Can't fully remove virus from system

C

CrazyHorse

I'm trying to fully delete a virus from my computer and I'm stuck. I don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus, but
there are a couple of things I can't fix.

1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s

The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)

The key is recreated almost immediately after I delete it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}

I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.

In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.

Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.


2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.

Can someone please help me find out how the fully remove this virus?

Please.
 
M

Malke

CrazyHorse said:
I'm trying to fully delete a virus from my computer and I'm stuck. I
don't know the name of the virus, but it is the one that says your
computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus,
but there are a couple of things I can't fix.

(snip details)

You are still infected. At this point, you need to either get guided help at
one of the specialty forums below OR back up your data and do a clean
install of Windows. It is your choice. If you are unsure how to back up
your data or how to do a clean install, you can take your machine to a
local computer professional. I don't recommend using
BigComputerStore/GeekSquad types of places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke
 
D

db.·.. >

using one anti virus
program may not be
helpful.

and who knows, perhaps
your anti virus program is
the thing that is infecting
your system.

-------

if you back up your data,
be sure it is only your personal
files otherwise you will be backing
up the infection as well.

---------------

turn off/disable your a.v.
and try this:

http://onecare.live.com/site/en-US/default.htm



--

db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
 
T

The Real Truth MVP

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem is
still there then run my diagnostic tool called whatslivern. That file after
a few seconds, when complete, will generate a log file. That log file will
be saved in the same directory you ran the program from, using the email
link and the bottom of my page send me a copy of that log file.
http://pcbutts1.com/downloads/tools/tools.htm
 
P

PA Bear [MS MVP]

Get lost, you imposted & thief.
Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem
is
still there then run my diagnostic tool called whatslivern. That file
after
a few seconds, when complete, will generate a log file. That log file will
be saved in the same directory you ran the program from, using the email
link and the bottom of my page send me a copy of that log file.
xxxx.pcbutts1HOLE.com/downloads/tools/tools.htm
 
C

CrazyHorse

I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor.

I've switched to Firefox, and amazingly I started to get the same virus
redirect (your system is infected) page.

I flashed the BIOS. It must be something in memory that won't let me change
the registry.

CH
 
M

Malke

CrazyHorse said:
I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor.

I've switched to Firefox, and amazingly I started to get the same virus
redirect (your system is infected) page.

I flashed the BIOS. It must be something in memory that won't let me
change the registry.

Flashing the BIOS is never a solution for virus/malware infection. One thing
has nothing to do with the other. You are still infected and it is
completely *not* amazing that you are having problems in Firefox, too. Do
as I suggested in my previous post and either get guided help or
wipe/clean-install.

Malke
 
C

CrazyHorse

I think my regsvc.dll is infected. Does anyone know how I can repair this?

(yes, I followed all of the advice above, but none talked about the Registry
service)

CH
 
P

PA Bear [MS MVP]

Repost:

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
 
C

CrazyHorse

Yes, I've tried this but it says that the version of windows in newer than
the one on the CD. This is true since I have XP SP3 and dozens of fixes,
security updates, etc added to my original install from Dell.

I've tried the Windows File Protection (sfc /scannow or sfc /purgecache),
which works well until it asks for Windows XP CD2. This is probably because
of SP3 and the add-ons.

My next guess would be to find a similar non-infected Windows XP system and
copy the files that I think are infected from that machine to mine.


CH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top