unknown trojan ...

animefreak · #1 05-20-2008, 12:58 AM

vtUlMfFX.dll

thats what is calls itself ...
it keeps regenerating itslef ... and its really annoying ...
i researched it briefly but found nothing ...

someone help?

animefreak · #2 05-20-2008, 02:06 AM

this problem occurs everytime that i start up my computer from shut down, hibernate, sleep, restart .... after that ... it doesnt bother .... atleast i dont think so ...

Monty007 · #3 05-20-2008, 05:32 AM

What antivirus/antispyware software are you using? Download http://www.superantispyware.com/ and install and update, boot into safe mode and run a full scan.

animefreak · #4 05-20-2008, 06:06 PM

i have Avast Professional and i have ran MANY tests ... it catches it everytime , but it still comes back up ...

but its weird ... i tried to delete the file in safe mode ... and now its gone ...

is that a good thing?

animefreak · #5 05-20-2008, 08:59 PM

stay on topic please ...

i have new viruses to talk about ...

along with

vtUlMfFX.dll

there is also ...

mlJDutqq.dll
wvUnoppO.dll

these just poped up ....

what can i do!!!!
they keep poping up !!!! AHHH

Disk_Contented · #6 05-20-2008, 09:17 PM

Quote:

Originally Posted by animefreak

stay on topic please ...

I'm just having a go at the spammer above mate. I reported him.

Ok, it looks like what you have is generating random names to evade removal or something.

You could try hijackthis:
http://www.trendsecure.com/portal/en...ols/hijackthis.

Maybe post a log. See what we can see:

Try Monty's suggestion: http://www.superantispyware.com/

Or Ewido online scan. When you go here it will install the scanner, automatically it seems.

http://www.ewido.net/en/onlinescan/

animefreak · #7 05-20-2008, 10:14 PM

i forgot about hijackthis ...

ill try it ... but a new one came up ... AGAIN

name : efcDTKef.dll

animefreak · #8 05-20-2008, 10:29 PM

what is MSServer ....

that runs in my processes when i start the task manager ....

and a ton of Rundll32 crap ....

animefreak · #9 05-20-2008, 10:31 PM

so i used hijack this ... and when i tried to delete ... a new trojan poped up

C:\Users\marissa\Documents\things\Programs\Program Installations\backups\backup-20080520-203005-466.dll

and the trojans are still there ...

animefreak · #10 05-22-2008, 12:34 AM

in Run i found that this NEW program runs on startup ...

and i have never heard or seen it running ... ever

it goes under the name .... MSServer and the file name is oppnljIB.dll

when i try to disable auto startup, it starts up still ....
and when i check it again, its like it forces itself to be on the startup list...

Disk_Contented · #11 05-22-2008, 03:35 AM

You best read this: http://www.auditmypc.com/process/mssvr.asp
May not be the same thing. Post a Hijackthis log

animefreak · #12 05-22-2008, 05:38 PM

hahaha

i stopped it from happening ... but i did not kill it ...

i opened the file in safe mode with notepad .... and i deleted the content and saved it lol

there is an error that pops up when i start up, but ... nothing is running slower now!!!

animefreak · #13 05-22-2008, 05:49 PM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:49:05 PM, on 5/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\FirefoxPortable\App\firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\marissa\Documents\things\Programs\Program Installations\HiJackThis_v2.exe

O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\Windows\system32\jkkJbArp.dll
O2 - BHO: (no name) - {DD231873-E3A9-498F-8580-CE1847D4FAF0} - C:\Windows\system32\vtUlMfFX.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkJbArp.dll,#1
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe

--
End of file - 1043 bytes

Embolism · #14 05-23-2008, 06:22 AM

There are several new Trojans for vista and you can do several things to eliminate them.
run hijackthis and generate a report,this can be assessed and you may get help here or at bulldog antivirus forums forums (Touch would help you there amongst others and he is good).
From practical experience with Vista which seems to be the most targeted of the windows systems at the moment,I know Nortons/symnatec have come out with some new definitions in regard to Vista Trojans just recently and although not my favorite anti virus would update it if you have it.
I personally wouldn't touch Vista with a big pole until they have worked out all the teething problems with it as they have with xp and it`s only taken them 9 years to get that right.
The next windows release will probably be in conjunction with Linux as they are collaborating now in that regard,then it might be worth more than its inflated price and vulnerabilities.
Also read what disk contented had to say and check this link http://www.auditmypc.com/process/mssvr.asp from your description it does sound like ms server issue as link describes,although may be renamed to appear that way as well.

Disk_Contented · #15 05-23-2008, 08:01 AM

Quote:

Originally Posted by animefreak

hahaha

i stopped it from happening ... but i did not kill it ...

i opened the file in safe mode with notepad .... and i deleted the content.

Now you lost me. What file?

Seriously, this is one case where I would wipe the lot and start from new.
You have no idea what this is and as you've seen. It's clever.
Shut down the PC for several minutes before the reinstall just to make sure there's no soft reset surviving resident stuff hanging about.
If these files are remote logs your treading on possibly dangerous waters.
Paranoid? Not these days.

Quote:

There are several new Trojans for vista and you can do several things to eliminate them.
run hijackthis and generate a report,this can be assessed and you may get help here or at bulldog antivirus forums forums (Touch would help you there amongst others and he is good).
From practical experience with Vista which seems to be the most targeted of the windows systems at the moment,I know Nortons/symnatec have come out with some new definitions in regard to Vista Trojans just recently and although not my favorite anti virus would update it if you have it.
I personally wouldn't touch Vista with a big pole until they have worked out all the teething problems with it as they have with xp and it`s only taken them 9 years to get that right.
The next windows release will probably be in conjunction with Linux as they are collaborating now in that regard,then it might be worth more than its inflated price and vulnerabilities.
Also read what disk contented had to say and check this link http://www.auditmypc.com/process/mssvr.asp from your description it does sound like ms server issue as link describes,although may be renamed to appear that way as well.

A man after my own heart.

Windows probably will one day be linux, with a windows emulator for the "legacy" windows OS