nmbukveo.dll?

[Tuomas]

Hiya. I was wondering if anyone of you knew what this is. I scanned my computer again, yeah, it's been taken over by several viruses. Anyway, AVG lists something called  "NMBUKVEO.DLL" as a "Trojan horse generic10.AGVJ"

This object was moved to the Virus Vault to prevent access. But now everytime I start my computer, I get an error, a rundll which states, that "couldn't find C:\WINDOWS\System32\nmbukveo.dll .

Sure it can't find it, but why should it, if it's a virus. I tried googling the .dll, but it's listed nowhere, or I couldn't find it. And I tried googling the trojan horse generic10.AGVJ but can't find that either. What's going on?

[m0ds]

There's probably still a .exe somewhere on your machine which is another part of the virus/trojan & needs the dll to continue. I'd search all your exe's and find the ones created most recently, and if you can't identify them, delete them. That's what I've done in the past, but there's no telling if it'll work for you. Good luck!

[Tuomas]

you got any nice and quick way of searching all my exes to see this then? because I don't

[GarageGothic]

Try using HijackThis and upload the log to http://www.hijackthis.de/ for analysis. That should tell you which processes are safe to remove (or even directly identify the culprit).

Edit: It also allows you to delete bad registry entries, which should remove any errors you may get after deleting the .exe.

[m0ds]

you got any nice and quick way of searching all my exes to see this then? because I don't

Hehe, sure, just start > search > *.exe, show & system files hidden files then sort by date/modified... Worth setting the size to < 200kb, these viruses are never usually more than that.

[BOYD1981]

you could also run msconfig and look in the Services and Startup sections for things that are being loaded at startup which you do not recognise, OR you could move the dll from the vault and then get it's file properties.
it's very strange that google doesn't yield any results, it's not even listen on windows process library...

[Tuomas]

yep, I managed to find just 3 exe's that have been modified last 2 weeks, all of them AVG related... I'll check the msconfig next. Oh, and AVG just started its daily scan, let's see if I have some more already

Ok, those, and the Last.fm files, like killer.exe, cleaner.exe, crashreporter.exe, ipodscrobbler.exe and updater.exe.

With the programs at startup, not including all the microsoft files, I've got 4 that are listed as unknown, Ad-Aware 2007 Service (no threat I assume), InstallDriver table manager (don't know what this is), IPodService (which I'm removing because I don't need it), Office Source Engine (don't know) and Windows Live setup Service. Rest of them are O&O, Wavom, Zonelabs, Alpha networks etc.

[GarageGothic]

it's very strange that google doesn't yield any results, it's not even listen on windows process library...

A lot of trojans generate their own file names to avoid you looking them up, sometimes even partly based on file names already on your computer. I just removed a nasty trojan from my girlfriend's computer, and the file name also returned zero results on google.

I'd recommend scheduling a boot time scan since some viruses are hidden while Windows is running. I'm not sure if this is supported in AVG, but you could always download the free version of Avast! to do it. Turn off System Restore before running the check though, because some viruses uses it to restore themselves. You can turn it back on when the computer is clean (and create a clean restore point for future use).

[Tuomas]

Haha, what's this then? http://www.2dadventure.com/ags/avg.PNG

I don't think AVG supports that, GG, I don't suppose you'd wish to guide a bit on how to turn off something like system restore?

[GarageGothic]

Sure, go to Control Panel. Switch it to "Classic View" if it isn't already. Doubleclick "System". The "System Properties" window should now open and among the tabs there's one called "System Restore". Tick the box to switch off system restore for all drives.