virtuomondo/winfixer

[Guest]

Hope developers are reading. I"m new, may be a DUP, but MS AntiSpyWare was
ONLY program that noticed what it called "virtuomondo" and what I'd call the
"winfixer" virus, since it takes up 100% of your cpu (explorer.exe) and
directs your browser to winfixer.com. I was thrilled. Clean machine and it
was the only thing it found, and CPU dropped to 2%! Some time later,
winfixer/virtuomondo REAPPEARED!! Ran AntiSpyWare again, it cleared out
registry and said it had deleted the WINDOWS/system32/jhkkli.dll. Later,
it reappeared. I could not delete that file by hand, so I wound up taking my
system into "safe" mode, and when I listed that directory, there was another
hidden file with a very similar name and that had been created about the same
time. So I deleted them both, and ran antispyware again - to remove registry
entries... And so far, so good - 2% CPU.

SUMMARY. MS Spyware spotted the problem where others had failed, but this
thing has a hidden partner that recreates it. I can't find the name, but
the partner in the same directory was jhhhk.dll or something similar.

 

[Guest]

Hello Owen;

Look at this threads:

Subject: Virtumonde.B
From: "Dave Wright" <[email protected]> Sent: 8/23/2005
6:35:49 AM
Genetal forum

Subject: Spyware "Winfixer" detected
From: "Delinda Noyes" <[email protected]> Sent:
9/25/2005 7:00:08 PM
General forum

Subject: winfixer 2005 & winantispyware
From: "(e-mail address removed)"
<[email protected]> Sent: 9/8/2005 6:41:38 PM
SIGNATURES


Subject: Re: WinFixer 10/30/2005 10:05 PM PST
By: Jim Byrd In: microsoft.private.security.spyware.
general

Subject: winfixer
From: "r" <[email protected]> Sent: 9/12/2005 8:30:57 AM
GENERAL

See in the General group, Subject: WINFIXER, From :r: Sep 12


Subject: win fixer 2005
From: "junaid" <[email protected]> Sent: 9/19/2005 3:35:39 PM
Online Community forum

Good luck

Engel