cjkvvr.exe help remove this
cjkvvr.exe help remove this
by lelandman on Mon Mar 08, 2010 10:52 pm
Hi this thing is crazy. I was just chating. It came in to my system randomly.
Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702
3/8/2010 6:57:50 PM
mbam-log-2010-03-08.txt
Scan type: Quick Scan
Objects scanned: 182800
Time elapsed: 11 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{964bf54a-a147-4b3f-9540-6c40cc6b9d8c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002dc40 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fce15a50.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f215ea27d.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\noadware.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant.leland\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\leland\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702
3/8/2010 6:57:50 PM
mbam-log-2010-03-08.txt
Scan type: Quick Scan
Objects scanned: 182800
Time elapsed: 11 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{964bf54a-a147-4b3f-9540-6c40cc6b9d8c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002dc40 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fce15a50.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f215ea27d.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\noadware.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant.leland\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\leland\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
lelandman- New Member
Re: cjkvvr.exe help remove this
by DragonMaster Jay on Mon Mar 08, 2010 11:47 pm
Hello! We need to do some diagnostics to get started.
1. Please download Profiles by noahdfear.
2. Download Win32kDiag by ad13 and save it to your Desktop.
3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.
4. In your next reply, please post the following logs for my review:
Thanks!
1. Please download Profiles by noahdfear.
- Save it to your desktop.
- Double-click profiles.exe and post its log when you reply
2. Download Win32kDiag by ad13 and save it to your Desktop.
- Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
- When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
- Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.
- Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
- Double-click on Cheetah-Anti-Rogue.cmd to start.
- It will finish quickly and launch a log.
- Post the contents of it in your next reply.
4. In your next reply, please post the following logs for my review:
- Profiles log (1)
- Win32kDiag log (2)
- Cheetah log (3)
Thanks!
..........................................................
DragonMaster Jay
Site Owner/Administrator
Malware expert/researcher
My Twitter
Contribute to The Ultimate Geek TaskForce!
Are you a member? Register now!
DragonMaster Jay- Site Owner
Re: cjkvvr.exe help remove this
by DragonMaster Jay on Fri Mar 12, 2010 12:28 pm
Still with us?
..........................................................
DragonMaster Jay
Site Owner/Administrator
Malware expert/researcher
My Twitter
Contribute to The Ultimate Geek TaskForce!
Are you a member? Register now!
DragonMaster Jay- Site Owner
Permissions of this forum:
You cannot reply to topics in this forum
