urqOGVPJ.dll

[Knowledge Worker]

OK!!!

I was a bad boy and was downloading bad things from the internet

Windows Defender found a Trojan: Win32/Vundo.gen
Used Window Defender to remove it
It told me that it needs to send the file to Microsoft
I allowed it. Windows Defender crashed.

Rebooted
Used Windows Defender and Norton Internet Security 2008 to scan the entire
computer
Same Virus was found by Windows Defender.
It was able to remove it this time

NIS 2008 found no virus

Now every time I login to my Vista Home Premium 2008, I encounter the
following error message

Title: RunDLL
Message: Error loading C:\Windows\System32\urqOGVPJ.dll

The specified module could not be found

OK button
Click on it, it goes away

Rebooted. Same error message
Went to C:\Windows\System32 and deleted urqOGVPJ.dll
Rebooted
same error message

 

[David H. Lipman]

From: "Knowledge Worker" <knowledge.worker@hotmail.com>

| OK!!!

| I was a bad boy and was downloading bad things from the internet

| Windows Defender found a Trojan: Win32/Vundo.gen
| Used Window Defender to remove it
| It told me that it needs to send the file to Microsoft
| I allowed it. Windows Defender crashed.

| Rebooted
| Used Windows Defender and Norton Internet Security 2008 to scan the entire
| computer
| Same Virus was found by Windows Defender.
| It was able to remove it this time

| NIS 2008 found no virus

| Now every time I login to my Vista Home Premium 2008, I encounter the
| following error message

| Title: RunDLL
| Message: Error loading C:\Windows\System32\urqOGVPJ.dll

| The specified module could not be found

| OK button
| Click on it, it goes away

| Rebooted. Same error message
| Went to C:\Windows\System32 and deleted urqOGVPJ.dll
| Rebooted
| same error message


The Vundo is pretty good at protecting itself. That's why the file is NOT getting
deleted. It is loaded via the Registry Winlogon/Notify function and you can't even delete
that key.


4 phase answer...

Perform Part 1, Part 2 and Part 3 and alternately part 4

It is suggested that you execute each tool in Normal Mode then in Safe Mode.


If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 7 (jre 6u7)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_07

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1




Part 1
------------
Download Adware-Virtumundo Removal Tool --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


Part 2
------------
Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4

Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.

Part 3
------------
Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Part 4
------------
Norman Vundo removal tool.
http://download.norman.no/public/Norman_Vundo_Cleaner.exe
http://www.norman.com/Virus/Virus_removal_tools/52658/en

* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp