Hijack scan

[Loretta]

Hi can you tell me what to delete here? Also have you heard of Vundo.ji trojan, my avg picked it up but it said i couldnt delete it cause my vault was full and when i did a forced delete it said it couldnt do that either.

 

ty

Loretta

Hijack Analysis Report121809.txt

[Melvin_Deal]

Hello Loretta!

 

Vundo.ji trojan is a backdoor trojan virus that can give unauthorized users access to your system... frequently associated with adware. It is a proliferate virus and will hide in one of your windows system files.

 

You should empty your AVG virus vault, re run AVG (full scan) then attempt to remove it again with your AVG. AVG is normally very effective against this infection.

 

If AVG still doesn't remove it post back here.

 

Hope this helps!

[Melvin_Deal]

These can certainly be removed:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)File Missing

 

 

O2 - BHO: Search Helper - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)File Missing

 

 

Looked into this infection a little more. The Aim toolbar is a possible point of entry. I recommend you get rid of it using Revo uninstaller utilizing the advanced option. You may find Revo here: http://www.revouninstaller.com/revo_uninstaller_free_download.html. All you will need is the free version.

 

You have many toolbar entries... Aim, yahoo, Iobit,vmn,google,windows live, AVG... they clutter your system. Are they really necessary, do you use them? Toolbars are notorius for spying on you as well! Please consider removing them!?! The AVG one you may want to keep, if you utilize the active live surf protection Part of AVG.

[enoskype]

Start uninstalling with all the toolbars, you have too many even for your Windows7, and delete the setup files of toolbars.

 

Empty your vault by removing them from AVG vault. Try again to put it into vault.

 

Post your HijackThis report of IS 360 in this thread.

 

Have a look at here for the Vundo.ij found by AVG.

 

Cheers.

 

 

EDIT : Please follow the instructions by Melvin_Deal.

[Loretta]

Vundo.ji trojan is a backdoor trojan virus that can give unauthorized users access to your system... frequently associated with adware. It is a proliferate virus and will hide in one of your windows system files.

 

You should empty your AVG virus vault, re run AVG (full scan) then attempt to remove it again with your AVG. AVG is normally very effective against this infection.

 

If AVG still doesn't remove it post back here.

 

Hope this helps!

 

Hi,

ty for responding. The first thing I've done is download a newer version of AVG, emptied the virus vault, and did a complete scan. It didnt find it this time. So Im searching now for the folder it said it was in.

 

In the mean time, I ran 360 again to locate the two entries you said to delete but only one was there. I don't understand how to pull up the log I submitted to you.

 

I uninstalled the all the toolbars except google and iobit and avg but I did close them, is this ok?

 

Attached is the new log from IO360, I see now that the two files you said to delete are O4 in the scan on my screen and not O2, as it says in this log.

 

Ty both again for all your help.

Loretta

Hijack Analysis Report 12-19-09.txt

[Loretta]

re: Vundo.ji

 

Start uninstalling with all the toolbars, you have too many even for your Windows7, and delete the setup files of toolbars.

 

Empty your vault by removing them from AVG vault. Try again to put it into vault.

 

Post your HijackThis report of IS 360 in this thread.

 

Have a look at here for the Vundo.ij found by AVG.

 

Cheers.

 

 

EDIT : Please follow the instructions by Melvin_Deal.

 

Ty for your response and help, you guys are awesome. AVG said the virus was in my Common Files/Adobe6 or something like that. I have never used the google toolbar for anything other than to search. I dont know what google talk is. But going to run another avg scan on the specific folder. I hope it doesnt move around. I installed a newer version of AVG and did a full scan and it didnt find it this time. So.......here's hoping ! :-)

 

Thanks again for your time

Loretta

[blacksea]

O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html has been identified as nasty at http://hijackthis.de/#anl

 

And at http://www.systemlookup.com/search.php?type=filename&search=search.html&s= some of them are nasty to and some not. I don't know where search.html belongs to. Maybe someone could have a look at it.

[Melvin_Deal]

These can be fixed.

 

After running hijack scan look at the BHO entries and any that say <no file> at the end... go ahead and check the box and hit fix checked. These are the ones on your last log post:

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

 

Windows live toolbar is still there.

 

After reviewing The Link Enoskype provided, it would appear this is a false positive by AVG. When you updated AVG, the new definitions files no longer identify it.

[enoskype]

Hi Loretta,

 

 

 

What is your Adobe Reader version?

 

Cheers.

[Loretta]

Hi Loretta,

 

 

 

What is your Adobe Reader version?

 

Cheers.

 

Adobe 9 so I dont know where its getting the Adobe 6