AnimeSuki Forum - View Single Post - WIN32/Adware.Virtumonde and WIN32/PrivacyRemover.M64 Virus!!! HELP!!!

demonix · 2008-09-04, 07:28

First you should start in safe mode run hijack this again and fix the following

O2 - BHO: agadoo browser optimizer - {0413b2a6-ccee-8a48-af7a-44e13614aa74} - C:\windows\system32\xnnsiqgefjytjwah.dll
O2 - BHO: {2250c470-6a3c-67cb-ec34-4f7fba08f861} - {168f80ab-f7f4-43ce-bc76-c3a6074c0522} - C:\windows\system32\rtehak.dll
O2 - BHO: (no name) - {443270C0-150C-4397-BB56-A9FA4938D763} - C:\windows\system32\byXQkhgD.dll
O2 - BHO: radbanner browser enhancer - {c4df71f7-4526-064e-faae-c95d5d56ef12} - C:\windows\system32\yvwytycumugif.dll
O2 - BHO: (no name) - {F73D5609-8DF2-4D19-BE50-ECA3CF87EEEE} - C:\windows\system32\urqPhfgd.dll
O4 - HKLM\..\Run: [{0F-F8-85-5D-DW}] C:\windows\system32\rnwnw64l.exe DWram03FF
O4 - HKLM\..\Run: [{27d66248-db37-177d-29bd-c62bf72849d3}] C:\windows\System32\Rundll32.exe "C:\windows\system32\yvwytycumugif.dll" DllStart
O4 - HKLM\..\Run: [lphcp6tj0e1an] C:\windows\system32\lphcp6tj0e1an.exe
O4 - HKLM\..\Run: [{137105cb-7a87-acf3-d2d4-c631de085c36}] C:\windows\System32\Rundll32.exe "C:\windows\system32\xnnsiqgefjytjwah.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\windows\system32\pcntntdl.exe DWram03FF
O4 - HKLM\..\Run: [runner1] C:\windows\faceback.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [6ca0f8f2] rundll32.exe "C:\windows\system32\widcdhyc.dll",b
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\pcntntdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64l.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm414YYUS
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG...FG-toolbar.cab
O20 - Winlogon Notify: urqPhfgd - C:\windows\SYSTEM32\urqPhfgd.dll

Then go into the folders where the files are located and remove them (you might have to reboot back into safe mode to do this after you've done the fixing in hijack this) plus you should disable system restore as some malware will hide in there and constantly restore itself after you've removed it.

2008-09-04, 07:28	Link #14
demonix Senior Member Join Date: Jul 2006 Location: Hayes, Middx UK Age: 44	First you should start in safe mode run hijack this again and fix the following O2 - BHO: agadoo browser optimizer - {0413b2a6-ccee-8a48-af7a-44e13614aa74} - C:\windows\system32\xnnsiqgefjytjwah.dll O2 - BHO: {2250c470-6a3c-67cb-ec34-4f7fba08f861} - {168f80ab-f7f4-43ce-bc76-c3a6074c0522} - C:\windows\system32\rtehak.dll O2 - BHO: (no name) - {443270C0-150C-4397-BB56-A9FA4938D763} - C:\windows\system32\byXQkhgD.dll O2 - BHO: radbanner browser enhancer - {c4df71f7-4526-064e-faae-c95d5d56ef12} - C:\windows\system32\yvwytycumugif.dll O2 - BHO: (no name) - {F73D5609-8DF2-4D19-BE50-ECA3CF87EEEE} - C:\windows\system32\urqPhfgd.dll O4 - HKLM\..\Run: [{0F-F8-85-5D-DW}] C:\windows\system32\rnwnw64l.exe DWram03FF O4 - HKLM\..\Run: [{27d66248-db37-177d-29bd-c62bf72849d3}] C:\windows\System32\Rundll32.exe "C:\windows\system32\yvwytycumugif.dll" DllStart O4 - HKLM\..\Run: [lphcp6tj0e1an] C:\windows\system32\lphcp6tj0e1an.exe O4 - HKLM\..\Run: [{137105cb-7a87-acf3-d2d4-c631de085c36}] C:\windows\System32\Rundll32.exe "C:\windows\system32\xnnsiqgefjytjwah.dll" DllStart O4 - HKLM\..\Run: [ExploreUpdSched] C:\windows\system32\pcntntdl.exe DWram03FF O4 - HKLM\..\Run: [runner1] C:\windows\faceback.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [6ca0f8f2] rundll32.exe "C:\windows\system32\widcdhyc.dll",b O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\pcntntdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64l.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm414YYUS O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG...FG-toolbar.cab O20 - Winlogon Notify: urqPhfgd - C:\windows\SYSTEM32\urqPhfgd.dll Then go into the folders where the files are located and remove them (you might have to reboot back into safe mode to do this after you've done the fixing in hijack this) plus you should disable system restore as some malware will hide in there and constantly restore itself after you've removed it.