If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Can't fully remove virus from system
I'm trying to fully delete a virus from my computer and I'm stuck. I don't
know the name of the virus, but it is the one that says your computer is infected and starts doing a scan. Then, your IE will be redirected to ad sites every couple of minutes. I used Malwarebytes to remove the virus, but there are a couple of things I can't fix. 1) Can't remove these keys from the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s The name of the dll keeps changing (jazejumi.dll, vagazodi.dll) The key is recreated almost immediately after I delete it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2} I tried adding the "NoExplorer REG_DWORD 1" but that didn't work. In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it shows up as: hulahake.dll. Each time I disable it and restart IE, it is enabled again. Currently, I'm using Internet Explorer (with no add-ons) which seems to prevent being redirected. 2) The virus starts my internet connection and connects to the internet by itself. After it does this, the names of the dll's have changed and I'm back to square one. Can someone please help me find out how the fully remove this virus? Please. |
Ads |
#2
|
|||
|
|||
Can't fully remove virus from system
CrazyHorse wrote:
I'm trying to fully delete a virus from my computer and I'm stuck. I don't know the name of the virus, but it is the one that says your computer is infected and starts doing a scan. Then, your IE will be redirected to ad sites every couple of minutes. I used Malwarebytes to remove the virus, but there are a couple of things I can't fix. (snip details) You are still infected. At this point, you need to either get guided help at one of the specialty forums below OR back up your data and do a clean install of Windows. It is your choice. If you are unsure how to back up your data or how to do a clean install, you can take your machine to a local computer professional. I don't recommend using BigComputerStore/GeekSquad types of places. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. http://aumha.org/downloads/hijackthis.zip http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies *first*. http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/...splay.php?f=25 http://www.geekstogo.com/forum/Malwa..._Here-f37.html http://www.malwarebytes.org/forums/i...hp?showforum=7 http://gladiator-antivirus.com/forum...?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ http://www.thespykiller.co.uk/index.php?board=3.0 http://forums.subratam.org/index.php?showforum=7 Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ |
#3
|
|||
|
|||
Can't fully remove virus from system
using one anti virus
program may not be helpful. and who knows, perhaps your anti virus program is the thing that is infecting your system. ------- if you back up your data, be sure it is only your personal files otherwise you will be backing up the infection as well. --------------- turn off/disable your a.v. and try this: http://onecare.live.com/site/en-US/default.htm -- db·´¯`·...¸)))º DatabaseBen, Retired Professional - Systems Analyst - Database Developer - Accountancy - Veteran of the Armed Forces "CrazyHorse" wrote in message news I'm trying to fully delete a virus from my computer and I'm stuck. I don't know the name of the virus, but it is the one that says your computer is infected and starts doing a scan. Then, your IE will be redirected to ad sites every couple of minutes. I used Malwarebytes to remove the virus, but there are a couple of things I can't fix. 1) Can't remove these keys from the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s The name of the dll keeps changing (jazejumi.dll, vagazodi.dll) The key is recreated almost immediately after I delete it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2} I tried adding the "NoExplorer REG_DWORD 1" but that didn't work. In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it shows up as: hulahake.dll. Each time I disable it and restart IE, it is enabled again. Currently, I'm using Internet Explorer (with no add-ons) which seems to prevent being redirected. 2) The virus starts my internet connection and connects to the internet by itself. After it does this, the names of the dll's have changed and I'm back to square one. Can someone please help me find out how the fully remove this virus? Please. |
#4
|
|||
|
|||
Can't fully remove virus from system
Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem is still there then run my diagnostic tool called whatslivern. That file after a few seconds, when complete, will generate a log file. That log file will be saved in the same directory you ran the program from, using the email link and the bottom of my page send me a copy of that log file. http://pcbutts1.com/downloads/tools/tools.htm -- The Real Truth http://pcbutts1-therealtruth.blogspot.com/ "CrazyHorse" wrote in message news I'm trying to fully delete a virus from my computer and I'm stuck. I don't know the name of the virus, but it is the one that says your computer is infected and starts doing a scan. Then, your IE will be redirected to ad sites every couple of minutes. I used Malwarebytes to remove the virus, but there are a couple of things I can't fix. 1) Can't remove these keys from the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s The name of the dll keeps changing (jazejumi.dll, vagazodi.dll) The key is recreated almost immediately after I delete it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2} I tried adding the "NoExplorer REG_DWORD 1" but that didn't work. In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it shows up as: hulahake.dll. Each time I disable it and restart IE, it is enabled again. Currently, I'm using Internet Explorer (with no add-ons) which seems to prevent being redirected. 2) The virus starts my internet connection and connects to the internet by itself. After it does this, the names of the dll's have changed and I'm back to square one. Can someone please help me find out how the fully remove this virus? Please. |
#5
|
|||
|
|||
Can't fully remove virus from system
Get lost, you imposted & thief.
