These are the problem files C:\WINDOWS\System32\wdmb.dll is the appinit C:\WINDOWS\System32\bbgfcn.dll is the bho Go through all of the...
I'm fishing a bit on this one - it seems pretty new but I think it's the deamon - so save the backups HJT makes Use Taskmanager (Ctrl-Alt-Del)...
Could you please download appinit.zip Unzip it so that both files (regread.exe and runread.exe) are in the same folder (make it it's own...
Here's a slightly out of date link on it http://www.pestpatrol.com/PestInfo/b/blazefind.asp It doesn't always show up by itself. Post the...
Post the scan log from HijackThis Unzip it somewhere to keep and run hijackthis.exe - press Scan - the Scan button changes to a Save Log button...
You can remove the c:\junkxx and the C:\findnfix folders now if you'd like To get rid of some possible remnants ----------- Download the...
********************** This is the file we need to destroy C:\WINDOWS\SYSTEM32\COMPO.DLL -Open the C:\FINDnFIX\keys1 folder - Locate the...
Make sure you remove this one with HJT O20 - AppInit_DLLs: C:\DOCUME~1\HOMETH~1\LOCALS~1\Temp\drv14.tmp.dll reboot an make sure that the file it...
Did you do an online virus scan ? Did you check for available critical updates from M$ after installing SP1 ? There may well be a back door left...
You can get a fresh notepad at (link removed - site down) if you are worried about it It belongs in c:\windows and in c:\windows\system32 The...
Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm Download FindnFix http://downloads.subratam.org/FINDnFIX.exe...
One of the items you have is likely similar to http://www.sophos.com/virusinfo/analyses/w32sdbotp.html Use Taskmanager (Ctrl-Alt-Del) to end...
Use Taskmanager (Ctrl-Alt-Del) to end these running processes if you can (or use Process Explorer) C:\WINDOWS\System32\ofps.exe...
I think that what you have is http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59666&VName=WORM_RBOT.AJ&VSect=T Use...
Sorry about the confusion - I sometimes worry that valid files get into the list. Use vx2finder to delete these files and 'Make a host' file as...
....... 8)
IF either CWShredder or AdAware notified you that media player was infected and they had to delete it: see...
fingers crossed :) Remove this one and you should be good to go (close IE first) O2 - BHO: (no name) - SOFTWARE - (no file) Visit Microsoft...
Could you please download appinit.zip Unzip it so that both files (regread.exe and runread.exe) are in the same folder then double click on...
Run HijackThis again, push Scan and place a check mark next to the following items using your mouse. Next, close all browser Windows, and push...
Separate names with a comma.
