problem in removing win32/adware.vitumonde.NBH (maybe)

Discussion in 'NOD32 version 2 Forum' started by mahmoodn, Aug 28, 2008.

Thread Status:
Not open for further replies.
  1. mahmoodn

    mahmoodn Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    11
    Hello,:)
    I encounter a problem and need help. My system infected with some trojans and I tried to remove them with nod32, but it didn't!!o_O o_O

    next I use eset sysinspector and located two dll files and a egistry key: opnnn.dll:mad: and jkkjabca.dll:mad: (they seem to be from Win32/Adware.Virtumonde.NBH:cautious: ). They could not be deleted within windows because they were used by processes. Then I entered ubuntu and delete these two DLLs and after returring to windows I delete the registry key.

    I worked with it some minutes to see if there is any error message and signs of virus and other things and actually there was no problem with system.

    After I restart my computer I noticed that all user accounts and built-in administrator now require passwords!!!:eek: :ouch: o_O

    I am still challenging with it and can not enter any user account.:gack:

    Is this problem because of deleting these two files?

    Any idea?:rolleyes:
     
    Last edited: Aug 28, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You should be able to remove them using Undll.
     
  3. mahmoodn

    mahmoodn Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    11
    Actually I couldn't login to windows because all accounts have now password:( . So I decided to reformat again (a very straight solution):cool: .

    I found on another computer the same virus and trojan behaviour:mad: . So before manualy deleting files I first run sysinspector and found these files:
    ljjDtuSR.dll:gack:
    mljDsspf.dll:gack:
    neaotkjd.dll:gack:
    HDBHO.dll:gack:

    then I run undll that you linked and this program remove them and clean the registry. after restart there was (and now is) problem.:) :rolleyes: :argh:

    Thanks for your help.:thumb:
     
  4. Fatih Batur

    Fatih Batur Registered Member

    Joined:
    Sep 9, 2008
    Posts:
    15
    In the Netherlands they produced a new removal tool called Spicy Leboratory

    Spicy Lemon = NOD32 Netherlands, you can use it to remove your virus.

    (You must enter your name + e-mail adress, NOD32 the Netherlands wont spam you with ads. they want your email adress to add it to the "whitelist".)
     
Thread Status:
Not open for further replies.