Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: jkhfc.dll detected as virus by ZA ISS 7, but can't delete, remove, repair, or quarantine it, help!

  1. #1
    jasonalangraves Guest

    Default jkhfc.dll detected as virus by ZA ISS 7, but can't delete, remove, repair, or quarantine it, help!

    ZAISS 7 is detecting this file, as a virus, which is located in C:\Windows\System32\jkhfc.dll but ZA ISS can't repair, quarantine, delete, or otherwise deal with it. Any thoughts would be greatly appreciated.

    Thank you,

    Jason Alan Graves

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    BHO: WTLHelper Object - {BD6CD737-34E1-4864-8697-83EC081F1989} - C:\WINDOWS\system32\jkhfc.dll

    Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll






    Description of jkhfc.dll
    This is a component of Virtumonde. Virtumonde is a spyware application that regenerates itself each time you try to terminate the process and remove its files. It delivers ads to your computer screen continuously, interfering with your surfing habits and slowing down your usual computer activities.


    Recommendation for jkhfc.dll
    This is a serious threat to your system. Removal is the best option for this spyware.


    Trusted: No
    Trojan: No
    Chronic: No
    Adware: Yes
    Carrier: No
    Browser Hijacker: No
    Dialer: No
    Commercial Keylogger: No
    Remote Administration Tool: No
    Suspected: No

    Company Name: Virtumundo, Inc.
    Platforms Affected:
    Methods of Distribution: This is bundled with some versions of FreeWire.
    Variants/Versions:
    Release Date: 2003


    How to remove Virtumundo>




    download VundoFix.exe to your C:\.
    download from > http://www.atribune.org/ccount/click.php?id=4

    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    In case it says that nothing was been found, Right click the list box (white box) in the main VundoFix window.
    Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
    In the Window: copy and paste next in the first field: C:\WINDOWS\system32\jkhfc.dll
    Copy and paste next in the second field: C:\WINDOWS\System32\cfhkj.*
    Copy and paste next in the third field: C:\WINDOWS\SYSTEM32\winwll32.dll
    Click the Add Files button.
    Click the "Close Window" button.
    Click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.

    Run freeware CCleaner after (clean all files and uncheck the 48hr limit)>

    http://www.majorgeeks.com/CCleaner_S...ish_d4191.html

    Take the IE (these use ActiveX) and do these online scans>

    http://www.ewido.net/en/onlinescan/

    http://www.bitdefender.com/scan8/ie.html

    These detect and remove (for free).

    Download, install and update then run these freeware scanners>

    http://www.emsisoft.com/en/software/free/

    http://www.lavasoftusa.com/products/...e_personal.php

    http://www.superantispyware.com/

    After running the online scans, the downloaded applications scans and the first run after using the removal utility, run the CCleaner again.

    See if this remedy for this disease works.

    Be a little more careful with those file sharing programs- they do like to install unwanted software.

    Take care

    Oldsod

    Message Edited by Oldsod on 01-22-2007 02:05 PM
    Best regards.
    oldsod

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    Also see this thread. Lots of info on the hard to remove spyware.

    http://www.spywarepoint.com/forums/t...e-spyware.html

    Oddly enough, I accidently clicked the download link for the removal utility and the NOD32 web scanner jumped into action and quarantined the file. Just the mention of vitumundo is enough to start the alarm bells.

    Oldsod

    Message Edited by Oldsod on 01-22-2007 02:13 PM
    Best regards.
    oldsod

  4. #4
    jasonalangraves Guest

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    Hello, thank you for the reply, but the problem is, this was a fresh install of XP, and I don't do any file sharing, I don't believe in stealing software, so I don't know where this thing is coming from. It absolutely IS a hijacker, and it hijacks the "more information" link of ZoneAlarm's notification icons which in your reply, you said that it was not a hijacker. I have sent many messages to tech support, including e-mailing a zipped version of the file, but so far no updates. This installed with ZoneAlarm ISS 7, actually, not ZAISS 7 but rather the other piece of software I bought along with ZA, which was the "Anonymous Surfing" program by Anonymizer. To tell the truth, I can't even say for 100 % it was installed with either of these. All I know is this was a fresh install of XP, this was not present before I installed ZoneAlarm, but is after and ZAISS7 can't, or does not want to remove it.

    It's a little ridiculous that ZAISS 7 can't remove this thing, especially considering ZAISS7, Spyware Doctor 4 can't either though.

    Thank you,

    Jason Alan Graves

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    By hijacker it is usually implied a home page hijack. But it seems to be working with established links quite well.

    Some spyware is very tough to actually remove- the only recourse for some types is to just reformat and reinstall the windows OS.

    You do not happen to be in the UK using FreeWire?

    This spyware that is in your PC has a rootkit involved and neither the ZA or the SpywareDoctor are equipped to handle rootkits properly. Yes I know, PCTools advertises that it does remove rootkits, but only for some of the more common types of rootkits. Most rootkit scaners are simply detectors and the actual removal is done manually. Plus rootkits that are unique are very hard to actually remove- they continually reappear and introduce trojans and various adware/malware/keyloggers to no end. The ZA scanner does not handle BHO, so that is out of it's grasp as well.

    Try the special tool suggested in my post and see if that does the trick.

    TTYL

    Oldsod
    Best regards.
    oldsod

  6. #6
    jasonalangraves Guest

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    Hello, and thank you again for the response. I just tried that tool, but, in mid-scan, it causes XP to give me the blue screen of death. I'll try it again, but this time disabling ZAISS7 and SD4. Also, to answer your other questions; I'm not in the UK, and I have no idea what freewire is.

    Thank you,
    Jason Alan Graves

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    You could try a HJT forum. It is a free service that many security forums offer from trained experts in this field.
    Vut their advice will quite possibily be the very same as I have tried to collect for you.

    Try one of these and maybe they can offer better advice and removal...

    http://castlecops.com/forum67.html

    http://www.bleepingcomputer.com/foru...lysis-f22.html

    http://boards.cexx.org/viewforum.php?f=1

    Oldsod
    Best regards.
    oldsod

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    I am surprised that the ZASS7 and SpywareDocotor 4 haven't given any BSOD- many users have reported issues with PCTools. PCTools is fixing the SpyWareDoctor now to fix this problem.

    Freewire is a P2P application that is known to install this spyware.

    Yes please try the tool without any security applications running. That will help. If the BSOD happens again, them just follow the instructions on how to tell it to just remove the files that are manually inserted.

    Oldsod

    Message Edited by Oldsod on 01-22-2007 06:54 PM
    Best regards.
    oldsod

  9. #9
    jasonalangraves Guest

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    Hello,

    In response to your message, SD4 and ZAISS7 did give me the BSOD, and when it did not give me the BSOD, it threw my PC into a fail on reboot circle........

    BUT

    I have resolved that issue by adjusting settings in both SD4 and ZAISS7, and they both run happily together on my PC, even running both of them as startup programs. I posted my solution to the SD4 and ZAISS7 conflict here yesterday or the day before. It also involved disabling 1 startup component via msconfig, but the solution worked. I would like to see that it works for other people as well, but with PC's it's hard to say as so many people have an almost infinite number of different configurations.

    Thank you,

    Jason Alan Graves

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: jkhfc.dll detected as virus by ZA ISS 7

    Did you disable the srescan? That is not really the best fix, since the srescan is an important component of ZA.

    Oldsod
    Best regards.
    oldsod

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •