Re: Security Toolbar 7.1
- From: barrowhill <barrowhill@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Nov 2007 14:20:01 -0800
Malke,
Thanks again.
Just returned from neighbours. Ran Vundofix, VirtumodoBeGone and
Smitfraudfix on all PC accounts (PC has 2 accounts). Checked IE toolbars and
Security Toolbar 7.1 not shown either as running or as an option - looks like
removed (?). looked at ViryumodnoBegone text file (nothing found) but noted
Dll's - PopKill Class, ibxqjell, ZKBHO Class and gebyx also appear enabled in
the tools\manage add ons. I disabled these.
Text file contents reports as.......
.......
.......
BHO 2: {51fcb9c1-7b08-40b5-82f5-a8a5f54e4f7d} ()
WARNING: BHO has no default name. Checking for Winlogon reference.
Checking for HKLM\...\Winlogon\Notify\ibxqjell
Key not found: HKLM\...\Winlogon\Notify\ibxqjell, continuing.........or
similar
........
........
Left with him running Ad-aware (then SpyBot) and to bring PC round (within
the hour) if "scumware" messages re-appear. An hour and 15 has gone and
doorbell not rung.....Am I going to be lucky????!!!
"Malke" wrote:
barrowhill wrote:.
Malke,
I spoke to soon.........
Neighbours daughter having finished with MSN Messenger ran Ad-Aware. During
pprocess "scumware" messages began appearing again. Security Toolbar 7.1
back! - I've disabled in IE7 via tools\manage add-ons. Be nice to remove it
Messages that appear regularly and cyclicly are:
System Alert: Malware Threats
Security Alert: Networm-iVirus@fp
System Performance Monitoring: Warning
Security Alert: Spyware found - PSW.x-Vir
SystemAlert: Trojan-Spy.W32@mx
Security Warning: New Variant of SpyBot@mxt
I also get 2 desktop icon appearing (delete them but keep coming back)
Live Safety Centre
On-Line Security Guide
Running SpyBot (regularly) brings up....
Win32.BHO.df
Virtumonde
Virtumonde.generic
(snippage)
You're going to need to post a HijackThis log at one of the specialty
forums listed below (not here, please). You have a combination of some
very nasty malware which is extremely difficult, if not impossible, to
remove. As a precaution, make sure all data is backed up now in case you
need to do a clean install (a distinct possibility). If you wind up
doing a clean install, make sure you scan the data with a current
version antivirus using updated definitions before you copy it back onto
your clean machine.
http://aumha.org/downloads/hijackthis.zip
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
- Follow-Ups:
- Re: Security Toolbar 7.1
- From: PA Bear
- Re: Security Toolbar 7.1
- From: Malke
- Re: Security Toolbar 7.1
- References:
- Re: Security Toolbar 7.1
- From: Malke
- Re: Security Toolbar 7.1
- From: barrowhill
- Re: Security Toolbar 7.1
- From: Malke
- Re: Security Toolbar 7.1
- Prev by Date: Re: Security Toolbar 7.1
- Next by Date: Re: Printer Management Console - requires Administrator membership..
- Previous by thread: Re: Security Toolbar 7.1
- Next by thread: Re: Security Toolbar 7.1
- Index(es):
Relevant Pages
|
