backdoor.agent.ba seems hot these days

Discussion in 'adware, spyware & hijack cleaning' started by nomoretitanic, Jun 27, 2004.

Thread Status:
Not open for further replies.
  1. nomoretitanic

    nomoretitanic Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    3
    I have the hot new hip thing that kids these days are calling the trojan backdoor virus. AVG informed me of this yesterday, says it's coming from a file titled wdmnmj.dll. I first tried deleting that to no avail, and then later on I found out that the .dll file was completely invisible to me. I tried to make all the hidden files visible by going to the folders option box, but could not find that infected file anywhere. However, AVG still detects it upon startup, my comp, when not running under the safe mode, keeps on rebooting itself, and my browser keeps on resetting the homepage and overloading it with funny pop-ups of viruses in dirty positions.
    I hate it.

    here's my hijackthis log, under safe mode with networking, there seems to be some pornlinks, and for what it's worth, I swear I've never been to those links before?

    Logfile of HijackThis v1.97.7
    Scan saved at 12:13:41 AM, on 6/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\pete lee\My Documents\hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
    O1 - Hosts: 66.197.26.230 www.ccbill.com
    O1 - Hosts: 66.197.26.230 www.maximumcash.com
    O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
    O1 - Hosts: 66.197.26.230 www.silvercash.com
    O1 - Hosts: 66.197.26.230 www.freeticketcash.com
    O1 - Hosts: 66.197.26.230 www.epiccash.com
    O1 - Hosts: 66.197.26.230 www.aebn.net
    O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
    O1 - Hosts: 66.197.26.230 www.fatpockets.com
    O1 - Hosts: 66.197.26.230 www.adultplatinum.com
    O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
    O1 - Hosts: 66.197.26.230 www.cumfiesta.com
    O1 - Hosts: 66.197.26.230 www.nastydollars.com
    O1 - Hosts: 66.197.26.230 www.hawgscash.com
    O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
    O1 - Hosts: 66.197.26.230 www.oxcash.com
    O1 - Hosts: 66.197.26.230 www.amateurpages.com
    O1 - Hosts: 66.197.26.230 www.milfhunter.com
    O1 - Hosts: 66.197.26.230 www.gammae.com
    O1 - Hosts: 66.197.26.230 www.captainstabbin.com
    O1 - Hosts: 66.197.26.230 www.bignaturals.com
    O1 - Hosts: 66.197.26.230 www.sweetmoney.com
    O1 - Hosts: 66.197.26.230 www.karasxxx.com
    O1 - Hosts: 66.197.26.230 www.albionmedical.com
    O1 - Hosts: 66.197.26.230 www.wegcash.com
    O1 - Hosts: 66.197.26.230 www.karupspc.com
    O1 - Hosts: 66.197.26.230 www.pillsmoney.com
    O1 - Hosts: 66.197.26.230 adultrevenueservice.com
    O1 - Hosts: 66.197.26.230 ccbill.com
    O1 - Hosts: 66.197.26.230 maximumcash.com
    O1 - Hosts: 66.197.26.230 freeezinebucks.com
    O1 - Hosts: 66.197.26.230 silvercash.com
    O1 - Hosts: 66.197.26.230 freeticketcash.com
    O1 - Hosts: 66.197.26.230 epiccash.com
    O1 - Hosts: 66.197.26.230 aebn.net
    O1 - Hosts: 66.197.26.230 lightspeedcash.com
    O1 - Hosts: 66.197.26.230 fatpockets.com
    O1 - Hosts: 66.197.26.230 adultplatinum.com
    O1 - Hosts: 66.197.26.230 vidsandtoys.com
    O1 - Hosts: 66.197.26.230 cumfiesta.com
    O1 - Hosts: 66.197.26.230 nastydollars.com
    O1 - Hosts: 66.197.26.230 hawgscash.com
    O1 - Hosts: 66.197.26.230 pure-pornstars.com
    O1 - Hosts: 66.197.26.230 oxcash.com
    O1 - Hosts: 66.197.26.230 amateurpages.com
    O1 - Hosts: 66.197.26.230 milfhunter.com
    O1 - Hosts: 66.197.26.230 gammae.com
    O1 - Hosts: 66.197.26.230 captainstabbin.com
