6 replies to this topic

[RobinL]

Mieke,

The link you gave me didn't work for me, so here is the reg. file.

Robin

Attached Files

•  rl090417.txt   2.95K   24 downloads

[miekiemoes]

Hi,

Thank you.

This one should be detected by Mbam by now, but I know you can't update, so let's deal with this one manually again..

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\xqqvw.mfo

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux2"="wdmaud.drv"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Let me know if that solved it.

I also suggest you use Firefox as a browser in combination with the noscript extension for now, because you most probably got infected through the same website again (which is in most cases a legitimate website).

[RobinL]

miekiemoes, on Apr 17 2009, 02:11 PM, said:

Hi,

Thank you.

This one should be detected by Mbam by now, but I know you can't update, so let's deal with this one manually again..

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\xqqvw.mfo

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Let me know if that solved it.

I also suggest you use Firefox as a browser in combination with the noscript extension for now, because you most probably got infected through the same website again (which is in most cases a legitimate website).

You saved the day again. You're the best!

[miekiemoes]

You're most welcome. Now please update mbam asap

[RobinL]

miekiemoes, on Apr 17 2009, 03:32 PM, said:

You're most welcome. Now please update mbam asap

I did, and am running the full scan. Nothing detected so far.

I have also installed Noscript in Firefox.

[miekiemoes]

Good to hear. Not sure where you exactly got infected, but try to avoid sites hosted by IX Webhosting

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.