The Real Truth MVP wrote: Use my Remove-it software, it will remove that malware from your system. Choose yes for all options when prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem is still there then run my diagnostic tool called whatslivern. That file after a few seconds, when complete, will generate a log file. That log file will be saved in the same directory you ran the program from, using the email link and the bottom of my page send me a copy of that log file. xxxx.pcbutts1HOLE.com/downloads/tools/tools.htm "CrazyHorse" wrote in message news I'm trying to fully delete a virus from my computer and I'm stuck. I don't know the name of the virus, but it is the one that says your computer is infected and starts doing a scan. Then, your IE will be redirected to ad sites every couple of minutes. I used Malwarebytes to remove the virus, but there are a couple of things I can't fix. 1) Can't remove these keys from the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s The name of the dll keeps changing (jazejumi.dll, vagazodi.dll) The key is recreated almost immediately after I delete it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2} I tried adding the "NoExplorer REG_DWORD 1" but that didn't work. In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it shows up as: hulahake.dll. Each time I disable it and restart IE, it is enabled again. Currently, I'm using Internet Explorer (with no add-ons) which seems to prevent being redirected. 2) The virus starts my internet connection and connects to the internet by itself. After it does this, the names of the dll's have changed and I'm back to square one. Can someone please help me find out how the fully remove this virus? Please. |
#6
|
|||
|
|||
Can't fully remove virus from system
This might be of some use - http://www.randem.com/virusproblems.html
-- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org "CrazyHorse" wrote in message news I'm trying to fully delete a virus from my computer and I'm stuck. I don't know the name of the virus, but it is the one that says your computer is infected and starts doing a scan. Then, your IE will be redirected to ad sites every couple of minutes. I used Malwarebytes to remove the virus, but there are a couple of things I can't fix. 1) Can't remove these keys from the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s The name of the dll keeps changing (jazejumi.dll, vagazodi.dll) The key is recreated almost immediately after I delete it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2} I tried adding the "NoExplorer REG_DWORD 1" but that didn't work. In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it shows up as: hulahake.dll. Each time I disable it and restart IE, it is enabled again. Currently, I'm using Internet Explorer (with no add-ons) which seems to prevent being redirected. 2) The virus starts my internet connection and connects to the internet by itself. After it does this, the names of the dll's have changed and I'm back to square one. Can someone please help me find out how the fully remove this virus? Please. |
#7
|
|||
|
|||
Can't fully remove virus from system
I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor. I've switched to Firefox, and amazingly I started to get the same virus redirect (your system is infected) page. I flashed the BIOS. It must be something in memory that won't let me change the registry. CH "Randem" wrote: This might be of some use - http://www.randem.com/virusproblems.html -- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org |
#8
|
|||
|
|||
Can't fully remove virus from system
CrazyHorse wrote:
I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and Destory, SmitfraudFix (didn't work), Spy Doctor. I've switched to Firefox, and amazingly I started to get the same virus redirect (your system is infected) page. I flashed the BIOS. It must be something in memory that won't let me change the registry. Flashing the BIOS is never a solution for virus/malware infection. One thing has nothing to do with the other. You are still infected and it is completely *not* amazing that you are having problems in Firefox, too. Do as I suggested in my previous post and either get guided help or wipe/clean-install. Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ |
#9
|
|||
|
|||
Can't fully remove virus from system
If you switched to firefox you need to install the NoScript add-on to help
