Maurice
Mon Aug 11 16:10:18 CDT 2008
Hello,
With Vundo infections, one has to usually run a battery of special removal
apps to remove all of it. MBAM is just one tool and I in no way meant to
convey that it would remove all infections. MBAM does do a good job of
knocking out the most common current infectors; but again, it is not the
single universal answer.
I urge you to select one of the forums I mentioned, follow that forum's
requirements for posting (they each have a Read first or "topmost" sticky of
instructions).
Joining the forum is free.
Also, keep in mind, your particular case may call for customized removal via
tools or scripts. So, do not hesitate, but do this pronto, and meantime do
not surf the internet. This pc cannot be considered clean.
Prevention of re-infection will also be covered at the forums. Basically a
layered approach of apps, and user awareness.
--
Maurice N
MS-MVP
--
"ColBla" <ColBla@discussions.microsoft.com> wrote in message
news:D49F84B4-31A3-4992-99F2-E96C11EFB150@microsoft.com...
> Maurice
>
> VMT for the steer about MBAM. Downloaded and have now run it 3 times:
> 1. Had to abort 1st scan part way through because I ran out of time.
> However
> it found one file infected with Vundo and dealt with it.
> 2. 2nd scan ran all the way through and found a further infected file,
> again
> successfully dealt with it.
> 3. Further scan did not find anything.
> Have also run Defender without finding anything.
>
> So I might think that the successful scans by MBAM and Defender ought to
> mean the machine is now clean. But, in one of the four user accounts on
> the
> machine - the same one in which the Vundo detections were - the user still
> gets a DLL message on log-on; something seems to be looking for
> "opnkjghf.dll", and not finding it.
>
> So:
> Any views on whether the machine is now clean ?
> If so, how can I prevent the spurious DLL error appearing ?
> If not, please advise whether it's worth transferring this discussion to
> one
> of the specialist sites & I'll carry on there.
> Also, any ideas of how I can prevent re-infection - McAfee is obviously as
> much use as the proverbial chocolate fireguard ?
>
> Thanks.
>
>
>
> "Maurice N ~ MVP" wrote:
>
>> It would not surprise me in the least that "opnkjghf.dll" is a trace of
>> malware.
>>
>> Use Windows' Disk Cleanup to delete all temporary files.
>>
>> Download & save Malwarebytes Anti-Malware from
>>
http://www.besttechie.net/tools/mbam-setup.exe or
>>
http://malwarebytes.gt500.org/mbam.jsp
>> Double Click mbam-setup.exe to install the application.
>> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware
>> and Launch Malwarebytes Anti-Malware, then click Finish.
>> If an update is found, it will download and install the latest version.
>> Once the program has loaded, select Perform FULL Scan, then click Scan.
>> The scan may take some time to finish,so please be patient.
>> When the scan is complete, click OK, then Show Results to view the
>> results.
>> Make sure that everything is checked, and click Remove Selected.
>> When disinfection is completed, a log will open in Notepad and you may be
>> prompted to Restart.(See Extra Note)
>> The log is automatically saved by MBAM and can be viewed by clicking the
>> Logs tab in MBAM.
>> Copy & Paste the entire report in a new reply as soon as it has finished.
>> Extra Note:
>> If MBAM encounters a file that is difficult to remove, you will be
>> presented with 1 of 2 prompts.
>> click OK to either and let MBAM proceed with the disinfection process.
>> If asked to restart the computer, please do so immediately.
>>
>> MBAM is an excellent first-line program to use and keep.
>>
>> Checking for/Help with Malware
>>
http://aumha.org/a/parasite.htm
>>
http://aumha.org/a/quickfix.htm
>>
http://aumha.net/viewtopic.php?t=5878
>>
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>
http://mvps.org/winhelp2002/unwanted.htm
>>
http://inetexplorer.mvps.org/data/prevention.htm
>>
http://inetexplorer.mvps.org/tshoot.html
>>
http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>
http://defendingyourmachine.blogspot.com/
>>
http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> ** Help at malware removal forums: Read the topmost directions at the
>> forum and Post your logs as required by the forum to one (and only one)
>> of the following
>>
http://aumha.net/viewforum.php?f=30,
>>
http://www.bleepingcomputer.com/forums/forum22.html,
>>
http://forum.malwareremoval.com/viewforum.php?f=11
>>
http://forums.spywareinfo.com/index.php?showforum=18
>>
>>
http://www.spywarewarrior.com/viewforum.php?f=5&sid=24750ebcb0d878746c0ca7ab9210f7ae,
>>
http://forums.subratam.org/index.php?showforum=7,
>>
http://forums.spybot.info/forumdisplay.php?f=22
>> or other appropriate forums for expert analysis, not here.**
>>
>> Make very sure you read and follow the very topmost instructions at the
>> forum you have selected.
>> Do NOT post your logs here.
>>
>> --
>> Maurice Naggar
>> MS-MVP
>> -----