- Status
ashu888ashu888
Core i7 (nehalem) Owner
Did u scan ur PC with any s/ware or not?? like an AV (anti virus) or an Anti spyware? if not do ,this:
Install free s/wares like:
Ad Aware (get it here): www.download.com/3000-2144-10045910.html and...
Spybot S&D 1.4 (get it here): www.download.com/3000-2144-10122137.html
Update the Definitions and perform a full system scan.Also do an Virus scan by using a reputed AV (anti virus) tool and post ur results.
Cheers n e-peace.....
Install free s/wares like:
Ad Aware (get it here): www.download.com/3000-2144-10045910.html and...
Spybot S&D 1.4 (get it here): www.download.com/3000-2144-10122137.html
Update the Definitions and perform a full system scan.Also do an Virus scan by using a reputed AV (anti virus) tool and post ur results.
Cheers n e-peace.....
OP
vikasg03
Journeyman
I already use these softwares and tools but problem remains same.
1. spyware doctor
2. Trojan remover
3. ad aware
4. spyware-search and destroy
5. System mechanics 6.0 pro
6. spyware guard
7. Anti trojan shield
8. bug doctor
9. stinger
......... and many more
these s/w are find out 500+ trojans/registry errors and fix it also.
main problem is illegal/or unwanted sites are open automatically in regular interval. without doing anything on net.
vikas
1. spyware doctor
2. Trojan remover
3. ad aware
4. spyware-search and destroy
5. System mechanics 6.0 pro
6. spyware guard
7. Anti trojan shield
8. bug doctor
9. stinger
......... and many more
these s/w are find out 500+ trojans/registry errors and fix it also.
main problem is illegal/or unwanted sites are open automatically in regular interval. without doing anything on net.
vikas
OP
vikasg03
Journeyman
I already use these softwares and tools but problem remains same.
1. spyware doctor
2. Trojan remover
3. ad aware
4. spyware-search and destroy
5. System mechanics 6.0 pro
6. spyware guard
7. Anti trojan shield
8. bug doctor
9. stinger
......... and many more
these s/w are find out 500+ trojans/registry errors and fix it also.
main problem is illegal/or unwanted sites are open automatically in regular interval. without doing anything on net.
vikas
1. spyware doctor
2. Trojan remover
3. ad aware
4. spyware-search and destroy
5. System mechanics 6.0 pro
6. spyware guard
7. Anti trojan shield
8. bug doctor
9. stinger
......... and many more
these s/w are find out 500+ trojans/registry errors and fix it also.
main problem is illegal/or unwanted sites are open automatically in regular interval. without doing anything on net.
vikas
anandk
Distinguished Member
disable active protection of all ur software like spywareguard, etc.
change ur homepage to 'abot:blank" from the the ie internet options, or restore browser settings using ms anti-spy's system tools>restore browser settings..
clear ur pc junk using freeware 'ccleaner'.
then lock ur start page using spywareblaster or msantispy or spyguard.
run ur anti-spys like ms antispy or others in safe mode.
then restart ur active protections, if any. allow detected registry changes.
if it dznt help, post ur hijackthis logfile here.
change ur homepage to 'abot:blank" from the the ie internet options, or restore browser settings using ms anti-spy's system tools>restore browser settings..
clear ur pc junk using freeware 'ccleaner'.
then lock ur start page using spywareblaster or msantispy or spyguard.
run ur anti-spys like ms antispy or others in safe mode.
then restart ur active protections, if any. allow detected registry changes.
if it dznt help, post ur hijackthis logfile here.
