Hi, i recently started getting the popups addociated with the storage protector infection and got all the pos files in the c: and in my documents folder. i looked up help tips online and went through these steps:
OK let's stsrt here. Please follow these instructions from our tutorial.
How To Remove Vundo/Winfixer Infection
After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply. If vundofix stalls or fails to run, continue with the rest of the steps and try running it again afterwards.
--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Go to the top of the page
+Quote Post
quietman7
View Member Profile
post Feb 15 2008, 12:34 PM
Post #5
Bleepin' Janitor
******
Group: Global Moderator
Posts: 8,789
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513
After following boopme's instructions, continue as follows.
Please download AutoRuns and save it to your Desktop.
* Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
* Open the folder and double-click on autoruns.exe to launch it.
* Please be patient as it scans and populates the entries.
* When done scanning, it will say Ready at the bottom.
* Scroll through the list and look for an entries related to strpmon.exe or transpaid.exe.
* If found, right-click on the entry and choose delete.
* Exit the program when done.
If strpmon.exe is not present, skip and continue.
Please download OTMoveIt2 by OldTimer and save to your Desktop.
* Double-click on OTMoveIt2.exe to launch the program.
* Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.
QUOTE
C:\Program Files\StorageProtector
C:\Program Files\Common Files\StorageProtector
C:\Documents and Settings\All Users\Application Data\StorageProtector
* Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the light blue bar) and choose Paste.
* Click the red MoveIt! button.
* The list will be processed and the results will be displayed in the right-hand pane.
* Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
* Click Exit when done.
* A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
QUOTE
Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.
Then search for and delete the following folder in bold if still present. You can use Windows Explorer to navigate to there:
C:\Documents and Settings\<your username>\Application Data\storageprotector <- this folder
Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
* Under the "Configuration and Preferences", click the Preferences... button.
* Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
* Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit the program.
* Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Double-click ATF-Cleaner.exe to run the program.
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
Scan with SUPERAntiSpyware as follows:
* Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
This post has been edited by quietman7: Feb 15 2008, 12:38 PM
--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008
Go to the top of the page
+Quote Post
Wassim
View Member Profile
post Feb 15 2008, 06:05 PM
Post #6
Forum Regular
***
Group: Members
Posts: 154
Joined: 7-April 07
From: Byblos, Lebanon, Middle East.
Member No.: 122,872
ok guys,
i ran VundoFix.exe and it found 4 dlls' among them one that i already suspected to be the problem.
Anyways the performance is much better now.
The Shortcuts on the desktop are not showing anymore each time i startup my PC, and the CPU usage returned to normal.
Still My Documents opens by itself each time i start up but i guess this is more of a windows problem, what do you think?
Anyways thanks a lot, i was about to format my PC because it became so annoying lately.
I didnt go to any of the steps mentioned by quietman7, i only used the VundoFix.exe mentioned by boopme, should i go through the other steps mentioned by quietman for more security?
Vundofix.exe Log File
QUOTE
VundoFix V6.7.8
Checking Java version...
Scan started at 11:33:32 AM 2/15/2008
Listing files found while scanning....
C:\WINDOWS\system32\jnixrdsr.dll
C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini2
C:\windows\system32\pmkjk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jnixrdsr.dll
C:\WINDOWS\system32\jnixrdsr.dll Has been deleted!
Attempting to delete C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini Has been deleted!
Attempting to delete C:\windows\system32\kjkmp.ini2
C:\windows\system32\kjkmp.ini2 Has been deleted!
Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini Has been deleted!
Attempting to delete C:\windows\system32\kjkmp.ini2
C:\windows\system32\kjkmp.ini2 Has been deleted!
Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Oh and i forgot to ask, in C: there is a folder created by VundoFix.exe called VundoFix Backups containing the DLLs but changing the extention to .old, can i delete the folder?
This post has been edited by Wassim: Feb 15 2008, 06:08 PM
--------------------
"Shapes of every size, move behind my eyes"
Go to the top of the page
+Quote Post
boopme
View Member Profile
post Feb 15 2008, 10:13 PM
Post #7
To INSANITY and BEYOND !!
******
Group: Moderator
Posts: 4,560
Joined: 10-September 04
From: NJ USA
Member No.: 2,608
Please follow all Quietman7's advice first. He is a malware wizard.
--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Go to the top of the page
+Quote Post
Wassim
View Member Profile
post Feb 16 2008, 05:58 AM
Post #8
Forum Regular
***
Group: Members
Posts: 154
Joined: 7-April 07
From: Byblos, Lebanon, Middle East.
