|
Posted by =?Utf-8?B?V2Vic2lkZXI=?= on November 26, 2007, 3:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
Thanks for putting me onto AumHa.
Those guys were outstanding.
After several iterations with very detailed instructions my computer was
saved !
I highly recommend AumHa to anyone with a serious virus/spyware problem and
have made a voluntary donation to their outstanding free service.
Cheers,
Tony
Australia
"Malke" wrote:
> Websider wrote:
> > I have identified three suspected Virus/Trojan DLL files on my system:
> >
> > C:\WINDOWS\system32\mlljg.dll
> > C:\WINDOWS\system32\tuvwtqq.dll
> > C:\WINDOWS\system32\wineak32.dll
> >
> > When I attempt to delete these files using Explorer, I get the message
> > ‘Cannot delete … It is being used by another person or
program’
> >
> > I have also identified these suspicious entries in a HijackThis log:
> >
> > O2 - BHO: (no name) - -
> > C:\WINDOWS\system32\mlljg.dll
> > 02 - BHO: (no name) - -
> > C:\WINDOWS\system32\tuvwtqq.dll O20 - Winlogon Notify: tuvwtqq -
> > C:\WINDOWS\SYSTEM32\tuvwtqq.dll O20 - Winlogon Notify: wineak32 -
> > C:\WINDOWS\SYSTEM32\wineak32.dll
> >
> > One of these suspicious modules appears to also act as a backdoor for
> > injection of other virus/Trojan processes like:
> >
> > mgrs.exe
> > winxxx.exe (where xxx is a two- or three-digit number)
> > wanmpsvc.exe
> > drvxxx.exe (where xxx are three characters such as 'heb' or 'max')
> >
> > Using Warecase eXtended Task Manager (XTM)and DiamondCS Advanced Process
> > Elimination (APM), I have identified the modules mlljg.dll and tuvwtqq.dll
> > under process explorer.exe and have identified the modules tuvwtqq.dll and
> > wineak32.dll under the process winlogon.exe.
> >
> > I have attempted to unload these processes using XTM and APM without success.
> >
> > Neither Trend Micro PC-Cillan or System Cleaner, or a variety of Spyware
> > scanners (Microrsoft, Adaware, Ashampoo, Panda, etc) have been able to
> > identify and/or remove these virus/Trojans from my system.
> >
> > Can you PLEASE advise me of how I can eliminate these suspected
> > Virus/Trojans from my system ?
> >
>
> Post your HijackThis log in one of the specialty forums listed below (in
> no particular order). Please do *not* post the log here in the MS
> newsgroups as you will not get the expert attention you need.
>
> Choose a forum, read the posting FAQ, register, and you will be given
> guided help.
>
> http://aumha.org/downloads/hijackthis.zip
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
> http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
> another tutorial
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
> and the stickies *first*.
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://castlecops.com/forum67.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
> http://gladiator-antivirus.com/forum/index.php?showforum=170
> http://spywarewarrior.com/viewforum.php?f=5
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>
| 
XML site map