OP
vikasg03
Journeyman
nothing help me
how to remove this message in vb "save changes to the following files "
hello
nothing will help me. I donot want to format my system because this will show my defeat against virus. My problem is again same . Many websites open automatically without my intervention. some examples are listed below. i m also send log file of hijeck this. my PC infected with drsmartload and winsysupd* series virus. i every daya remove entries from registry and c:\windows folder but virus create again .please help
vikas
list of sites open automatic are
www.findyoursite.com
*www.intern-etadvertising.com/normal/yyy102.html
*www.inter-netsuggestions.com/normal/yyy102.html
*popunder.paypopup.com/adsDirect.ph...d=&campaign=&type=&ref=&rurl=&clater=&defurl=
*www.hug-ediscounts.com/normal/yyy102.html
log file of hijeckthis is
Logfile of HijackThis v1.99.1
Scan saved at 3:28:04 PM, on 2/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP3 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\ora9ids\bin\agntsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\MSTask.exe
C:\ora9ids\bin\dbsnmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\windows\winsysban9.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\ora9ids\bin\ifbld90.exe
C:\WINNT\system32\cmd.exe
C:\ora9ids\jdk\bin\java.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\ora9ids\bin\sqlplusw.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\ora9ids\bin\rwbuilder.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\ora9ids\bin\ifweb90.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *www.google.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 133.147.171.220:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINNT\system32\cbxuv.dll
O2 - BHO: ADOUsefulNet Object - {EFF1B7BE-A875-450E-AD69-E93457DCEE6A} - C:\WINNT\system32\byxxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINNT\system32\xvd32.dll,start
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - *133.147.224.71/tsweb/msrdp.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) - *avinashkumar:8889/forms90/jinitiator/jinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{50318F97-3595-4A06-9F6F-D0B464DFB0D8}: NameServer = 203.122.63.152,203.122.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{50318F97-3595-4A06-9F6F-D0B464DFB0D8}: NameServer = 203.122.63.152,203.122.63.154
O17 - HKLM\System\CS2\Services\Tcpip\..\{50318F97-3595-4A06-9F6F-D0B464DFB0D8}: NameServer = 203.122.63.152,203.122.63.154
O20 - Winlogon Notify: byxxy - C:\WINNT\system32\byxxy.dll
O20 - Winlogon Notify: cbxuv - C:\WINNT\SYSTEM32\cbxuv.dll
O20 - Winlogon Notify: Telephony - C:\WINNT\system32\lv2o09f3e.dll
O20 - Winlogon Notify: winbmf32 - C:\WINNT\SYSTEM32\winbmf32.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Oracleora9idsAgent - Oracle Corporation - C:\ora9ids\bin\agntsrvc.exe
O23 - Service: Oracleora9idsClientCache - Unknown owner - C:\ora9ids\BIN\ONRSD.EXE
how to remove this message in vb "save changes to the following files "
hello
nothing will help me. I donot want to format my system because this will show my defeat against virus. My problem is again same . Many websites open automatically without my intervention. some examples are listed below. i m also send log file of hijeck this. my PC infected with drsmartload and winsysupd* series virus. i every daya remove entries from registry and c:\windows folder but virus create again .please help
vikas
list of sites open automatic are
www.findyoursite.com
*www.intern-etadvertising.com/normal/yyy102.html
*www.inter-netsuggestions.com/normal/yyy102.html
*popunder.paypopup.com/adsDirect.ph...d=&campaign=&type=&ref=&rurl=&clater=&defurl=
*www.hug-ediscounts.com/normal/yyy102.html
log file of hijeckthis is
Logfile of HijackThis v1.99.1
Scan saved at 3:28:04 PM, on 2/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP3 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\ora9ids\bin\agntsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\MSTask.exe
C:\ora9ids\bin\dbsnmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\windows\winsysban9.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\ora9ids\bin\ifbld90.exe
C:\WINNT\system32\cmd.exe
C:\ora9ids\jdk\bin\java.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\ora9ids\bin\sqlplusw.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\ora9ids\bin\rwbuilder.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\ora9ids\bin\ifweb90.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *www.google.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 133.147.171.220:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINNT\system32\cbxuv.dll
O2 - BHO: ADOUsefulNet Object - {EFF1B7BE-A875-450E-AD69-E93457DCEE6A} - C:\WINNT\system32\byxxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINNT\system32\xvd32.dll,start
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - *133.147.224.71/tsweb/msrdp.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) - *avinashkumar:8889/forms90/jinitiator/jinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{50318F97-3595-4A06-9F6F-D0B464DFB0D8}: NameServer = 203.122.63.152,203.122.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{50318F97-3595-4A06-9F6F-D0B464DFB0D8}: NameServer = 203.122.63.152,203.122.63.154
O17 - HKLM\System\CS2\Services\Tcpip\..\{50318F97-3595-4A06-9F6F-D0B464DFB0D8}: NameServer = 203.122.63.152,203.122.63.154
O20 - Winlogon Notify: byxxy - C:\WINNT\system32\byxxy.dll
O20 - Winlogon Notify: cbxuv - C:\WINNT\SYSTEM32\cbxuv.dll
O20 - Winlogon Notify: Telephony - C:\WINNT\system32\lv2o09f3e.dll
O20 - Winlogon Notify: winbmf32 - C:\WINNT\SYSTEM32\winbmf32.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Oracleora9idsAgent - Oracle Corporation - C:\ora9ids\bin\agntsrvc.exe
O23 - Service: Oracleora9idsClientCache - Unknown owner - C:\ora9ids\BIN\ONRSD.EXE
swatkat
Technomancer
Re: nothing help me
Hi,
Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.