    O1 - Hosts: 66.197.26.230 bignaturals.com
    O1 - Hosts: 66.197.26.230 sweetmoney.com
    O1 - Hosts: 66.197.26.230 karasxxx.com
    O1 - Hosts: 66.197.26.230 albionmedical.com
    O1 - Hosts: 66.197.26.230 wegcash.com
    O1 - Hosts: 66.197.26.230 karupspc.com
    O1 - Hosts: 66.197.26.230 pillsmoney.com
    O1 - Hosts: 66.197.93.224 uh-oh.net
    O1 - Hosts: 66.197.93.224 www.uh-oh.net
    O1 - Hosts: 66.197.93.224 wetcircle.com
    O1 - Hosts: 66.197.93.224 www.wetcircle.com
    O1 - Hosts: 66.197.93.224 free64all.com
    O1 - Hosts: 66.197.93.224 www.free64all.com
    O1 - Hosts: 66.197.93.224 richards-realm.com
    O1 - Hosts: 66.197.93.224 www.richards-realm.com
    O1 - Hosts: 66.197.93.224 richards-realm.com
    O1 - Hosts: 66.197.93.224 www.richards-realm.com
    O1 - Hosts: 66.197.93.224 hardcorejunky.net
    O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
    O1 - Hosts: 66.197.93.224 mmm100.com
    O1 - Hosts: 66.197.93.224 www.mmm100.com
    O1 - Hosts: 66.197.93.224 mature-post.com
    O1 - Hosts: 66.197.93.224 www.mature-post.com
    O1 - Hosts: 66.197.93.224 elephant-list.com
    O1 - Hosts: 66.197.93.224 www.elephant-list.com
    O1 - Hosts: 66.197.93.224 sleazydream.com
    O1 - Hosts: 66.197.93.224 www.sleazydream.com
    O1 - Hosts: 66.197.93.224 call-kelly.com
    O1 - Hosts: 66.197.93.224 www.call-kelly.com
    O1 - Hosts: 66.197.93.224 chubbyland.com
    O1 - Hosts: 66.197.93.224 www.chubbyland.com
    O1 - Hosts: 66.197.93.224 blitzpics.com
    O1 - Hosts: 66.197.93.224 www.blitzpics.com
    O1 - Hosts: 66.197.93.224 bondagewizard.com
    O1 - Hosts: 66.197.93.224 www.bondagewizard.com
    O1 - Hosts: 66.197.93.224 pichunter.com
    O1 - Hosts: 66.197.93.224 www.pichunter.com
    O1 - Hosts: 66.197.93.224 male-movies.com
    O1 - Hosts: 66.197.93.224 www.male-movies.com
    O1 - Hosts: 66.197.93.224 silent-screams.com
    O1 - Hosts: 66.197.93.224 www.silent-screams.com
    O1 - Hosts: 66.197.93.224 citizencane.org
    O1 - Hosts: 66.197.93.224 www.citizencane.org
    O1 - Hosts: 66.197.93.224 persiankitty.com
    O1 - Hosts: 66.197.93.224 www.persiankitty.com
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {E7637F29-F66E-4C47-A095-F645337ABB25} - C:\WINDOWS\System32\bahba.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\netda.exe
    O4 - HKLM\..\Run: [Socket Utility] C:\WINDOWS\System32\svchostz.exe
    O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe
    O4 - HKLM\..\Run: [Digital Patrol Update 5] C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe /autoupdate
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunServices: [Socket Utility] C:\WINDOWS\System32\svchostz.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Socket Utility] C:\WINDOWS\System32\svchostz.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [a] "C:\Program Files\a2\a2guard.exe"
    O4 - HKCU\..\RunServices: [Socket Utility] C:\WINDOWS\System32\svchostz.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - C:\Documents and Settings\pete lee\My Documents\DSLite2.04\DSLite2\dl_text.html
    O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Documents and Settings\pete lee\My Documents\DSLite2.04\DSLite2\dl_url.html
    O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: NetAnts (HKLM)
    O9 - Extra 'Tools' menuitem: &NetAnts (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: D.S.Lite (HKLM)
    O9 - Extra 'Tools' menuitem: &D.S.Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wildgames/stx/install.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi nomoretitanic,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)