Member No.: 122,872
Ok i will and i will keep you up todate with the results.
Thanks a lot.
--------------------
"Shapes of every size, move behind my eyes"
Go to the top of the page
+Quote Post
quietman7
View Member Profile
post Feb 16 2008, 08:45 AM
Post #9
Bleepin' Janitor
******
Group: Global Moderator
Posts: 8,789
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513
QUOTE
Still My Documents opens by itself each time i start up
This step involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.
Click on the link below:
Troubleshooting Windows XP, Tweaks and Fixes for Windows XP
Scroll down to #255 on the right and click on "My Documents Folder Opens Upon Boot" in the right column. In the page that opens, go to File, choose "Save page as" All Files and save userinit.reg to your desktop. Double-click on that file and choose "Yes" to merge it into the registry when prompted. Once you get a successful message delete the file and reboot.
Also see My Documents Folder Opens When Logging on to Windows.
--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008
Go to the top of the page
+Quote Post
Wassim
View Member Profile
post Feb 17 2008, 09:16 AM
Post #10
Forum Regular
***
Group: Members
Posts: 154
Joined: 7-April 07
From: Byblos, Lebanon, Middle East.
Member No.: 122,872
Well Quiteman7 i tried both ways and it didn't solve the problem.
And By The way OTMoveIt2.exe didn't find the folders you told me about.
--------------------
"Shapes of every size, move behind my eyes"
Go to the top of the page
+Quote Post
quietman7
View Member Profile
post Feb 17 2008, 03:27 PM
Post #11
Bleepin' Janitor
******
Group: Global Moderator
Posts: 8,789
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513
The files/folders I had you check for with OTMoveIt2 are common locations for StorageProtector files. If you didn't find them, that's ok as I just wanted to be sure we removed them if present.
As for your issue with the My Documents folder opening at startup, those two links are the most common solutions. We will need to investigate further if they are not working for you.
--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008
after all was done the windows update and help and support icons are there but without the icon picture. i still have the pos files in both the c: and my documents folder and my c: icon is a red X. i am no longer getting the popups and errors but i need to get rid of the pos files and ensure there is nothing left of the infection. Can you please help me further?
OK let's stsrt here. Please follow these instructions from our tutorial.
How To Remove Vundo/Winfixer Infection
After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply. If vundofix stalls or fails to run, continue with the rest of the steps and try running it again afterwards.
--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Go to the top of the page
+Quote Post
quietman7
View Member Profile
post Feb 15 2008, 12:34 PM
Post #5
Bleepin' Janitor
******
Group: Global Moderator
Posts: 8,789
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513
After following boopme's instructions, continue as follows.
Please download AutoRuns and save it to your Desktop.
* Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
* Open the folder and double-click on autoruns.exe to launch it.
* Please be patient as it scans and populates the entries.
* When done scanning, it will say Ready at the bottom.
* Scroll through the list and look for an entries related to strpmon.exe or transpaid.exe.
* If found, right-click on the entry and choose delete.
* Exit the program when done.
If strpmon.exe is not present, skip and continue.
Please download OTMoveIt2 by OldTimer and save to your Desktop.
* Double-click on OTMoveIt2.exe to launch the program.
* Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.
QUOTE
C:\Program Files\StorageProtector
C:\Program Files\Common Files\StorageProtector
C:\Documents and Settings\All Users\Application Data\StorageProtector
* Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the light blue bar) and choose Paste.
* Click the red MoveIt! button.
* The list will be processed and the results will be displayed in the right-hand pane.
* Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
* Click Exit when done.
* A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
QUOTE
Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.
Then search for and delete the following folder in bold if still present. You can use Windows Explorer to navigate to there:
C:\Documents and Settings\<your username>\Application Data\storageprotector <- this folder
Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
* Under the "Configuration and Preferences", click the Preferences... button.
* Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
* Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit the program.
* Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Double-click ATF-Cleaner.exe to run the program.
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
Scan with SUPERAntiSpyware as follows:
* Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
This post has been edited by quietman7: Feb 15 2008, 12:38 PM
--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008
Go to the top of the page
+Quote Post
Wassim
View Member Profile
post Feb 15 2008, 06:05 PM
Post #6
Forum Regular
***
Group: Members
Posts: 154
Joined: 7-April 07
From: Byblos, Lebanon, Middle East.
