Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » hijack this log...Winfixer, cws.qttask, Vx2.Look2m
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Scanning external drives for spyware - Important?? »
« Security Software Updates - 18 October 2005  
AuthorAll Replies


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL

1 edit		reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo

It's Vundo

Please follow these instructions:

1. Make a copy of these instructions so you have them handy as the most steps need to be done in safe mode with IE closed.

2. Please download the VundoFix tool
www.atribune.org/downloads/VundoFix.exe

3. Double-click VundoFix.exe to extract the files

4. This will create a folder named VundoFix on your desktop.

5. After the files are extracted, please reboot your computer into Safe Mode.
How to start the computer in Safe mode
»service1.symantec.com/SUPPORT/ts···_doc_nam

6. Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a message and a list of forums to seek help at (but you're already getting help now at this forum)

At this point press enter one time.

7. Next you will see:
quote:
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix
At this point please copy and paste the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\yabab.dll

Press *Enter*, then press the *F6* key, then press *Enter* one more time to continue with the fix.

8. Next you will see:
quote:
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please copy and paste the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\babay

Press *Enter*, then press the *F6* key, then press *Enter* one more time to continue with the fix.

9. The fix will run then HijackThis will open.

Using HijackThis, please place a check next to the following items and click the *FIX CHECKED* button:

O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\yabab.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O20 - Winlogon Notify: yabab - C:\WINDOWS\system32\yabab.dll

10. After you have fixed these items, close HijackThis and Press any key to force a reboot of your computer.

Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

Once your machine reboots please continue with the instructions below.

11. Then, please run this online virus scan to clean up any leftovers:
»www.pandasoftware.com/products/a···scan.htm

Save the results of the Panda ActiveScan so you can post them for review back here.

12. Also please post a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
--
It takes a disaster to make a woman out of a female

Microsoft MVP/Windows Security 2003-2005


Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · · 2005-09-18 17:45:58 · Reply to this
Forums » Up and Running » Security » SecurityScanning external drives for spyware - Important?? »
« Security Software Updates - 18 October 2005  

Wednesday, 25-Nov 14:52:14 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [104] New AT&T Ad Campaign Hits Back At Verizon
· [94] Apple Joins AT&T Verizon Snark Fest
· [85] New Bill Takes Aim At Higher Verizon ETFs
· [48] Time Warner Cable Fires Broadside At Broadcasters
· [44] In-Flight Internet Headed For Bumpy Landing?
· [43] TiVo Sees Record Customer Losses
· [32] Senators Want ACTA Made Public
· [30] Earthlink Suffers From Major E-mail Outage
· [30] AT&T Offers New Prepaid Wireless plans
· [28] Frontier Increases Modem Rental Fee
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· Telemarketing Hell: Heather's back [Spam, Scam and Phishbusters]
· 1333mW AP?! Everything we know says it shouldnt exist.... [Wireless Service Providers]
· Climate Change Scandal Erupts After Email Hack. [Security]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]
· Whats the big deal about being "Old School"....? [World of Warcraft]
· RG Firmware update to VDSL2 this morning [AT&T U-verse]
· [Rant] Damn Sermons through my speakers! [Rants, Raves, and Praise]
· Watching TV on my laptop [Verizon FIOS TV]