I remember that I went to some websites sent by my brother and I got stupid adwares or what wares tomorrow, so I removed some strange thing by using hijackthis. Now, there's one strange file called fccyvWNg.dll in the system32 folder and it was added yesterday and has no description, neither anything about it in google. So when I tried to end it, the whole window will encounter error because it's hooked to the starting process winlogon.exe and explorer.exe. Does anyone know what the hell is that?

Also, when I go to a website, the link will sometime pop out like this:

Only the registered members can see the link.
Am I being spyed? O_O

try use ccleaner and repair the registry..

format.. hehe

use tcpview to view any connection out from the .dll files . if have connection out , means there's spyware in your pc.
Only the registered members can see the link.

Only the registered members can see the link.

This is what came out from the tcpview. I didn't open multiple tab so I don't know whether this is correct or not...how come there are so many processes?

from my previous experience, i never suceed in cleaning spyware.. eventhough using anti spyware but still have some of them infecting my HDD

so i just format.. y dun u back up all ur data n format?

its easier

its normal . abnormal connection u can see if its connecting with normal ip , means home ip like 89.xx , 24.xx etc.

try spyboyt s&d
The home of Spybot-S&D! (Only the registered members can see the link.)

upload the dll here. and what browser u using? IE? if ie just change homepage

so i just format.. y dun u back up all ur data n format?

At the moment, this is a small problem but I don't want it to let it here since it's a rubbish. Plus, I am using an old laptop and formatted it for 2 times...so there's no need to do it.


its normal . abnormal connection u can see if its connecting with normal ip , means home ip like 89.xx , 24.xx etc.

upload the dll here. and what browser u using? IE? if ie just change homepage
I use firefox but use IE when checking mails.
Here is the dll. I told you earlier.

ngek ngek.. virtumonde trojanz
Virustotal. MD5: 253efe3fd364c0e21e8cf009d92981b8 Vundo.gen179 MemScan:Trojan.Vundo.ENF ADSPY/Virtumonde.trz (Only the registered members can see the link.)

can u delete it? try with fxvmonde and pav
Only the registered members can see the link.
Data0.Net Software (Only the registered members can see the link.)

well. i also pernah kene this worm. took me few days to remove it . itz annoying worm i ever seen.. its copying all the process to make fake process
it infect whole .exe in my hdd . well i think this 1 diffferent with mine

Only the registered members can see the link.

Only the registered members can see the link.
No use...both of them don't detect that file I sent to you as the trojan...T_T Is it possible this worm is transmitted by visiting some website or can only appear if you were 'stabbed' by an infected pendrive?

This is something that I found hidding in system32 folder and I think it's something nasty but know nothing about it...also there are a lot of strange .com files in there which I've deleted too

There's a rundll32.exe running in my task manager and I really have no idea what that was...and the LmVEdMoq.ini keep reappearing in my laptop as well.

I don't think I could touch it or else it will generate more of those files, filled the startup and running themselves with rundll32.exe and that damned fccyvWNg.dll is still there...

Phillus if u have time and understand it why not try my tutorial make pe builder. what antivirus u use?kaspersky? u can also use make pe builder from kaspersky a lot easier, if u want to test backup ur important file first

Only the registered members can see the link.

what happen if u kill those process? then delete the fccy things?

I kill those process with unlocker, and they just gone. After some time, the task manager will show that rundll32.exe is running. When I check my windows and system32 folder, those strange files were there again. When checking the startup with window XP manager, 2 processes about rundll32.exe of those 2 files will be added automatically. now there's only that fccy thingy left but if I delete it with unlocker, it will make the whole laptop restart because it hooked up to winlogon.exe, which makes it impossible to get rid of. If I do anything like defragment my files or cleaning junk files, it will create some of those strange dlls and lag the whole computer.

so, its unrecoverable.. well i think the you know the answer. o hey , try safe mode before reformatting

O_O......I think there's a miracle...kapersky deleted that after 2 times of restarting my laptop...that *insert profanity here* dll is gone! Oh, how I wish to curse it for wasting my time and my MIND! Thanks everyone for the help! Now I will be more careful (Action speaks louder than words)...lest there could be something else that I missed, despite that dll is gone.

good 4 ya...
play safe next time :D

Even though it's gone, I still have some problems here:
Only the registered members can see the link.

Only the registered members can see the link.

Should I reinstall them or anything I could do or check?