problem in removing win32/adware.vitumonde.NBH (maybe)

Discussion in 'NOD32 version 2 Forum' started by mahmoodn, Aug 28, 2008.

Thread Status:
Not open for further replies.
  1. mahmoodn

    mahmoodn Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    11
    Hello,:)
    I encounter a problem and need help. My system infected with some trojans and I tried to remove them with nod32, but it didn't!!o_O o_O

    next I use eset sysinspector and located two dll files and a egistry key: opnnn.dll:mad: and jkkjabca.dll:mad: (they seem to be from Win32/Adware.Virtumonde.NBH:cautious: ). They could not be deleted within windows because they were used by processes. Then I entered ubuntu and delete these two DLLs and after returring to windows I delete the registry key.

    I worked with it some minutes to see if there is any error message and signs of virus and other things and actually there was no problem with system.

    After I restart my computer I noticed that all user accounts and built-in administrator now require passwords!!!:eek: :ouch: o_O

    I am still challenging with it and can not enter any user account.:gack:

    Is this problem because of deleting these two files?

    Any idea?:rolleyes:
     
    Last edited: Aug 28, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    You should be able to remove them using Undll.
     
  3. mahmoodn

    mahmoodn Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    11
    Actually I couldn't login to windows because all accounts have now password:( . So I decided to reformat again (a very straight solution):cool: .

    I found on another computer the same virus and trojan behaviour:mad: . So before manualy deleting files I first run sysinspector and found these files:
    ljjDtuSR.dll:gack:
    mljDsspf.dll:gack:
    neaotkjd.dll:gack:
    HDBHO.dll:gack:

    then I run undll that you linked and this program remove them and clean the registry. after restart there was (and now is) problem.:) :rolleyes: :argh:

    Thanks for your help.:thumb:
     
  4. Fatih Batur

    Fatih Batur Registered Member

    Joined:
    Sep 9, 2008
    Posts:
    15
    In the Netherlands they produced a new removal tool called Spicy Leboratory

    Spicy Lemon = NOD32 Netherlands, you can use it to remove your virus.

    (You must enter your name + e-mail adress, NOD32 the Netherlands wont spam you with ads. they want your email adress to add it to the "whitelist".)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.