|
Answer» Hi
I'd really appreciate any help you can offer with this. My laptop seems to be infested with viruses. When I turn on the machine and it loads up the desktop, I get an error message saying:
Error loading C:\WINDOWS\system32\gwyfbocj.dll
The specified module could not be found.
And it opens up two folders of 'My Documents'. This happens at every start up.
When I have two or more web pages open, the computer freezes up and brings up the standerd Microsoft message saying the system needs to close and if I want to send an error report to microsoft. I can end programs by using ctr alt delete but the screen stays frozen and I have to turn off the comptuer manually. When Windows is shutting down it first ends the program:
winpop.exe
My laptop details
Toshiba Satellite Pro
Windows XP Professional
Intel Centrino Duo
[emailprotected]
1.73GHz, 1.49 GB of RAM
I have downloaded the free version of AVG anti virus and spyware but I also have a Chinese version of kaspersky which I can't uninstall. When I go to add/remove programs it's just not there!! It seems to run independantly on my tool BAR and when I click on it it doesn't open, just freezes.
I'm living in China at the minute and have downloaded TVU so I can watch football from home, I also have sopcast. The problems seemed to start since I started using internet Tv. Do you think this has anything to do with the viruses?
Thanks a million if you can help in any wayTry using easycleaner (http://personal.inet.fi/business/toniarts/ecleane.htm)
to remove unnecessary startup items like winpop.exe (local network messenging.)
Update AVG and run a full scan in safe mode with system restore disabled.
Use ad-aware (http://www.download.com/Ad-Aware-2007/3000-8022_4-10731194.html?tag=pop.software) and spybot - search and destroy (http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10743107.html?tag=lst-0-1)
to remove the malware from your computer.
I recommend that you try Mozilla Firefox as well. (http://www.download.com/Mozilla-Firefox/3000-2356_4-10744221.html?tag=lst-0-4)
Hope this helps. That .dll is not LISTED in any database i checked...is it spelled correctly ? ?
Take the advice above and let us KNOW.It looks very much like a Vundo filename...
1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post.
And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.
5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post.
After following these steps and the above advice, you may want to post a HijackThis log as well.Hey,
Thanks for the advice, it really seems to have worked. You guys do a really good job here. Can I ask you about on emore thing or should I post a new topic. I still have a Chinese version of Kaspersky running in the background. it is an original copy but it seemed to crash when I installed it or something. It doesn't want to respond to anything and I also have AVG's free antivirus software. I know I shouldnt have two antivirus but when I go to add/remove programs Kaspersky isnt there.
Is there a program I can download to nuke it?
Here's my VBG log file
[09/28/2007, 15:56:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\OG\Desktop\VirtumundoBeGone.exe" )
[09/28/2007, 15:56:23] - Detected System Information:
[09/28/2007, 15:56:23] - Windows Version: 5.1.2600, SERVICE Pack 2
[09/28/2007, 15:56:23] - Current Username: OG (Admin)
[09/28/2007, 15:56:23] - Windows is in SAFE mode with Networking.
[09/28/2007, 15:56:23] - Searching for Browser Helper Objects:
[09/28/2007, 15:56:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/28/2007, 15:56:23] - BHO 2: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[09/28/2007, 15:56:23] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/28/2007, 15:56:23] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/28/2007, 15:56:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/28/2007, 15:56:23] - No filename found. Continuing.
[09/28/2007, 15:56:23] - BHO 5: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[09/28/2007, 15:56:23] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[09/28/2007, 15:56:23] - BHO 7: {DA64119B-F802-4EF9-BEA0-68F190E37198} ()
[09/28/2007, 15:56:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/28/2007, 15:56:24] - Checking for HKLM\...\Winlogon\Notify\pmnll
[09/28/2007, 15:56:24] - KEY not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[09/28/2007, 15:56:24] - Finished Searching Browser Helper Objects
[09/28/2007, 15:56:24] - Finishing up...
[09/28/2007, 15:56:24] - Nothing found! Exiting...if there is no kaspersky in the add or remove, then i think it is save to delete it inside the program files.
After that try cleaning it with ccleaner
http://www.ccleaner.com/
i much more like avira rather than avg, believe me it's better.
http://www.avira.com/en/download/index.html
Sorry for not responding sooner, seanog. Things can get a bit busy around here sometimes.
I would still suggest posting a HijackThis log. This will help us determine if anything else might still be on your computer. Vundo can be a tricky infection, so you may still have traces on it. We might also be able to use HJT to help with your Kaspersky issue.
|