Can you do one thing? Navigate to the C:\WINNT\system32\ folder and locate this file byxxy.dll and then ZIP it, and upload it at RapidShare ( www.rapidshare.de ) and give me back the download link.
Download VundoFix.exe to your desktop. Double-click VundoFix.exe to extract the files. This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into "Safe Mode". You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.
Once in "Safe Mode", delete this file:-
C:\windows\winsysban9.exe
Next, open the VundoFix folder and double-click on KillVundo.bat.
You will first be presented with a warning. It should look like this:
Next you will see:
C:\WINNT\system32\byxxy.dll
Press "Enter" to continue with the fix.
Next you will see:
C:\WINNT\system32\yxxyb.*
Press "Enter" to continue with the fix. The fix will run and HijackThis will open. If it does not open automatically, please open it manually.
In HijackThis, please place a check next to the following items:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINNT\system32\cbxuv.dll
O2 - BHO: ADOUsefulNet Object - {EFF1B7BE-A875-450E-AD69-E93457DCEE6A} - C:\WINNT\system32\byxxy.dll
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINNT\system32\xvd32.dll,start
O20 - Winlogon Notify: byxxy - C:\WINNT\system32\byxxy.dll
O20 - Winlogon Notify: cbxuv - C:\WINNT\SYSTEM32\cbxuv.dll
O20 - Winlogon Notify: Telephony - C:\WINNT\system32\lv2o09f3e.dll
O20 - Winlogon Notify: winbmf32 - C:\WINNT\SYSTEM32\winbmf32.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."
After you have fixed these items, close Hijackthis.
Press "Enter" to exit the program, then manually reboot your computer..
Now, download L2mfix from one of these two locations:
*www.atribune.org/downloads/l2mfix.exe
*www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log along with a NEW HijackThis log. (Dont forget to upload the ZIPPED file at RapidShare
)
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.
Hi,
Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.
Can you do one thing? Navigate to the C:\WINNT\system32\ folder and locate this file byxxy.dll and then ZIP it, and upload it at RapidShare ( www.rapidshare.de ) and give me back the download link.
Download VundoFix.exe to your desktop. Double-click VundoFix.exe to extract the files. This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into "Safe Mode". You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.
Once in "Safe Mode", delete this file:-
C:\windows\winsysban9.exe
Next, open the VundoFix folder and double-click on KillVundo.bat.
You will first be presented with a warning. It should look like this:
At this point press "Enter" one time.
Next you will see:
At this point please type the following file path (make sure to enter it exactly as below):
C:\WINNT\system32\byxxy.dll
Press "Enter" to continue with the fix.
Next you will see:
At this point please type the following file path (make sure to enter it exactly as below):
C:\WINNT\system32\yxxyb.*
Press "Enter" to continue with the fix. The fix will run and HijackThis will open. If it does not open automatically, please open it manually.
In HijackThis, please place a check next to the following items:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINNT\system32\cbxuv.dll
O2 - BHO: ADOUsefulNet Object - {EFF1B7BE-A875-450E-AD69-E93457DCEE6A} - C:\WINNT\system32\byxxy.dll
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINNT\system32\xvd32.dll,start
O20 - Winlogon Notify: byxxy - C:\WINNT\system32\byxxy.dll
O20 - Winlogon Notify: cbxuv - C:\WINNT\SYSTEM32\cbxuv.dll
O20 - Winlogon Notify: Telephony - C:\WINNT\system32\lv2o09f3e.dll
O20 - Winlogon Notify: winbmf32 - C:\WINNT\SYSTEM32\winbmf32.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."
After you have fixed these items, close Hijackthis.
Press "Enter" to exit the program, then manually reboot your computer..
Now, download L2mfix from one of these two locations:
*www.atribune.org/downloads/l2mfix.exe
*www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log along with a NEW HijackThis log. (Dont forget to upload the ZIPPED file at RapidShare
)IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.
swatkat
Technomancer
Also, while you are in safe mode, BEFORE running the VundoFix, do this step:-
Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Network Monitor and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".
And, delete this folder:-
C:\Program Files\Network Monitor
Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Network Monitor and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".
And, delete this folder:-
C:\Program Files\Network Monitor
N
Net007
Guest
Download trial version of Kaspersky Antivirus and update it. Then check your computer for viruses. This will solve your problem.
- Status