JambanMu.com and Flash.10.exe

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Technical Support

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

Virus/Malware JambanMu.com and Flash.10.exe, need help in removing this malware

views

TSfarique	Oct 3 2007, 10:20 PM, updated 18y ago Show posts by this member only \| Post #1
8_8 Senior Member 2,147 posts Joined: Mar 2005	Hello, this problem is not from my PC. Its from a laptop installed with Windows Vista Ultimate. Each time it boots up, there will be warning saying that JambanMu.com could not be find or Flash.10.exe can not be executed because the file is not there. So, I ran Hijackthis and here is the scan log. » Click to show Spoiler - click again to hide... « Logfile of HijackThis v1.99.1 Scan saved at 10:13:11 PM, on 3/10/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\wuauclt.exe C:\Users\Core2\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe "C:\Windows\System32\JambanMu.com" F3 - REG:win.ini: load=Flash.10.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Windows MSN] C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn O4 - Global Startup: (Empty).empty O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe could anyone pin point which entry shall I fix? Thanks.
Card PM	Report Top Like Quote Reply

TSfarique	Oct 3 2007, 10:39 PM Show posts by this member only \| Post #2
8_8 Senior Member 2,147 posts Joined: Mar 2005	nvm.. the problem solved. For those who are having the same problem with me, you can just download this KillFlash.10.exe and run it. It works well. Kudos, to the programmer for this program.
Card PM	Report Top Like Quote Reply

lamely_named	Oct 4 2007, 10:25 AM Show posts by this member only \| Post #3
I got younger. ROLLZ. Senior Member 1,931 posts Joined: Jan 2003 From: Human Mixbreeding Farm	why is everyone getting jambanmu.com recently? is this a virus that spread through a local malaysian porn site? you naughty.
Card PM	Report Top Like Quote Reply

edan1979	Oct 4 2007, 10:31 AM Show posts by this member only \| Post #4
GruMpy_MoDe Senior Member 5,511 posts Joined: Jun 2006 From: On Earth.	they went to free toilet maybe... yup i saw lots of it recently... even in my office pc... donno where it came from... just pop up...
Card PM	Report Top Like Quote Reply

lamely_named	Oct 4 2007, 10:48 AM Show posts by this member only \| Post #5
I got younger. ROLLZ. Senior Member 1,931 posts Joined: Jan 2003 From: Human Mixbreeding Farm	http://www.pandasecurity.com/homeusers/sec...da=particulares according to panda security. "It spreads via mapped drive". hahhaha, another USB thumbdrive virus. you guyz been sharing porn through thumbdrive is it? hehe.
Card PM	Report Top Like Quote Reply

AzkA	Oct 4 2007, 11:19 AM Show posts by this member only \| Post #6
sep netok Senior Member 811 posts Joined: Sep 2006 From: somewhere i belong	QUOTE(lamely_named @ Oct 4 2007, 10:25 AM) why is everyone getting jambanmu.com recently? is this a virus that spread through a local malaysian porn site? you naughty. jambanmu.com generate some file internet explorer in partion that install window,so who infected this virus should read the message..maybe local people created this virus
Card PM	Report Top Like Quote Reply

shiinkuro31	Oct 4 2007, 01:17 PM Show posts by this member only \| Post #7
Chef of Straw Hat Pirates Senior Member 1,259 posts Joined: Feb 2005 From: North Blue	QUOTE(farique @ Oct 3 2007, 10:39 PM) nvm.. the problem solved. For those who are having the same problem with me, you can just download this KillFlash.10.exe and run it. It works well. Kudos, to the programmer for this program. is this the one which created a flash icon, folder option got hide, msconfig n regedit cant be accesed?????
Card PM	Report Top Like Quote Reply

rich8833	Oct 4 2007, 04:53 PM Show posts by this member only \| Post #8
Look at my stars! Senior Member 2,194 posts Joined: Nov 2006 From: Beach Town	QUOTE(farique @ Oct 3 2007, 10:39 PM) nvm.. the problem solved. For those who are having the same problem with me, you can just download this KillFlash.10.exe and run it. It works well. Kudos, to the programmer for this program. for those who cannot unzip the above, can download from here.
Card PM	Report Top Like Quote Reply

spayre	Oct 4 2007, 07:51 PM Show posts by this member only \| Post #9
hush puppy Senior Member 1,251 posts Joined: Jan 2003	according to word on the street, the jambanmu virus was created by indonesian.. not malaysian...
Card PM	Report Top Like Quote Reply

AzkA	Oct 4 2007, 09:46 PM Show posts by this member only \| Post #10
sep netok Senior Member 811 posts Joined: Sep 2006 From: somewhere i belong	QUOTE(spayre @ Oct 4 2007, 07:51 PM) according to word on the street, the jambanmu virus was created by indonesian.. not malaysian... created from indonesian....very fast spread..anyone know the purpose this virus?
Card PM	Report Top Like Quote Reply

k!nex	Oct 4 2007, 10:42 PM Show posts by this member only \| Post #11
Restless stars Senior Member 3,389 posts Joined: Mar 2007 From: KL	is it like brontok???same thing pops up a stupid green colour disgusting screensaver??den got disable folder options and stuff?? another 'good job' from indonesians again...sick of them.
Card PM	Report Top Like Quote Reply

