The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Dont know whats wrong

Posted 2/9/2009 1:00 AM
#72179
User avatar

Joso1000 Member

Date Joined Nov 2016
Total Posts: 6
recently im having problems with i dont know what it is...lol
this s..... appears on my screen every 5 secs even when i click on the "X" button, tryed with spybot, avg, but antymalware says: " these 2 problems cannot be removed, they will be removed when u reboot ur comp next time, but when i reboot it nothing happens, also this is how they r called C:\WINDOWS\system32\tedsfeoi.dll and C:\WINDOWS\system32\qoMcktTK.dll , so any help pls? thanks





this is what appears every 5 secs :

Warning!!! your computer is infected!
To check your system and remove all harmfull software write down this link TRADEDABLER.COM
Open a new Internet Explorer window and tape the adress manually Go to the website, download and run downloaded file.
FOR FREE!!!!





Also my Internet Explorer is infected as hell, whenever i start it it suggests me to go to a website and download the antivirus program and when i click cancel or the x button, it directs me to that website anyway and starts downloading by it self!!!!! HELP!!!!!
Posted 2/9/2009 5:00 AM
#72184
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello Joso1000 :cool:





Download: CCleaner
[color=#0000ff>https://www.majorgeeks.com/download4191.html[/url]]https://www.ccleaner.com/[/color]

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok


Then click Run Cleaner (bottom right) then Exit

Reboot



Please download Malwarebytes' Anti-Malware:

[color=#0000ff>https://www.spywarefri.dk/downloads1/mbam-setup.exe[/url]



Or here:

https://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968[/color]



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch




Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Please connect all your external hard drive/flash drive before running Malwarebyte



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.



Post Malwarebytes' Anti-Malware log





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/9/2009 5:39 PM
#72225
User avatar

Joso1000 Member

Date Joined Nov 2016
Total Posts: 6
heres the log






Malwarebytes' Anti-Malware 1.33
Database version: 1740
Windows 5.1.2600 Service Pack 2

8.2.2009 18:15:04
mbam-log-2009-02-08 (18-15-04).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 229085
Time elapsed: 1 hour(s), 32 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBrsSIc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgiabaih.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{214ba1e9-b51a-4287-b0c6-53ca69b1d46a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{214ba1e9-b51a-4287-b0c6-53ca69b1d46a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{214ba1e9-b51a-4287-b0c6-53ca69b1d46a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78cf1e43 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebrssic -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebrssic -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\geBrsSIc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cISsrBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cISsrBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgiabaih.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hiabaigh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\TORRENTI\Windows_Divx_Codec_update_3171.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Start Menu\Programs\Startup\p2pmax.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Start Menu\Programs\Startup\ppcb_32.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Start Menu\Programs\Startup\runit_32.lnk (Rogue.Link) -> Quarantined and deleted successfully.








BUT THE ANTYMALWARE DOESN DELETE THESE "DELETE ON REBOOT" PROBLEMS, CAUSE I RESTART MY COMPUTER AND NOTHING HAPPENS, ITS LIKE I TURNED THE COMPUTER NORMALLY, AND WHEN I SCAN IT AGAIN, SAME THING HAPPENS:DELETE ON REBOOT, WOULD U LIKE TO REBBOT UR COMPUTER NOW?
Posted 2/9/2009 7:06 PM
#72232
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok, let´s see a combolog ->





Please download Combofix:

https://download.bleepingcomputer.com/subs/combofix.exe



And save to the desktop.


Close all other browser windows.



Please connect all your external hard drive/flash drive before running Combofix, if you have any





Double-click on the combofix icon found on your desktop.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.


When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, October 8, 2022, 12:49 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
192 Guest(s), 0 Registered Member(s) are currently online.