Member No.: 122,872
ok guys,
i ran VundoFix.exe and it found 4 dlls' among them one that i already suspected to be the problem.
Anyways the performance is much better now.
The Shortcuts on the desktop are not showing anymore each time i startup my PC, and the CPU usage returned to normal.
Still My Documents opens by itself each time i start up but i guess this is more of a windows problem, what do you think?
Anyways thanks a lot, i was about to format my PC because it became so annoying lately.
I didnt go to any of the steps mentioned by quietman7, i only used the VundoFix.exe mentioned by boopme, should i go through the other steps mentioned by quietman for more security?
Vundofix.exe Log File
QUOTE
VundoFix V6.7.8
Checking Java version...
Scan started at 11:33:32 AM 2/15/2008
Listing files found while scanning....
C:\WINDOWS\system32\jnixrdsr.dll
C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini2
C:\windows\system32\pmkjk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jnixrdsr.dll
C:\WINDOWS\system32\jnixrdsr.dll Has been deleted!
Attempting to delete C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini Has been deleted!
Attempting to delete C:\windows\system32\kjkmp.ini2
C:\windows\system32\kjkmp.ini2 Has been deleted!
Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini Has been deleted!
Attempting to delete C:\windows\system32\kjkmp.ini2
C:\windows\system32\kjkmp.ini2 Has been deleted!
Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Oh and i forgot to ask, in C: there is a folder created by VundoFix.exe called VundoFix Backups containing the DLLs but changing the extention to .old, can i delete the folder?
This post has been edited by Wassim: Feb 15 2008, 06:08 PM
--------------------
"Shapes of every size, move behind my eyes"
Go to the top of the page
+Quote Post
boopme
View Member Profile
post Feb 15 2008, 10:13 PM
Post #7
To INSANITY and BEYOND !!
******
Group: Moderator
Posts: 4,560
Joined: 10-September 04
From: NJ USA
Member No.: 2,608
Please follow all Quietman7's advice first. He is a malware wizard.
--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Go to the top of the page
+Quote Post
Wassim
View Member Profile
post Feb 16 2008, 05:58 AM
Post #8
Forum Regular
***
Group: Members
Posts: 154
Joined: 7-April 07
From: Byblos, Lebanon, Middle East.
Member No.: 122,872
Ok i will and i will keep you up todate with the results.
Thanks a lot.
--------------------
"Shapes of every size, move behind my eyes"
Go to the top of the page
+Quote Post
quietman7
View Member Profile
post Feb 16 2008, 08:45 AM
Post #9
Bleepin' Janitor
******
Group: Global Moderator
Posts: 8,789
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513
QUOTE
Still My Documents opens by itself each time i start up
This step involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.
Click on the link below:
Troubleshooting Windows XP, Tweaks and Fixes for Windows XP
Scroll down to #255 on the right and click on "My Documents Folder Opens Upon Boot" in the right column. In the page that opens, go to File, choose "Save page as" All Files and save userinit.reg to your desktop. Double-click on that file and choose "Yes" to merge it into the registry when prompted. Once you get a successful message delete the file and reboot.
Also see My Documents Folder Opens When Logging on to Windows.
--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008
Go to the top of the page
+Quote Post
Wassim
View Member Profile
post Feb 17 2008, 09:16 AM
Post #10
Forum Regular
***
Group: Members
Posts: 154
Joined: 7-April 07
From: Byblos, Lebanon, Middle East.
Member No.: 122,872
Well Quiteman7 i tried both ways and it didn't solve the problem.
And By The way OTMoveIt2.exe didn't find the folders you told me about.
--------------------
"Shapes of every size, move behind my eyes"
Go to the top of the page
+Quote Post
quietman7
View Member Profile
post Feb 17 2008, 03:27 PM
Post #11
Bleepin' Janitor
******
Group: Global Moderator
Posts: 8,789
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513
The files/folders I had you check for with OTMoveIt2 are common locations for StorageProtector files. If you didn't find them, that's ok as I just wanted to be sure we removed them if present.
As for your issue with the My Documents folder opening at startup, those two links are the most common solutions. We will need to investigate further if they are not working for you.
--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008
after all was done the windows update and help and support icons are there but without the icon picture. i still have the pos files in both the c: and my documents folder and my c: icon is a red X. i am no longer getting the popups and errors but i need to get rid of the pos files and ensure there is nothing left of the infection. Can you please help me further?