    O2 - BHO: (no name) - {E7637F29-F66E-4C47-A095-F645337ABB25} - C:\WINDOWS\System32\bahba.dll

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\netda.exe
    O4 - HKLM\..\Run: [Socket Utility] C:\WINDOWS\System32\svchostz.exe
    O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe

    O4 - HKLM\..\RunServices: [Socket Utility] C:\WINDOWS\System32\svchostz.exe

    O4 - HKCU\..\Run: [Socket Utility] C:\WINDOWS\System32\svchostz.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q

    O4 - HKCU\..\RunServices: [Socket Utility] C:\WINDOWS\System32\svchostz.exe

    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm

    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wildgames/stx/install.cab

    Then reboot into safe mode and delete:
    C:\Program Files\ClearSearch <= entire folder
    C:\WINDOWS\System32\svchostz.exe
    C:\WINDOWS\System32\netdd.exe
    C:\WINDOWS\System32\netda.exe
    C:\install.cab

    Then find C:\WINDOWS\System32\drivers\etc\hosts and rename it to hosts.bak

    Copy the contents of the bold text to Notepad.
    Name the file Appinit.bat
    Save as type *All Files*
    Save on the Desktop.

    Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
    ren windows1.hiv windows.txt

    Double click on Appinit.bat
    This will create a file on the desktop named windows.txt
    Post the content please.

    Regards,

    Pieter
     
  3. nomoretitanic

    nomoretitanic Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    3
    windows.txt returns me a bunch of gibberish--is this what you were asking for?

    regf       Pugf hbin  P   )  *ÿÿÿnk, ÀÎÐÔþ[Ä ÿÿÿÿ ÿÿÿÿÿÿÿÿ À € ÿÿÿÿ 0 > e r  Windowsowsa p I ÿÿÿskN€€ €  Ô  „¸ È   ¤       !  €  !  ?          ?               Ðÿÿÿvk  *   ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  Pâ  p Ðÿÿÿvk  €'   zGDIProcessHandleQuota"þðÿÿÿ9 0  Ð àÿÿÿvk     °ºSpooler2ðÿÿÿy e s
    Ñ_åàÿÿÿvk  €   5swapdisk p ¸ ø ( ` Ðÿÿÿvk  è   . TransmissionRetryTimeoutÐÿÿÿvk  €'   O USERProcessHandleQuotao àÿÿÿp ¸ ø ( `  
    à©2Dv\ÄG 8 ¹÷      `ã>Dv\ÄO ðS-÷ D      `ã>Dv\ÄO ðS-÷ L      `ã>Dv\ÄY! ',÷ P     °•IDv\Ä„ ¾ ]€ \     • NFv\Äë ðWR€ 

    X   À¿èOv\Äu" ©Î,÷ ¼      ð±ÔSv\Ä‚ ȹÒö *    9ÖSv\ă ȹÒö ¤    S y s t e m   @+NDv\Ä0‡ s   °F `   €¸ À: è * @ 3 X @ € °  ° V 5  øÍ Fv À @+NDv\Ä &šXH` d M   ÐÀRDv\Ä! ¸‡XH` h    ÐÀRDv\Ä ¸‡XH` l    s m s s . e x e P
    pFüFv\Äpèï à‘e   J
    ” ` á ð£ PÌee 0 = ¸Q   8 h ð 0 ð  a ,~ ÅÀ *aIv\Ä# J#·u” œ      *aIv\Ä ÕŸ¶u” * 
       àG P%# °×qIv\Ä3# ðA´u” ¤ 
    C   pôwIv\ÄÂ â7´u” ¨ 
       + €¬$ ð-„Iv\Ä2# ðA´u” ´ 
    U   À à˜Jv\Ä3# *è¶u” ¸ 
    - 
    B) JšJv\Ä3# *è¶u” ¼ 
    ù 
    `!PKv\Äï *è¶u” ì 
     
    ÙWv\Ä# 1·u” d      • @4Ëjv\Ä1# —v·u” À 
     
    c s r s s . e x e Ø  ð-„Iv\Ä ÷j (Z  ÐN
    ¬ ` Ú ðø —Ú › ) Î p³ 8 0 °7 T °7 ê L ) *- ß ¼Ž €’U à*X ð-„Iv\Ä1# YŬ °   b 
    À 0‡ X%Kv\Äÿ BÓçw¬ Ä

    p   X%Kv\Ä; BÓçw¬ È

       X%Kv\ĺ
    BÓçw¬ Ì

       • + X%Kv\Ä" BÓçw¬ Ð 
    W   0‡ Pß&Kv\Äÿ BÓçw¬ Ô 
       Ð3Kv\Ä BÓçw¬ à 
      0€Kv\ÄÂ BÓçw¬  
     
    • °±Lv\ÄZ BÓçw¬ ð 
       Ph÷Lv\ÄK BÓçw¬  

      ÀE Mv\Ä BÓçw¬     “Qv\Ä BÓçw¬ ô

       ` 0 þQv\Ä1# BÓçw¬ 0

    N   ×õ]v\ÄØ BÓçw¬ |

       €åø]v\Ä% BÓçw¬ €

      pugv\ÄZ BÓçw¬ ¬

       w i n l o g o n . e x e X  €f(Kv\Ä€9 Ð^/  (T Ø ¬ í E /  °/ °. p\ pU h Ø ð * ð s š Ÿ Œ’ õ¾ ( PÅWKv\Äô BÓçwØ ð    PÅWKv\Ä
     

    Attached Files:

  4. nomoretitanic

    nomoretitanic Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    3
    hey somehow I just found the infected mdmnmj.dll file when I logged on as the administrator under safe mode, and I deleted the file, and then used the CWS shredder, and now the problem seems to be solved, AVG does not warn me anymore, and the homepage isn't hijacked anymore. Should I celebrate right now or might my computer still be infected?
     
Thread Status:
Not open for further replies.