Results 1 to 4 of 4

Thread: BHO rqrrqon.dll

  1. #1

    BHO rqrrqon.dll

    ===================================================================
    Hello here is my Hijackthis log. When I first open Explorer it trys to connect to IP 85.12.25.105 however Spy Sweeper prevents this. When I delete BHO in hijackthis it returns as annoyance. Can someone please help ? Ad-Aware deleted initial trojans this BHO is a remnant of the trojan. Also scanned online with kapersky and came clean. Scanned with Spybot 1.4 & Xoftspy & Spy Sweeper and currently clean. BHO resets privacy settings in explorer when rebooted. (all cookies become enabled)
    ===================================================================
    Logfile of HijackThis v1.99.1
    Scan saved at 10:58:40 AM, on 2/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\AdSubtract\adsub.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Compaq_Administrator\Desktop\SOFTWARE\HijackThis 1.99.1.exe

    O2 - BHO: (no name) - {6D1A2FF3-1ADF-4935-A2A7-CA9DCE67D450} - C:\WINDOWS\system32\rqrrqon.dll
    O20 - Winlogon Notify: rqrrqon - C:\WINDOWS\SYSTEM32\rqrrqon.dll

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    http://www.geekstogo.com/forum/lofiv...p/t133454.html

    -or-

    www.google.com -> paste 'rqrrqon.dll' -> click 'I feel lucky'
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    umm thats a random file name.. best to google the clsid

    http://www.castlecops.com/tk31874-random_filename.html

    u got infected by Virtumonde

  4. #4
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    As s0nIc mentions you got Virtumonde'dddd.

    This from bleeping computer:

    Below is an example of a Vundo infection, though there are many different filenames.

    O2 - BHO: (no name) - {EFCB1D95-FFF6-47BB-B6C9-61A523F04322} - C:\WINDOWS\system32\vturr.dll
    O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll
    How_to_remove
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •