i've been infected with something, it has 3 entries in msconfig

rundll32.exe "c:\windows\system32\befuguye.dll"'s
rundll32.exe "c:\windows\system32\popezaho.dll",b
rundll32.exe "c:\windows\system32\hezigotu.dll",a

they come back if removed with msconfig
they come back if deleted in the registry
they come back if removed with ccleaner

tried to use hijack this to delete the files at reboot since i get access denied in windows - that didn't work either

avast doesn't see it as a virus
ad-aware didnt find anything

i don't believe that the names of the dll files are important, because i managed to get rid of them by going into the recovery console and then deleting them, after booting to windows i got error messages saying it couldn't find the dll files, and i thought yay, damn files are gone and it let me delete the entries from the startup

so i rebooted once more and it seemed fine, then i ran firefox and i was treated to a popup in IE

checked msconfig and i was treated to the new set of dlls.

popups are usually random stuff or for "anti virus scanners"

HELP


Thanks

Try this: http://housecall.trendmicro.com/

Get a Knoppix CD/DVD (one of the recent ones with ntfs-3g driver). Boot it. Mount your Windows partition, and make sure it is not read-only (you want to be able to write to it). Go into the Windows system32 directory, and find those DLL files (most of the time, they'll all have eight random letters in the name). Delete them. If you aren't sure about some of them, post here. Last time I used Knoppix, it included a virus scanner. Run that on your Windows drive, too (again, make sure it is mounted read-write, not read-only).

You could also try the many web-based virus scanners:

http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/
http://security.symantec.com/sscv6/WelcomePage.asp
http://support.f-secure.com/enu/home/ols.shtml
http://www.eset.com/onlinescan/
http://www.pandasecurity.com/homeusers/solutions/activescan/

I've had very good luck with malwarebyte's antimalware, www.malwarebyte.org, it will clean those pesky returning malwares........,by the way they are "hidden" in the system restore on XP

list of files in system32 sorted by date

http://img514.imageshack.us/img514/2350/inffy9.png

I seond malwarebyes. It was the only proggie that could find an infection i had a few weeks ago.

Be sure to download it on another computer. Also disable system restore.

there is also another folder that isn't on the screenshot that was modified on the 18th. it's called CatRoot2

Try this: http://housecall.trendmicro.com/

will try

Get a Knoppix CD/DVD (one of the recent ones with ntfs-3g driver). Boot it. Mount your Windows partition, and make sure it is not read-only (you want to be able to write to it). Go into the Windows system32 directory, and find those DLL files (most of the time, they'll all have eight random letters in the name). Delete them. If you aren't sure about some of them, post here. Last time I used Knoppix, it included a virus scanner. Run that on your Windows drive, too (again, make sure it is mounted read-write, not read-only).

You could also try the many web-based virus scanners:

http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/
http://security.symantec.com/sscv6/WelcomePage.asp
http://support.f-secure.com/enu/home/ols.shtml
http://www.eset.com/onlinescan/
http://www.pandasecurity.com/homeusers/solutions/activescan/

like i said, i can delete the files using the recovery console, but they come back with different file names. maybe i didn't delete them all and they keep copying each other or something.
since the infection, browsing speed is worse than dial up and some sites won't even load

I've had very good luck with malwarebyte's antimalware, www.malwarebyte.org, it will clean those pesky returning malwares........,by the way they are "hidden" in the system restore on XP

will try

I seond malwarebyes. It was the only proggie that could find an infection i had a few weeks ago.

Be sure to download it on another computer. Also disable system restore.

using other computer right now, otherwise it would be impossible to post. system restore has been disabled since the os was installed.

ohazepop.dll
popehazo.dll
hezigotu.dll
usejurus.dll
yamileju.dll
surujesu.dll
zayiveva.dll
ruyebana.dll

All bad files. Hope you can see the trend in naming, there :) Again, if the online scanners can't fix it, then either a new Linux LiveCD (make sure it has ntfs-3g so you can actually write/delete files) or an XP CD with recovery console can be used to delete the files. Just open the system32 folder, list the directory, and delete all the ones with random names. Then, once you've rebooted and assured your system is clean and working properly, scan the system restore folders.

ran quick scan with malwarebytes and as soon as it hit all those files i aborted it to remove them and it asked me to reboot since it couldn't delete them

seems like it did the job, running a full scan now

i'm surprised that i haven't come across this program before


THANKS... :beer:

Just downloaded the program. Something that works that well is useful for an IT consultant. :thup: