Quantcast
PC World
Search
Browse by Topic
Subscribe

Magazine

Subscribe & Get
a Bonus CD

Customer Service

You are not logged in, click here to log in.
Up to Discussions in Privacy & Security

This Question is Not Answered

1 "correct" answer available (4 pts) 1 "helpful" answer available (2 pts)
5 Replies Last post: Aug 8, 2008 9:25 PM by mizdachubz  
Click to view mizdachubz's profile New Member
mizdachubz
4 posts since
Aug 7, 2008
Reply

Aug 7, 2008 11:53 AM

Infected with the Vundoo/Boaxxe Trojan

Hi, I'm new to this site, but I see that you guys seem to be successful
in many cases. I was trying to find the latest drivers for my graphics
card the other day, and then I think I got a virus. My McAfee keeps
saying Boaxxe.dll was detected and deleted. But it never deleted, I
believe its called a "rootkit?" I'm not sure. When I try to go on the
internet, the virus makes me stuck on certain sites, it won't let me
move. Like when I turn on firefox, it makes me not able to navigate to
other pages. Also some windows pop up saying that your computer is slow
etc etc click okay to install antivirus. And I also tried to delete the
DLL. I found it in my system32 files. And the virus would be slowed
down, but never fully removed. So everytime I restart my computer I
need to delete those dlls. And its always a long weird chain of letters.

But yeah here is my log from hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:21 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AlienGUIse\wbload.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\SiteAdvisor\6172\SiteAdv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MSK\MskSrver.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\SiteAdvisor\6172\SAService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\PROGRA~1\McAfee\MSC\mcregist.exe
D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Andrew Wu\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: MSConfig D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: mcagent_exe D:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: SiteAdvisor D:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: NvCplDaemon RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: BM2786e887 Rundll32.exe "D:\WINDOWS\system32\cdfamsag.dll",s
O4 - HKLM\..\Run: KernelFaultCheck %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: Antispyware D:\Program Files\Antispyware\Antispyware.exe -boot
O4 - Startup: Alienware Dock.lnk = D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Launchy.lnk = D:\Program Files\Launchy\Launchy.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23

  • Service: McAfee Application Installer Cleanup (0313071218050524)
(0313071218050524mcinstcleanup) - McAfee, Inc. -
D:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\031307~1.EXE
O23 - Service: Apple
Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - D:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 4223 bytes

Thanks in advance.
~mizdachubz


Also,

I've realized that everytime I delete the DLL files of the virus, it
regenerates with another dll with some random letters, it regenerates
every 24 hours. I believe the virus scheduled itself, I hope this
helped.

Reply
Click to view SpiritWind's profile Enthusiast
SpiritWind
1,194 posts since
Aug 19, 2006
1. Aug 7, 2008 12:55 PM in response to: mizdachubz
Re: Infected with the Vundoo/Boaxxe Trojan

http://forums.pcworld.com/images/emoticons/grin.gif Hi :


I just finished reading through a very long "Thread" on another Forum of someone having

the same "infection"; they were guided by several highly trained and CERTIFIED "Malware-

Fighters" using highly specialized programs to finally remove it . There are no such Experts

on this Forum . However, before I recommend a good Site to help you, you should uninstall

your outdated ( a very serious security risk ) Adobe Reader and seriously consider using

the FREE "Foxit Reader", available from http://www.foxitsoftware.com/pdf/rd_intro.php

as its "replacement" .

I am going to recommend you seek assistance at http://aumha.net/ , particularly their

"Windows XP & 2000 (Win 5.x) " sub-forum . This forum is staffed by many highly trained

and CERTIFIED by Microsoft as "Microsoft Most Valuable Professionals" . Good Luck .

For the BEST in what COUNTS in LIFE : http://www.tacf.org
Reply
Click to view mizdachubz's profile New Member
mizdachubz
4 posts since
Aug 7, 2008
2. Aug 7, 2008 2:00 PM in response to: SpiritWind
Re: Infected with the Vundoo/Boaxxe Trojan
Thank you for the suggestions, I'll try it out.
Reply
Click to view mizdachubz's profile New Member
mizdachubz
4 posts since
Aug 7, 2008
3. Aug 8, 2008 3:23 PM in response to: mizdachubz
Re: Infected with the Vundoo/Boaxxe Trojan

THANK YOU!!! I thank you for directing me to aumha.net . I had my problem solved in only 2 days! I really appreciate the help!


Thanks,

mizdachubz

Reply
Click to view SpiritWind's profile Enthusiast
SpiritWind
1,194 posts since
Aug 19, 2006
4. Aug 8, 2008 7:51 PM in response to: mizdachubz
Re: Infected with the Vundoo/Boaxxe Trojan
:D Hi "Andrew :

Bill Castner of the Aumha Forums is One of the Best when it comes to helping Users rid

their computers of very bad spyware; we have "tangled" in the Past on WHAT security

programs are best on keeping malware OFF a computer . I do NOT recommend either

"Windows Defender" or Comodo's BOClean . And many similar Malware-cleaning

Experts like Bill recommend keeping MalwareBytes' Anti-Malware on your computer and

"Updating" it ever day and running an occasional scan; I run mine about once every

10 days .

For the BEST in what COUNTS in LIFE : http://www.tacf.org
Reply
Click to view mizdachubz's profile New Member
mizdachubz
4 posts since
Aug 7, 2008
5. Aug 8, 2008 9:25 PM in response to: SpiritWind
Re: Infected with the Vundoo/Boaxxe Trojan
Thanks for the tip! I'll keep that in mind. ;)
Reply

Actions

More Like This

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: