A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Can't fully remove virus from system



 
 
Thread Tools Display Modes
  #1  
Old November 28th 08, 06:39 PM posted to microsoft.public.windowsxp.general
CrazyHorse
external usenet poster
 
Posts: 6
Default Can't fully remove virus from system

I'm trying to fully delete a virus from my computer and I'm stuck. I don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus, but
there are a couple of things I can't fix.

1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s

The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)

The key is recreated almost immediately after I delete it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}

I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.

In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.

Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.


2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.

Can someone please help me find out how the fully remove this virus?

Please.

Ads
  #2  
Old November 28th 08, 07:04 PM posted to microsoft.public.windowsxp.general
Malke[_2_]
external usenet poster
 
Posts: 4,341
Default Can't fully remove virus from system

CrazyHorse wrote:

I'm trying to fully delete a virus from my computer and I'm stuck. I
don't know the name of the virus, but it is the one that says your
computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus,
but there are a couple of things I can't fix.


(snip details)

You are still infected. At this point, you need to either get guided help at
one of the specialty forums below OR back up your data and do a clean
install of Windows. It is your choice. If you are unsure how to back up
your data or how to do a clean install, you can take your machine to a
local computer professional. I don't recommend using
BigComputerStore/GeekSquad types of places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

  #3  
Old November 28th 08, 07:16 PM posted to microsoft.public.windowsxp.general
db.·.. >
external usenet poster
 
Posts: 733
Default Can't fully remove virus from system

using one anti virus
program may not be
helpful.

and who knows, perhaps
your anti virus program is
the thing that is infecting
your system.

-------

if you back up your data,
be sure it is only your personal
files otherwise you will be backing
up the infection as well.

---------------

turn off/disable your a.v.
and try this:

http://onecare.live.com/site/en-US/default.htm



--

db·´¯`·...¸)))º
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces

"CrazyHorse" wrote in message news
I'm trying to fully delete a virus from my computer and I'm stuck. I don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus, but
there are a couple of things I can't fix.

1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s

The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)

The key is recreated almost immediately after I delete it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper
Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}

I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.

In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.

Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.


2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.

Can someone please help me find out how the fully remove this virus?

Please.


  #4  
Old November 28th 08, 09:14 PM posted to microsoft.public.windowsxp.general
The Real Truth MVP
external usenet poster
 
Posts: 55
Default Can't fully remove virus from system

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem is
still there then run my diagnostic tool called whatslivern. That file after
a few seconds, when complete, will generate a log file. That log file will
be saved in the same directory you ran the program from, using the email
link and the bottom of my page send me a copy of that log file.
http://pcbutts1.com/downloads/tools/tools.htm


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/




"CrazyHorse" wrote in message
news
I'm trying to fully delete a virus from my computer and I'm stuck. I
don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus,
but
there are a couple of things I can't fix.

1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s

The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)

The key is recreated almost immediately after I delete it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}

I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.

In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.

Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.


2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.

Can someone please help me find out how the fully remove this virus?

Please.


  #5  
Old November 29th 08, 12:32 AM posted to microsoft.public.windowsxp.general
PA Bear [MS MVP]
external usenet poster
 
Posts: 9,010
Default Can't fully remove virus from system

Get lost, you imposted & thief.

The Real Truth MVP wrote:
Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm After reboot if the problem
is
still there then run my diagnostic tool called whatslivern. That file
after
a few seconds, when complete, will generate a log file. That log file will
be saved in the same directory you ran the program from, using the email
link and the bottom of my page send me a copy of that log file.
xxxx.pcbutts1HOLE.com/downloads/tools/tools.htm



"CrazyHorse" wrote in message
news
I'm trying to fully delete a virus from my computer and I'm stuck. I
don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus,
but
there are a couple of things I can't fix.

1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s

The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)

The key is recreated almost immediately after I delete it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}

I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.

In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled
again.

Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.


2) The virus starts my internet connection and connects to the internet
by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.

Can someone please help me find out how the fully remove this virus?

Please.


  #6  
Old November 29th 08, 02:12 AM posted to microsoft.public.windowsxp.general
Randem
external usenet poster
 
Posts: 884
Default Can't fully remove virus from system

This might be of some use - http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" wrote in message
news
I'm trying to fully delete a virus from my computer and I'm stuck. I
don't
know the name of the virus, but it is the one that says your computer is
infected and starts doing a scan. Then, your IE will be redirected to ad
sites every couple of minutes. I used Malwarebytes to remove the virus,
but
there are a couple of things I can't fix.

1) Can't remove these keys from the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

kikewupli REG_SZ Rundll32.exe "C:\WINDOWS\system32\wehebopa.dll",s

The name of the dll keeps changing (jazejumi.dll, vagazodi.dll)

The key is recreated almost immediately after I delete it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser
Helper Objects\{c48f83f8-8ac1-46ec-98ec-355e39506cf2}

I tried adding the "NoExplorer REG_DWORD 1" but that didn't work.

In Internet Explorer (Tools/Internet Options/Programs/Manage Add-ons) it
shows up as:
hulahake.dll. Each time I disable it and restart IE, it is enabled again.

Currently, I'm using Internet Explorer (with no add-ons) which seems to
prevent being redirected.


2) The virus starts my internet connection and connects to the internet by
itself. After it does
this, the names of the dll's have changed and I'm back to square one.

