Archive for June, 2008

How to Remove vundo Variant,NewJuan,WinFixer,Virtumonde

Posted by admin on June 26, 2008
PUP, Trojan / No Comments

[#: The article How to Remove vundo Variant,NewJuan,WinFixer,Virtumonde is an article in Spyware Removal Instructions, the original author is admin .you can read more articles at PUP> Trojan,the next article:.#]

Lots of people have inflected The Vundo family of Trojans which will bring popups that usually advertise rogue antispyware programs.Users are normally targeted by false positives, and warning of infection an example of this could be popups alerting users they are infected with a blackworm virus.

Nowadays,the vundo Variant,NewJuan/VM,Virtumonde and winfixer are the same scam above.

Symptons from a Hijackthis log:

Below is an example of a Vundo infection, though there are many different random filenames.

O2 - BHO: (no name) - {AB6BFAD6-3AAC-46E9-98E6-BD56DE7ED97c} - C:\WINDOWS\system32\wluaivlv.dll
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINDOWS\system32\ssqpmkk.dll
O2 - BHO: (no name) - {EF9A7BD4-4B5D-4481-9A58-06B5030B4B56} - C:\WINDOWS\system32\vtsqp.dll

O20 - Winlogon Notify: ssqpmkk - C:\WINDOWS\SYSTEM32\ssqpmkk.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll

more random dll files that caused by vundo variant or Virtumonde:
jkkjj.dll
vtsqp.dll
ssqpq.dll
Virtumonde.dll
AWVVU.DLL
DDCCC.DLL

How To Remove Those Vundo variant,Virtumonde,NewJuan??

An easy way is using specialised tools,just like Vundo Fix,or VirtumundoBegone

Simply Download it ,and Scan for Vundo,then get rid of Vundo variant.

If the infection is still present and you can’t remove Vundo variant ,it may be that you have a new variant that the tools cannot yet remove, or you have a stubborn infection.

or you can try to remove it by use Malwarebytes

1.Malwarebytes' Anti-Malware Download Linkcookie,and it's free.
2.after installtion ,make sure update Malwarebytes' Anti-Malware and than click scan button.
3.A screenshot shows all the malicious programs found will be shown how has seen in the picture below. Remember that, the infections May vary, what is shown.
trojanwin32fung

4.download PerfectOptimizer for other repairing, cleaning errors and problems to optimize your PC.

good luck!

Tags: , , , , , , , , , , ,

How to Get rid of Cpmsky

Posted by admin on June 16, 2008
Trojan / 1 Comment

Recently lots of people have infected the spyware called cpmsky or cpmsky.biz.
the sounds asking for help similarly like this:

How can I removed cpmsky.biz from my pc and what is it?
HELP! RUNDLL ERROR windows system32 cpmsky.dll always appear upon pc start up?
I have been hit by cpmsky. Cann you help me fix it?
How to get rid of cpmsky.dll?

the commond feature of the computer with cpmsky spyware in their Hijachthis log:

O2 - BHO: cpmsky browser optimizer - {b9c57b8d-cf96-63cf-2299-33cfc675999d} - C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll
O4 - HKLM\..\Run: [{eb74667a-959f-eb38-45e2-9c77928cd111}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll” DllInit

O2 - BHO: cpmsky browser optimizer - {c778c5b3-faea-0b98-9c5b-94fead140c0a} - C:\WINDOWS\system32\{103503c1-b5dc-c646-cf0a-d8236937decc}.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{f511bb53-c3b2-07eb-c9d4-dff16797a703}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{103503c1-b5dc-c646-cf0a-d8236937decc}.dll” DllInit

O2 - BHO: cpmsky browser optimizer - {0a00e8ae-330a-ff4e-ea83-ef87ac32b286} - C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{805ba053-d864-d9ea-8de4-4d01cf66f379}] C:\Windows\System32\Rundll32.exe “C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll” DllInit

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{2e078b9e-52cf-da35-0006-e039d4be5175}.dll” DllInit
O2 - BHO: cpmsky browser optimizer - {b9c57b8d-cf96-63cf-2299-33cfc675999d} - C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll

You may find something above

the key malware file is:
1. C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll
—it is a random dll in your system folder
2. ALCMTR.EXE

Both of them has autostart on your system startup,you just only remove the entry like this

1.) Reboot into Safe Mode by presing F8 during boot.
2.) Download and run HiJackThis, looking for and deleting an entry along the lines of:

O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\cpmsky.dll” DllStart
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O2 - BHO: cpmsky browser optimizer - {0a00e8ae-330a-ff4e-ea83-ef87ac32b286} - C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll
O4 - HKLM\..\Run: [{eb74667a-959f-eb38-45e2-9c77928cd111}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll” DllInit

3.) Browse to C:\Windows\System32 and delete the file cpmsky.dll (if found).
4.) Click on Fix Checked when finished and exit HijackThi,Reboot back into Normal Mode and verify the problem is resolved.

For farther scan to removal other spyware ,Recommend The Official Spyware Remover!

If you feel computer is slow,you can do registry cleaner using RegistrySmart

Tags: , , , , , , ,


 Powered by Max Banner Ads