C
CrazyHorse
I'm trying to fully delete a virus from my computer and I'm stuck. I don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus, but
there are a couple of things I can't fix.
1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s
The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)
The key is recreated almost immediately after I delete it.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}
I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.
In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.
Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.
2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.
Can someone please help me find out how the fully remove this virus?
Please.
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus, but
there are a couple of things I can't fix.
1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s
The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)
The key is recreated almost immediately after I delete it.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}
I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.
In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.
Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.
2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.
Can someone please help me find out how the fully remove this virus?
Please.