan. Then, your IE will be redirected to ad
> sites every couple of minutes. I used Malwarebytes to remove the virus,
> but
> there are a couple of things I can't fix.
>
> 1) Can't remove these keys from the registry
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>
> kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s
>
> The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)
>
> The key is recreated almost immediately after I delete it.
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
> Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}
>
> I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.
>
> In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
> shows up as:
> hulahake.dll. Each time I disable it and restart IE, it is enabled again.
>
> Currently, I'm using Internet Explorer (with no add-ons) which seems to
> prevent being redirected.
>
>
> 2) The virus starts my internet connection and connects to the internet by
> itself. After it does
> this, the names of the dll's have changed and I'm back to square one.
>
> Can someone please help me find out how the fully remove this virus?
>
> Please.
>

I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor.

I've switched to Firefox, and amazingly I started to get the same virus
redirect (your system is infected) page.

I flashed the BIOS. It must be something in memory that won't let me change
the registry.

CH

"Randem" wrote:

> This might be of some use - http://www.randem.com/virusproblems.html
>
>
> --
> Randem Systems
> Your Installation Specialist
> The Top Inno Setup Script Generator
> http://www.randem.com/innoscript.html
> http://www.rndem.com/installerproblems.html
> http://www.randem.com/vistainstalls.html
> http://www.financialtrainingservices.org
>
>

CrazyHorse wrote:

> I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
> Destory, SmitfraudFix (didn't work), Spy Doctor.
>
> I've switched to Firefox, and amazingly I started to get the same virus
> redirect (your system is infected) page.
>
> I flashed the BIOS. It must be something in memory that won't let me
> change the registry.

Flashing the BIOS is never a solution for virus/malware infection. One thing
has nothing to do with the other. You are still infected and it is
completely *not* amazing that you are having problems in Firefox, too. Do
as I suggested in my previous post and either get guided help or
wipe/clean-install.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

If you switched to firefox you need to install the NoScript add-on to help
safe keep your system.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" <(E-Mail Removed)> wrote in message
news:26F1F04F-5105-446F-9ECC-(E-Mail Removed)...
> I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
> Destory, SmitfraudFix (didn't work), Spy Doctor.
>
> I've switched to Firefox, and amazingly I started to get the same virus
> redirect (your system is infected) page.
>
> I flashed the BIOS. It must be something in memory that won't let me
> change
> the registry.
>
> CH
>
> "Randem" wrote:
>
>> This might be of some use - http://www.randem.com/virusproblems.html
>>
>>
>> --
>> Randem Systems
>> Your Installation Specialist
>> The Top Inno Setup Script Generator
>> http://www.randem.com/innoscript.html
>> http://www.rndem.com/installerproblems.html
>> http://www.randem.com/vistainstalls.html
>> http://www.financialtrainingservices.org
>>
>>

Also did you try all the solutions. The bad software can hide in multiple
places and the document describes them. Only doing one of the suggestions
may not help.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" <(E-Mail Removed)> wrote in message
news:26F1F04F-5105-446F-9ECC-(E-Mail Removed)...
> I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
> Destory, SmitfraudFix (didn't work), Spy Doctor.
>
> I've switched to Firefox, and amazingly I started to get the same virus
> redirect (your system is infected) page.
>
> I flashed the BIOS. It must be something in memory that won't let me
> change
> the registry.
>
> CH
>
> "Randem" wrote:
>
>> This might be of some use - http://www.randem.com/virusproblems.html
>>
>>
>> --
>> Randem Systems
>> Your Installation Specialist
>> The Top Inno Setup Script Generator
>> http://www.randem.com/innoscript.html
>> http://www.rndem.com/installerproblems.html
>> http://www.randem.com/vistainstalls.html
>> http://www.financialtrainingservices.org
>>
>>