What is this _jJ5HKy

reply to post by silo13

---

Check back with this thread and let us know how things are going every month or so. I am curious to see how Zorgon's recommendations perform over the long run.

For what it's worth, 2 days ago, I had a worm come through on Google Chrome and established itself as internet security.it blocked everything I touched. Even task manager and systems restore. Even my recovery disks didn't work . Somehow I managed to trick it just as the icons were loading but had to reset computer to original factory settings.

_jJ5H-Ky appears to be a symptom of Trojan.Vundo .
•I used the free version of malwarebytes Anti-Malware 1.41. One registry entry that's affected needs to be manually changed to prevent a reoccurrence. Change the value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Se… Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) from 1 to 0. Also I found the virus added a proxy to my internet access and reinfected my computer. Check IE tools - internet options - Lan settings and make sure you have the right settings. I had a virus proxy setting of 127.0.0.1 and changed this back to automatic detect settings for my computer. Restart the computer and rerun Malwarebytes and your other virus checkers.

These are the logs I got from Malwarebytes:
Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 3

9/20/2009 10:29:47 AM
mbam-log-2009-09-20 (10-29-47).txt

Scan type: Quick Scan
Objects scanned: 132305
Time elapsed: 16 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lapolude.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\wejureke.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{049ec33a-9d73… (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wejureke.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wejureke.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\wejureke.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lapolude.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\keyisori.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kogekebe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rukabipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Wow Tower, ... compared to you I'm probably computer-tarded. Yeah, that looks like the same virus I had/have though, ... can anyone identify how it came to the site ??? which ads are running it ??? so they can pull it.

I think I might have taken care of it, .... somewhat, I'm not getting popups, .. though when I click on search links, sometimes it takes me to some ad, or alternate search page.

I just want to thank you all, ... for the great advice, ... you guys are the best........ so from the bottom of my heart, ..... thank you so much.

lets keep eachother posted on this thing, its the first virus I've had on my computer, which is like 3 years old. I hope its not the beginning of a trend.

Well, Gools the Mod says it's not from this site.

So now you need an even bigger computer brain to find a way to trace this back to the source.

I have a very strenuous technique for dealing with viruses; I aquire hundreds and thousands and they must continually battle one another to the death before they can compromise my computer. It's like that movie Gladiator had a baby with that game Dr. Mario.

Well anyway, sucks to have a virus, this one seems agressive as hell too. Good luck. Hope we can find the origin of this and determine if it's ATS or not, I certainly don't want to disrupt my balanced viruses by adding another one.

I got hit with this too. It happend late Thursday night, and after getting rid, I got it again after visiting ATS again early Saturday morning. I have not visited any other sites, I have zonealarm firewall, Avg virus scanner, and spybot running and it still got through... undetected I might add. It seemed every other page I loaded, I would get a pop up window with an advert. Turned out to be the Virtumonde/Vundo virus... a very nasty case, that can really imbed itself into the computer. I tried countless programs to get rid.... in the end I used microsofts free scanner Link then ran a scan using the program that Zorgon suggested, followed up by spybot search and destroy which still found a file for the virus. Wether this would work for anyone else... Im only writing this here to help anyone having any probs with this virus.
It seems that it came from this site, and seems such a coincedence that so many people are reporting the same. Who knows. To all the people that suggest having and keeping updated versions of security software... well... I am really paranoid before this instance, and make sure everything is up to date. Now... super paranoid!!
Hope this helps anyone out.
Cheers.

Vundo can be pretty easily completely eradicated from your system by downloading and running either Combofix or Vundofix (change the name of the .exe after you download it or vundo will stop it from starting). These programs were created and released for free due to the high number of infections and the dufficulty to remove with normal spyware programs.

[edit on 21-9-2009 by Tiloke]

reply to post by Stillalive

---

I think they have us backed into a corner here. My suggestion is if you have FF don't get rid of it for IE8. If you have IE8 don't uninstall it or you will run into problems if you want to reinstall. IE8 has fundamental core component issues which cannot be resolved. However IE8 has fantastic operability with its add-ons, and if that is what you're looking for, and if you don't plan on migrating to FF, and if you don't mind the diagnose connection problem page, or speed and reliability, then IE8 is fine.