safe keep your system. -- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org "CrazyHorse" wrote in message ... I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and Destory, SmitfraudFix (didn't work), Spy Doctor. I've switched to Firefox, and amazingly I started to get the same virus redirect (your system is infected) page. I flashed the BIOS. It must be something in memory that won't let me change the registry. CH "Randem" wrote: This might be of some use - http://www.randem.com/virusproblems.html -- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org |
#10
|
|||
|
|||
Can't fully remove virus from system
Also did you try all the solutions. The bad software can hide in multiple
places and the document describes them. Only doing one of the suggestions may not help. -- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org "CrazyHorse" wrote in message ... I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and Destory, SmitfraudFix (didn't work), Spy Doctor. I've switched to Firefox, and amazingly I started to get the same virus redirect (your system is infected) page. I flashed the BIOS. It must be something in memory that won't let me change the registry. CH "Randem" wrote: This might be of some use - http://www.randem.com/virusproblems.html -- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org |
#11
|
|||
|
|||
Can't fully remove virus from system
I think my regsvc.dll is infected. Does anyone know how I can repair this?
(yes, I followed all of the advice above, but none talked about the Registry service) CH |
#12
|
|||
|
|||
Can't fully remove virus from system
Repost:
When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjunction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://spywarehammer.com/simplemachi...php?board=10.0, http://forums.spybot.info/forumdisplay.php?f=22, http://aumha.net/viewforum.php?f=30, or another appropriate forum for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ CrazyHorse wrote: I think my regsvc.dll is infected. Does anyone know how I can repair this? (yes, I followed all of the advice above, but none talked about the Registry service) CH |
#13
|
|||
|
|||
Can't fully remove virus from system
Yes, If you have removed all virus etc... Do a repair installation to
re-install the system files. -- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org "CrazyHorse" wrote in message ... I think my regsvc.dll is infected. Does anyone know how I can repair this? (yes, I followed all of the advice above, but none talked about the Registry service) CH |
#14
|
|||
|
|||
Can't fully remove virus from system
Yes, I've tried this but it says that the version of windows in newer than
the one on the CD. This is true since I have XP SP3 and dozens of fixes, security updates, etc added to my original install from Dell. I've tried the Windows File Protection (sfc /scannow or sfc /purgecache), which works well until it asks for Windows XP CD2. This is probably because of SP3 and the add-ons. My next guess would be to find a similar non-infected Windows XP system and copy the files that I think are infected from that machine to mine. CH "Randem" wrote: Yes, If you have removed all virus etc... Do a repair installation to re-install the system files. |
#15
|
|||
|
|||
Can't fully remove virus from system
Ok, then perhaps your may need to download SP3 and point the repair to the
i386 folder of SP3. If not then you may need to uninstall SP3 or at worst backup your files and do a full re-install. -- Randem Systems Your Installation Specialist The Top Inno Setup Script Generator http://www.randem.com/innoscript.html http://www.rndem.com/installerproblems.html http://www.randem.com/vistainstalls.html http://www.financialtrainingservices.org "CrazyHorse" wrote in message ... Yes, I've tried this but it says that the version of windows in newer than the one on the CD. This is true since I have XP SP3 and dozens of fixes, security updates, etc added to my original install from Dell. I've tried the Windows File Protection (sfc /scannow or sfc /purgecache), which works well until it asks for Windows XP CD2. This is probably because of SP3 and the add-ons. My next guess would be to find a similar non-infected Windows XP system and copy the files that I think are infected from that machine to mine. CH "Randem" wrote: Yes, If you have removed all virus etc... Do a repair installation to re-install the system files. |
Thread Tools | |
Display Modes | |
|
|