Constant restarting, malware, vundo trojan, major computer problems

Discussion in 'malware problems & news' started by d_headshot, Oct 13, 2008.

Thread Status:
Not open for further replies.
  1. d_headshot

    d_headshot Registered Member

    Joined:
    Oct 13, 2008
    Posts:
    3
    Here's how the problem started:

    On saturday, there was an exe on my desktop on my windows xp computer that was just there and I never downloaded anything maliciously. The file name had something like "blah blah microsoft office blah blah". When I clicked it, it disappeared then a firefox window popped up with a weird message. I first tried downloading avast anti virus and it took care of some minor threats but they weren't the problem. When the virus or spyware couldn't be detected or removed I tried sevel different softwares such as spybot search and destroy, SUPERspyware remover, spy doctor(unfortunately trial users can't remove risks), adaware(this too doesn't allow trial users to remove threats), and a couple of others then finally AVG. I scanned my entire computer and one adware threat appeared with a bunch of tracking cookies. I sent them to the virus vault and deleted the files but the pop ups are still popping up(this was on saturday). The computer also frequently restarts on its own and shows the blue screen of death with this error:

    STOP: 0x0000050 (0xE159A000, 0X00000000, 0xF85CAAF1, 0x00000001)

    Here are some computer specs:

    -Windows XP Home edition
    -Antivirus: AVG Free 8.0, reinstalled malwarebyte's anti-malware
    -Previously installed anti-virus: Symantec corperate edition, avast! home edition, spybot search and destroy, malwarebyte's anti-malware, and spydoctor
    -Firewall: Windows firewall
    -Service provider: Shaw.ca ISP with highspeed cable

    More errors and problems(mostly on log in):

    "Error loading C:\WINDOWS\system32\mefgkcwb.dll

    Access is denied."


    Yesterday and Today the error changed to:

    "Error loading C:\WINDOWS\system32\mefgkcwb.dll

    The specified module could not be found."



    For the malware, I used malwarebyte's anti-malware and AVG for scans. Here are some of the trojans or malware that were detected:

    (Picked up by AVG)
    -Trojan horse Generic11.AWWI, path is C:\WINDOWS\system32\CMWYXK.DLL
    -Trojan horse Agent.AFFV, path is C:\WINDOWS\system32\MEFGKCWB.DLL
    -Trojan horse Agent.AFFV, path is C:\WINDOWS\system32\WOQXQTIN.DLL
    -Trojan horse Generic11.AWWI, path is C:\WINDOWS\system32\FFPQAD.DLL

    (Picked up by MalwareByte's Anti-Malware)
    -Trojan.Vundo.H, Items: HKEY_CLASSES_ROOT\CLSID\{c1711e7b-a8b5-4a8b-a9ba-5aef0e5b70b1}
    -Trojan.Vundo.H, Items: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1711e7b-a8b5-4a8b-a9ba-5aef0e5b70b1}
    -Adware.MyWebSearch, Items: HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}

    There were other trojans and infections but I removed/deleted them with the antivirus software earlier today. Forgot to mention that automatic updates for windows hasn't been able to be turned on for the last couple of days and I got the malware yesterday.

    I have two hijackthis logs, one from saturday and one from sunday. I think the one to be most conserned with is the one from saturday.
     
  2. d_headshot

    d_headshot Registered Member

    Joined:
    Oct 13, 2008
    Posts:
    3
    Saturday's hijackthis log:

    ~Log removed. - Ron~
     
    Last edited by a moderator: Oct 13, 2008
  3. d_headshot

    d_headshot Registered Member

    Joined:
    Oct 13, 2008
    Posts:
    3
    Sunday's log:

    ~Log removed. - Ron~
     
    Last edited by a moderator: Oct 13, 2008
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Please note, HJT logs are forbidden in this forum. I suggest you to delete your previous post so the mods don't close this thread and someone can help you out ;)

    There are a lot of forums that handle HJT logs, you can find some here.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,792
    Location:
    Texas
    As noted, Wilders no longer analyzes logs. Pick a forum here for some one on one help with your logs.
     
Loading...
Thread Status:
Not open for further replies.