Vista still has us spooked, and no one that I know is anxoius to migrate to 7. I got the very last XP release, and no one believed me until they went out to try to find it. XP is like 2000, it has become quite solid. But IMO no MS OS will outdo 2000 for rock solid reliability.

And copy your posts to the clipboard before replying or IE8 will eat them for breakfast. Methinks we should dub it junkware.

Only one thing to say...

reply to post by zorgon

---

I think junkware is appropriate. But if you want to download updates from Microsoft you're stuck with it. I keep the beast bound, but the programs like Teatimer take up lots of RAM. Mine is down after a while to 48MB, but it jumps on reboot and Spybot opening to ~110MB. XP can't see more than 3G RAM, and it is my understanding it is not an x86 issue but an OS issue.

And if you aren't afraid to do the nasty with Regedit, you can get IE8 to run as ad clean as FF. However it doesn't help the deep down built in flaws. Here's whats going to happen. After companies migrate to FF they will start building applications that are FF friendly, then eventually a FF OS will appear. Or Apple will lower the prices on their hardware, either of which will leave Microsoft out in the cold. Its inevitabe, after so much loss of productivity the people will catch on and create a concerted movement. I was talking to one of my clients today, and she said that the INet is not fun anymore. Microsoft et al has taken out the fun with all their bs. I agree, and I am waiting for critical mass.

Edit to add it eats U2Us for lunch. I wonder what's for dinner?



And it doesn't read XHTML. At least not for quotes and apostrophes...not only true for colored text, but also for reading any web based text such as webmail.

I really like it, because it reveals how lame Microsoft really is. But then again not everyone has a sadistic streak like I do.

Edit to add smilies for my sadistic streak...

[edit on 9/21/2009 by Matyas]

reply to post by Matyas

---

Checking back like you asked and I have to say I love the programs, I really do.
My fave so far in all the ones I've used since fisrt sitting at a keyboard.

Though today I got my bubble burst.

He's the note that popped up after I did my scans.



Suckasock.

I'd buy them if I could I suppose... Until then I'm pretty bummed...
I mean I understand the need for cash, and I still like the programs (Iobit), but...

So, there's that...

peace

reply to post by silo13

---

Hey, thanks for checking back!

That notification you got, its hype, don't you believe it. Its a scam to get you to buy software. If you are doing what these folks here are doing, like Zorgon and myself, your system should be squeaky clean.

Yeah, they lie.

I am running IE7 now with IEPro. Still get the same messages for connection problems, but now I know for sure it is in the core of the build. I can't roll back any further to find the bug, and Microsoft is comfy with their inferior product, so there will be no changes, later or ever.

So they lie too.

Do a good cleaning, defrag, compress, wipe free space, and you should be blazing. For cleaning I use:

Spybot S&D
Ad-Aware Anniversary Edition
Glary's Utilities
CCleaner (Piriform)

All free. Make backups for corrections.

For wiping I use:

BCWipe

Takes a while but it is also free. Defrag is stock Windows, done several times over. Norton catches the viruses. Set your heuristics as high as they can go.

That is what I do, and unless you are using IE, you will swear your computer runs like new.

Yeah I'm great about every day cleaning, wiping, adaware removal, checking, scanning, dumping, dusting, defrag, etc etc...

I'm disappointed in IObit that they keep giving me that notice, because I really do like their product a lot - but like I said before, how can I blame them when I'm using their product for free! So, I'll deal with it!

I'll check out the two programs you noted I don't have.

Thanks tons for your info.

reply to post by silo13

---

You're welcome, anything I can do to help a virtual fellow traveler

A few more words.

Timing- set all of these that you can for auto update and autorun.

Antivirus /daily
Malware /weekly
Defrag /weekly
Wipe /monthly
Windows update /on release

Be sure to use stock firewall. I know BCWipe offers free firewall, and Comodo is good, but stick with Windows. You could wind up with too many conflicts if you don't.

And the last item that everyone forgets, including me, turn your computer off when you're not using it! It will last much longer.

reply to post by IntastellaBurst

---

I'm not a pro but somtimes the trojan Embeds itself in the bios, maybe try F2 at startup and change the number to 00000, if all else fails.