Removing mljge.dll - Free Antivirus Forum

Removing mljge.dll

BullGuard Antivirus Forum > General Security > Spyware > Removing mljge.dll

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

yoss
New Member

Date Joined Feb 2006
Total Posts : 1

Posted 2-12-2006 7:23 (GMT +1)

Well, here is my nightmare... I'm trying to fight the WinFixer...

1. While trying to remove BHO and Winlogon Notify mljge using HijackThis -

those entries are shown again and again in the HijackThis scan results.

Also, I'm trying to remove the mljge.dll from c:\WINDOWS\system32 using

HijackThis but with now luck - after rebooting its showed up again.

2. While running Ad-Aware process scan - the program inform that it has

found 2 critical objects, and right after that the computer crashes (Blue Screen).

BTW, I'm using Symantec Anti-virus, Ad-Aware, Spybot, XoftSpy, HijackThis, cwshredder, Spyware Doctor, Microsoft Anti-Spyware, ewido, regclean, cleanup.

Any suggestions?

Thank in advanced!

Logfile of HijackThis v1.99.1
Scan saved at 19:57:30, on 12/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM HTTP Server\bin\apache.exe
C:\Program Files\IBM HTTP Server\bin\apache.exe
C:\Program Files\C4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\Program Files\IBM HTTP Server\bin\apache.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\IBM HTTP Server\bin\apache.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Barak013\fts.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\Program Files\Barak013\Barak013_L2TP\fts.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Barak013\FWPortal.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Web protection\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tech/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\mljge.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [%FP%Barak013 fts.exe] "C:\Program Files\Barak013\fts.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [%FP%Barak013 L2TP fts.exe] "C:\Program Files\Barak013\Barak013_L2TP\fts.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [%FP%Barak013 FWPortal.exe] "C:\PROGRA~1\Barak013\FWPortal.exe" -no_dialog
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\OfficeXP\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O15 - Trusted Zone: http://*.093qpeuqpmz6ebfa.com
O15 - Trusted Zone: http://*.0texkax7c6hzuidk.com
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx2.7.cab
O16 - DPF: {E765747B-A0E4-4BD4-93E4-EA0E3500D57C} (PDM Plugin) - http://lwpdemo2.dfw.ibm.com/lwp/pdm/plugin/PDMPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F75DCA9E-646D-49D4-8554-E2475CDCB93F}: NameServer = 62.90.133.233 212.150.48.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = azorim.il.ibm.com,telaviv.ibm.com,tel.il.ibm.com,il.ibm.com,ibm.com,ibm.com,ibm.com,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = azorim.il.ibm.com,telaviv.ibm.com,tel.il.ibm.com,il.ibm.com,ibm.com,ibm.com,ibm.com,
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 - DB2 (DB2) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM HTTP Administration 6.0 (IBMHTTPAdministration6.0) - Unknown owner - C:\Program Files\IBM HTTP Server\bin\apache.exe" -k runservice (file missing)
O23 - Service: IBM HTTP Server 6.0 (IBMHTTPServer6.0) - Unknown owner - C:\Program Files\IBM HTTP Server\bin\apache.exe" -k runservice (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM WebSphere Application Server V6 - lt03470aNode01 (IBMWAS6Service - lt03470aNode01) - Unknown owner - C:\Program Files\IBM\WebSphere\AppServer1\bin\wasservice.exe" "IBMWAS6Service - lt03470aNode01 (file missing)
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: PrintBOS Service - Unknown owner - C:\BSPRBOSS\Bsntsrvc.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

antispy
Junior Member

Date Joined May 2005
Total Posts : 93

Posted 2-13-2006 10:04 (GMT +1)

here is a guide you should try to use in removing winfixer: remove winfixer

leduke
New Member

Date Joined Jan 2006
Total Posts : 23

Posted 2-13-2006 4:34 (GMT +1)

Hello

Please try this Winfixer removal instructions. Hope it will be helpful. :)

rpggamergirl
Forum Moderator

Date Joined Dec 2005
Total Posts : 1530

Posted 2-24-2006 11:27 (GMT +1)

You have a vundo infection. Please run either one of these scans:

1. Please download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Put a check next to "Run VundoFix as a task".
You will receive a message saying vundofix will close and re-open in a minute or less.
Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.

Or this:

2. Download VirtumundoBegone from here:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
and save it to your desktop. When you have done this doubleclick on VirtumundoBeGone.exe and follow the instructions. When it has finished, reboot. If you like, post the log that is created on your desktop called VBG.TXT in your next reply. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.

Winchester3

Date Joined Oct 2007
Total Posts : 0

Posted 10-15-2007 11:53 (GMT +1)

After a long night of trying to remove the Spam wear i had, i thought it was the mljge.dll file that was causing it. So after trying many different things i found this forum and tried your #1 rpggamergirl and after a few reboots, vundofix took care of it. However the mljge.dll file is still there. If it wasnt mljge.dll file wasnt the cause of my spam then what is mljge.dll for?

Thanks

*SexxyKitty*
New Member

Date Joined Jan 2008
Total Posts : 2

Posted 1-24-2008 8:30 (GMT +1)

Hi Im having a bit of the same problem and i also did what you suggested rrpggamergirl but it didnt seem to work the second one was just confuseing and the first one didnt go as plannned; i dled it onto my desktop but when i double clicked it it went straight to scan for vundo part and it skipped the msg thingy and the part where i click the box next to run vundofix as a task. and then when it was done it didnt find ne thing =/

the virus i have is called Trojan.Vundo and when i scanned it on a different virus scanner it found it; it also said the:
Folder was: C:/WINDOWS/System32..
Files: ljjjhfc.dll and mljge.dll
Status: Infected
Threat Name: Trojan.Vundo

Sadly when i tried to fix the problem it failed; then it tried to Quarantine but it failed and then lastly it tried to delete them but that also failed =/ so it did absloutly nothing but tell me what the virus was and were; now what i need to do or learn how to do it; is fix it >.< so i can play WoW XD and have a healthy comp that doesnt lag a lot XD

So can someone plz explain to meh what my comp is going threw and why and how and how to fix it =( cuz im hopeless ive tried everything to Defraging it to scanning to system restoreing (which also was an incomplete due to god knows what) and so on; ive tried like 4 different virus scans; pllzzzzzzzz i beg you!! helps meh!!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted 1-24-2008 10:07 (GMT +1)

I've locked this thread since the issue is old. Please pm a mod if you have any questions.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Thursday, November 20, 2008 9:02 PM (GMT +1)
There are a total of 63.945 posts in 15.823 threads.
In the last 3 days there were 34 new threads and 162 reply posts. View Active Threads