Hi,

Any help here is appreciated.

Hya Mjfontec :smiley: , you have the same type of infection as the last time i see , so you know the drill by now: :icon_joke



Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.

Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.

Unzip Process Explorer and double click on procexp.exe
In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of geeba.dll once and then click the kill button.
After you have killed all of the geeba.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of geeba.dll then click the kill button.
Once you have done that click OK again.


Next run HijackThis and place a check beside each of the following:

Now click fix checked and close HijackThis.

Please copy the text in the quote below, and paste it into a blank notepad window.
Save it as vundo.reg and in the "save as" type box choose "all files".

Once you have saved it double click it and allow it to merge with the registry.





Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\system32\geeba.dll

Click the red circle with the white x and allow your computer to reboot.



After your computer has rebooted please run Hijackthis again and post a new Hijackthis log.

Thanks - here is the new log file.

Looks good to me. O0


Do you still have any problems?