Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Mljgg.dll Help

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Mljgg.dll Help

Postdi stefa73it » 22/06/07 12:25

Ciao a tutti, da qualche giorno ho un problema con Antivir (temo che non sia il problema dell'antivirus) che mi segnala di continuo che il file mljgg.dll contains signature of the Ad- or Spyware ADSPY/Virtumon.v.17. Il problema e' che non riesco a farci niente non posso cancellarlo spostarlo in quarantena e se faccio access deny..che dovrebbe significare impedisci l'acesso...dopo 3 secondi ritorna. In piu' tanto per gradire all'apertura del pc sempre da qualche giorno viene fuori un messaggio d'errore RUNDLL che segnala ''Errore durante il caricamento di C\Windows\system32\whlowppe,dll Impossibile trovare il modulo specificato..
Ho visto che avete risolto un caso simile partendo dal log di HijackThis .Non so se va bene ma questo e' il mio log
Logfile of HijackThis v1.99.1
Scan saved at 13.23.59, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
C:\Documents and Settings\stefano\Desktop\printkey2000.exe
C:\Programmi\BitComet\BitComet.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\stefano\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94DD569E-0801-42B6-9AEF-E7601E0FD5DF} - C:\WINDOWS\system32\mljgg.dll
O2 - BHO: (no name) - {C5FCE753-7E3E-414C-815E-86AF82D8817A} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Update] service.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\whlowppe.dll",realset
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Update] service.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6128940109
O17 - HKLM\System\CCS\Services\Tcpip\..\{E32A3CC8-BBDC-4CB9-8955-B401E370AB9D}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khffcax - C:\WINDOWS\
O20 - Winlogon Notify: mljgg - C:\WINDOWS\system32\mljgg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AntiVir Engine Service (AVEService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe


C'e' qualcuno che puo aiutarmi????
Grazie
stefa73it
Newbie
 
Post: 4
Iscritto il: 21/06/07 21:37

Sponsor
 

Postdi Luke57 » 22/06/07 12:31

Ciao, scarica VundoFix
http://www.atribune.org/ccount/click.php?id=4
Avvia il file Vundofix.exe
Clicca su "Scan for Vundo"
Attendi la fine della scansione, nel caso venga rilevato qualcosa clicca su "Remove vundo"
Clicca su Yes, alla domanda se vuoi eliminare i files
Durante la rimozione il desktop scompare (è normale)
Finita la rimozione ti chiederà se vuoi riavviare, clicca su Yes

Al riavvio posta il contenuto del file:
C:\Vundofix.txt oltre a nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi stefa73it » 22/06/07 12:56

Questo e' il log di vundofix

VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 13.43.28 22/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ggjlm.tmp
C:\WINDOWS\system32\gqbjkegj.dll
C:\WINDOWS\system32\ismpgguu.dll
C:\WINDOWS\system32\iwvjibtv.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\whlowppe.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ggjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.tmp
C:\WINDOWS\system32\ggjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!

e questo e' il log di HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 13.52.53, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\stefano\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94DD569E-0801-42B6-9AEF-E7601E0FD5DF} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Update] service.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Update] service.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6128940109
O17 - HKLM\System\CCS\Services\Tcpip\..\{E32A3CC8-BBDC-4CB9-8955-B401E370AB9D}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khffcax - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AntiVir Engine Service (AVEService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

In avvio l'errore di rundll non me l'ha dato...ed e' ottima cosa e, per ora, antvir se ne sta' buono buono..Possibile gia' fatto????????

Magari......non saprei come ringraziarti Luke
stefa73it
Newbie
 
Post: 4
Iscritto il: 21/06/07 21:37

Postdi Luke57 » 22/06/07 16:17

Ciao, adesso apri hijackthis, applicazioni chiuse e disconnesso da internet, premi "do a system scan only", cerca e spunta le voci seguenti:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94DD569E-0801-42B6-9AEF-E7601E0FD5DF} - C:\WINDOWS\system32\mljgg.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Update] service.exe
O4 - HKLM\..\RunServices: [Microsoft Update] service.exe
O20 - Winlogon Notify: khffcax - C:\WINDOWS\

premi fix checked.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi stefa73it » 22/06/07 19:59

Fatto anche questo...sembra andare tutto molto bene... Grazie ancora..C'e' ancora qualcsa che si puo' fare?
stefa73it
Newbie
 
Post: 4
Iscritto il: 21/06/07 21:37

Postdi stefa73it » 23/06/07 12:00

23/06/2007,12.48.02 [WARNING] Contains signature of the Ad- or Spyware ADSPY/Agent.DA!
C:\System Volume Information\_restore{10BD1E34-2B54-482E-B6EC-ED5AA0257B3B}\RP564\A0344098.dll

Adesso e' rimasta questa segnalazione che mi da antivir ogni tanto.. c'e' un modo per farla scomparire???
stefa73it
Newbie
 
Post: 4
Iscritto il: 21/06/07 21:37

Postdi Luke57 » 23/06/07 13:47

Ciao, devi disattivare il ripristino configurazione di sistema (la cartella restore), vedi qui come fare:
http://support.microsoft.com/kb/310405/it
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti