C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for HJT.zip\HijackThis.exe
When you do so, either HJT will not create its log files and backup files; or if it does, you risk losing them when the TEMP's cache is cleared. It's important that you save these backup files, in case you have to "undo" [restore] some of the things you "FIX" incorrectly.
So you need to move
HJT into a separate, non-temporary, non-Desktop, directory of its own. We recommend using the directory C:\HJT , so that it will then appear in your log, under running processes, as C:\HJT\HiJackThis.exe
***************
you actually have two types of winfixer infections: a [double] installer, and a trojan:
for the installers, Run HJT. Place a check-mark in the box in front of each of the lines:
O4 - HKLM\..\Run: [NI.UWFX5RS_0001_0808] "C:\WINDOWS\Downloaded Program Files\UWFX5RS_0001_0808NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5_0001_N56T0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe" -nag
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
* Save it to your Desktop * Close all running programs (including your Internet Browser) * Double-click VirtumundoBeGone.exe on the desktop * Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"
*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exefile to start the removal tool.
Click Start to begin the process, and then allow this tool to run.
Important: Do not launch any new applications while the tool is running!
Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.
*********************
It's now time to report back to us:
VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, along with your latest HJT log.
ky331
3 Apprentice
•
15.6K Posts
0
November 9th, 2005 15:00
First: You're running HJT from a TEMP directory:
C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for HJT.zip\HijackThis.exe
When you do so, either HJT will not create its log files and backup files; or if it does, you risk losing them when the TEMP's cache is cleared. It's important that you save these backup files, in case you have to "undo" [restore] some of the things you "FIX" incorrectly.
So you need to move
HJT into a separate, non-temporary, non-Desktop, directory of its own. We recommend using the directory C:\HJT , so that it will then appear in your log, under running processes, as C:\HJT\HiJackThis.exe
***************
you actually have two types of winfixer infections: a [double] installer, and a trojan:
for the installers, Run HJT. Place a check-mark in the box in front of each of the lines:
O4 - HKLM\..\Run: [NI.UWFX5RS_0001_0808] "C:\WINDOWS\Downloaded Program Files\UWFX5RS_0001_0808NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5_0001_N56T0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe" -nag
Click on FIX CHECKED. Close HJT.
************************
for the trojan:
Download [but do *NOT* yet run] FixVundo from
http://securityresponse.symantec.com/avcenter/FixVundo.exe
[we'll have you run it later]
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
********************
Next, download VirtumundoBeGone from:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exe file to start the removal tool.
Click Start to begin the process, and then allow this tool to run.
Important: Do not launch any new applications while the tool is running!
Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.
*********************
It's now time to report back to us:
VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, along with your latest HJT log.
Message Edited by ky331 on 11-09-2005 01:19 PM