Can someone please help me find out how the fully remove this virus?

Please.



  #7  
Old November 29th 08, 07:39 PM posted to microsoft.public.windowsxp.general
CrazyHorse
external usenet poster
 
Posts: 6
Default Can't fully remove virus from system

I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor.

I've switched to Firefox, and amazingly I started to get the same virus
redirect (your system is infected) page.

I flashed the BIOS. It must be something in memory that won't let me change
the registry.

CH

"Randem" wrote:

This might be of some use - http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


  #8  
Old November 29th 08, 10:20 PM posted to microsoft.public.windowsxp.general
Malke[_2_]
external usenet poster
 
Posts: 4,341
Default Can't fully remove virus from system

CrazyHorse wrote:

I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor.

I've switched to Firefox, and amazingly I started to get the same virus
redirect (your system is infected) page.

I flashed the BIOS. It must be something in memory that won't let me
change the registry.


Flashing the BIOS is never a solution for virus/malware infection. One thing
has nothing to do with the other. You are still infected and it is
completely *not* amazing that you are having problems in Firefox, too. Do
as I suggested in my previous post and either get guided help or
wipe/clean-install.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

  #9  
Old November 30th 08, 02:50 AM posted to microsoft.public.windowsxp.general
Randem
external usenet poster
 
Posts: 884
Default Can't fully remove virus from system

If you switched to firefox you need to install the NoScript add-on to help
safe keep your system.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" wrote in message
...
I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor.

I've switched to Firefox, and amazingly I started to get the same virus
redirect (your system is infected) page.

I flashed the BIOS. It must be something in memory that won't let me
change
the registry.

CH

"Randem" wrote:

This might be of some use - http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org




  #10  
Old November 30th 08, 02:51 AM posted to microsoft.public.windowsxp.general
Randem
external usenet poster
 
Posts: 884
Default Can't fully remove virus from system

Also did you try all the solutions. The bad software can hide in multiple
places and the document describes them. Only doing one of the suggestions
may not help.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" wrote in message
...
I've have Norton Antivirus. I've tried Malwarebytes, Spybot Search and
Destory, SmitfraudFix (didn't work), Spy Doctor.

I've switched to Firefox, and amazingly I started to get the same virus
redirect (your system is infected) page.

I flashed the BIOS. It must be something in memory that won't let me
change
the registry.

CH

"Randem" wrote:

This might be of some use - http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org




  #11  
Old December 1st 08, 07:20 PM posted to microsoft.public.windowsxp.general
CrazyHorse
external usenet poster
 
Posts: 6
Default Can't fully remove virus from system

I think my regsvc.dll is infected. Does anyone know how I can repair this?

(yes, I followed all of the advice above, but none talked about the Registry
service)

CH
  #12  
Old December 1st 08, 10:18 PM posted to microsoft.public.windowsxp.general
PA Bear [MS MVP]
external usenet poster
 
Posts: 9,010
Default Can't fully remove virus from system

Repost:

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

CrazyHorse wrote:
I think my regsvc.dll is infected. Does anyone know how I can repair
this?

(yes, I followed all of the advice above, but none talked about the
Registry
service)

CH


  #13  
Old December 2nd 08, 06:27 AM posted to microsoft.public.windowsxp.general
Randem
external usenet poster
 
Posts: 884
Default Can't fully remove virus from system

Yes, If you have removed all virus etc... Do a repair installation to
re-install the system files.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" wrote in message
...
I think my regsvc.dll is infected. Does anyone know how I can repair this?

(yes, I followed all of the advice above, but none talked about the
Registry
service)

CH



  #14  
Old December 2nd 08, 09:01 PM posted to microsoft.public.windowsxp.general
CrazyHorse
external usenet poster
 
Posts: 6
Default Can't fully remove virus from system

Yes, I've tried this but it says that the version of windows in newer than
the one on the CD. This is true since I have XP SP3 and dozens of fixes,
security updates, etc added to my original install from Dell.

I've tried the Windows File Protection (sfc /scannow or sfc /purgecache),
which works well until it asks for Windows XP CD2. This is probably because
of SP3 and the add-ons.

My next guess would be to find a similar non-infected Windows XP system and
copy the files that I think are infected from that machine to mine.


CH

"Randem" wrote:

Yes, If you have removed all virus etc... Do a repair installation to
re-install the system files.


  #15  
Old December 2nd 08, 10:19 PM posted to microsoft.public.windowsxp.general
Randem
external usenet poster
 
Posts: 884
Default Can't fully remove virus from system

Ok, then perhaps your may need to download SP3 and point the repair to the
i386 folder of SP3. If not then you may need to uninstall SP3 or at worst
backup your files and do a full re-install.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org


"CrazyHorse" wrote in message
...
Yes, I've tried this but it says that the version of windows in newer than
the one on the CD. This is true since I have XP SP3 and dozens of fixes,
security updates, etc added to my original install from Dell.

I've tried the Windows File Protection (sfc /scannow or sfc /purgecache),
which works well until it asks for Windows XP CD2. This is probably
because
of SP3 and the add-ons.

My next guess would be to find a similar non-infected Windows XP system
and
copy the files that I think are infected from that machine to mine.


CH

"Randem" wrote:

Yes, If you have removed all virus etc... Do a repair installation to
re-install the system files.




 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 04:38 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.