Jump to content
Sign in to follow this  
Kimmie

Win32: BZub-DR - cant get rid of it

Recommended Posts

Help!! lol. I have the above listed trojan and I cant seem to get rid of it. I know where I got it from and the websit has been reported to google.

 

I use Avast as my antivurus program. It keeps finding it (in my memory) and when I tell it to delete it, it says it does, but then when I scan again, its still there. I had Avast run a scan at bootup since the trojan was embedded in the memory.

 

It tells me: file IPV6monj.dll is infected with Win32:BZub-Dr. (which is a windows file). Since contracting this trojan, there are emails going out of my outlook accounts without my permission, and I keep getting pornographic popups (no I didnt get it from a porn site..lol. I got it from a "keygen" site).

 

I have done tons of internet searches on this trojan but no results. Apparently this is either a NEW trohan, or noone has had much dealings with it.

 

Any Ideas? (I am comfortable editing the registry - I have a feeling this is what I am going to have to do), so if this is what it will take, by all means let me know what to do..lol.

 

(please dont ask me to run a hijackthis log, the program wont run because the trojan is embedded in memory - I have already tried..lol)

 

 

Thanks in advance

 

-Kimmie

Share this post


Link to post
Share on other sites

jojesa is right, this will take special tools and an Advisor to help get your system clean with this infection.

 

 

Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.

[*]Doubleclick on the HJTsetup.exe icon on your desktop.

[*]By default it will install to C:\Program Files\Hijack This.

[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.

[*]Put a check by Create a desktop icon then click Next again.

[*]Continue to follow the rest of the prompts from there.

[*]At the final dialogue box click Finish and it will launch Hijack This.

[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.

[*]Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Please start a new Thread in this forum

 

http://forums.pcpitstop.com/index.php?showtopic=36065

 

[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Share this post


Link to post
Share on other sites

Help!! lol. I have the above listed trojan and I cant seem to get rid of it. I know where I got it from and the websit has been reported to google.

 

I use Avast as my antivurus program. It keeps finding it (in my memory) and when I tell it to delete it, it says it does, but then when I scan again, its still there. I had Avast run a scan at bootup since the trojan was embedded in the memory.

 

It tells me: file IPV6monj.dll is infected with Win32:BZub-Dr. (which is a windows file). Since contracting this trojan, there are emails going out of my outlook accounts without my permission, and I keep getting pornographic popups (no I didnt get it from a porn site..lol. I got it from a "keygen" site).

 

I have done tons of internet searches on this trojan but no results. Apparently this is either a NEW trohan, or noone has had much dealings with it.

 

Any Ideas? (I am comfortable editing the registry - I have a feeling this is what I am going to have to do), so if this is what it will take, by all means let me know what to do..lol.

 

(please dont ask me to run a hijackthis log, the program wont run because the trojan is embedded in memory - I have already tried..lol)

 

If you can't do a HJT> Then shut off the system restore, boot in safe mode, run your Avast, remove suspects, reboot, turn on system restore and see if that works.

Thanks in advance

 

-Kimmie

 

Share this post


Link to post
Share on other sites

Right click on HijackThis.exe (the little dynamite icon) and rename it to Kimmie.exe... then follow Juliet's instructions to post the log in our HJT Forums.

Share this post


Link to post
Share on other sites

Right click on HijackThis.exe (the little dynamite icon) and rename it to Kimmie.exe... then follow Juliet's instructions to post the log in our HJT Forums.

 

Ok maybe I wasnt clear in my initial post..lol. I cannot create a HijackThis log file for posting here. WHen I try running "Scan and Save Log", it generates the error you see below. I can run JUST a scan, but when I try to save THAT log file, I get the same error. Here is what I have tried to do so far:

 

Tried unstalling the HijackThis I already had, and reinstall the one you gave me. Nogo.

 

This error generates every time I try to run it.

Posted Image

 

Also tried renaming the file to "Kimmie.exe" as someone suggested. Nogo. Same Error. It also wont save the log file.

 

I am about to try Safe Mode and see if I can get rid of it there. Since this bugger is embedded in memory, I have a feeling that an OS reinstall is going to have to occur, as this is almost always the ONLY way to get rid of them when they are in memory. :(

 

(I have now also had to go in to IE and delete several HUNDRED sites listed as "safe" because its doing that too - and is what is initiating all these stupid popups. Deleting them, however, does NOT do any good because this trojan puts them right back in there. :pullhair:

 

I am familiar with HijackThis as I have used it many many times, however, this trojan seems to be to far embedded.

Share this post


Link to post
Share on other sites

Kimmie,

for what it's worth...wipe your system clean and re-install your OS.

 

Cleaning up a rootkit (which you might have) isn't going to make your system stable.

Share this post


Link to post
Share on other sites

Kimmie,

for what it's worth...wipe your system clean and re-install your OS.

 

Cleaning up a rootkit (which you might have) isn't going to make your system stable.

 

Yeah I was thinking Root Kit... or perhaps I have been tagged with VUNDO. I was able to post a screenshot of the majority of my HJT log so I am gonna wait on that and see what happens.

 

GUYS AND GALS ----do NOT ever go to a keygen site! I did a search on google looking for a specific keygen and as soon as I hit the website all this happened. I never even downloaded anything from the site. I cant even get Silent Runners to run properly on my system :(.

 

Thanks for all the feedback and I will repost back here with my solution... :)

Share this post


Link to post
Share on other sites

It tells me: file IPV6monj.dll is infected with Win32:BZub-Dr. (which is a windows file). Since contracting this trojan, there are emails going out of my outlook accounts without my permission, and I keep getting pornographic popups (no I didnt get it from a porn site..lol. I got it from a "keygen" site).

 

:huh::(

Share this post


Link to post
Share on other sites

:huh::(

 

lol. yeah yeah yeah I know. Keygens are a :nono:. Believe you, me. I am PAYING for it..lol.

 

Well, Aaflac and I seem to be getting my system cleaned up pretty good http://forums.pcpitstop.com/index.php?show...view=getnewpost.

 

I am able to utilize HJT AND Silent Runners now. :). It seems I had some pretty nasty variants of VUNDO, among OTHER things, and ALL from this one particular website :angry:.

 

 

Thanks for all your feedback :)

 

 

-Kimmie

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...