duncan880409	Oct 4 2007, 10:49 PM Show posts by this member only \| Post #12
Like Working in My Lab ^^ Senior Member 3,700 posts Joined: May 2007 From: KT/UTM Skudai	ya, wat i can know, brontok n jamban is from info, thier purpose i really dunno, if somebody can share tis?>
Card PM	Report Top Like Quote Reply

fantagero	Nov 16 2007, 03:28 AM Show posts by this member only \| Post #13
[ToFish4RepliesLikeYours] Senior Member 2,723 posts Joined: Jan 2006 From: Pekopon Planet ~~~	if u guys noticed. after infected by jamban mu.. u can see at my computer propeties.. the computer registered to changed.. anyone knows how to change it ?? registry maybe??
Card PM	Report Top Like Quote Reply

sani154ta	Nov 16 2007, 04:57 AM Show posts by this member only \| Post #14
New Member Junior Member 17 posts Joined: Dec 2005	hahaha the virus name is kinda funny.... jamban......
Card PM	Report Top Like Quote Reply

cipherz6	Nov 16 2007, 09:32 AM Show posts by this member only \| Post #15
Getting Started Junior Member 104 posts Joined: May 2007 From: Shah Alam, Selangor	QUOTE(duncan880409 @ Oct 4 2007, 10:49 PM) ya, wat i can know, brontok n jamban is from info, thier purpose i really dunno, if somebody can share tis?> Brontok (the name) came from a certain Indonesia's dialect. Translated into Bahasa Melayu, it means, Berontak @ Memberontak; In English; Rebel, Rebellious (I guess) "Brontok Virus came from Indonesia. It arrives as an attachment of e-mail named kangen.exe. When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings in the window title, the computer reboots. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender. The computer also restarts when trying to open MS Dos in Windows and Downloading Files from the Internet. It also pop ups an Internet browser which is located in the my pictures folder." Hidden Message in Indonesian (and some broken English). When translated, this reads: "[By: H [REMOVED] Community] -- stop the collapse in this country -- 1. Try the Hoodlums, the Smugglers, the Bribers, the gamblers, & drugs Port (Send to "Nusakambangan") -- 2.Stop Free Sex, Abortion, & Prostitution 3.Stop (sea and river pollution), forest burning, & wild hunting. 4.SAY NO TO DRUGS!!! - THE END IS NEAR - Inspired by: (Spizaetus Cirrhatus) that is almost extinct [By: H [REMOVED] unity --" From Wikipedia Check it for more info Before this Brontok, now jamban, Indonesian now days really maju lah This post has been edited by cipherz6: Nov 16 2007, 09:41 AM
Card PM	Report Top Like Quote Reply

hafiez	Nov 16 2007, 10:35 AM Show posts by this member only \| Post #16
Look at all my stars!! Senior Member 2,980 posts Joined: Jan 2007 From: Mount Chiliad	the purpose is simple i guess. to make other people suffer because of certain important program being disable. and they (who the sick developer) think that they're really brilliant because a lot of people suffer because of them. well, famous because of the virus. have you all heard surat utk edelin virus? the joke program. This post has been edited by hafiez: Nov 16 2007, 10:36 AM
Card PM	Report Top Like Quote Reply

cipherz6	Nov 16 2007, 10:38 AM Show posts by this member only \| Post #17
Getting Started Junior Member 104 posts Joined: May 2007 From: Shah Alam, Selangor	QUOTE(hafiez @ Nov 16 2007, 10:35 AM) the purpose is simple i guess. to make other people suffer because of certain important program being disable. and they (who the sick developer) think that they're really brilliant because a lot of people suffer because of them. well, famous because of the virus. have you all heard surat utk edelin virus? the joke program. surat utk edelin virus? care to story a lil bit.. wanna know
Card PM	Report Top Like Quote Reply

hafiez	Nov 16 2007, 10:43 AM Show posts by this member only \| Post #18
Look at all my stars!! Senior Member 2,980 posts Joined: Jan 2007 From: Mount Chiliad	rumors said that this guy who are playing with his shadow. in love with this one gurl (but edelin didnt layan him or sumthing), who is my class mate. this guy maybe too shy to f2f with edelin, so he create a joke program named after that virus. well, its not a virus i guess. just a joke program. in that notepad said, i love you or sumthing. i didnt remember. i only opened the notepad once and showed to edelin. she's so piss off. but she just forget about it. nothing can do. the funny part is, she apologize to everybody who get infected by that virus. i mean, in our college la. btw, u r from shah alam rite? u r student from UiTM? i can say that 90% of the student in our college infected by this virus. hmm.. funny virus. This post has been edited by hafiez: Nov 16 2007, 10:44 AM
Card PM	Report Top Like Quote Reply

fantagero	Nov 16 2007, 11:57 AM Show posts by this member only \| Post #19
[ToFish4RepliesLikeYours] Senior Member 2,723 posts Joined: Jan 2006 From: Pekopon Planet ~~~	anyone knows how to solve my prob?
Card PM	Report Top Like Quote Reply

hafiez	Nov 16 2007, 11:59 AM Show posts by this member only \| Post #20
Look at all my stars!! Senior Member 2,980 posts Joined: Jan 2007 From: Mount Chiliad	QUOTE(fantagero @ Nov 16 2007, 11:57 AM) anyone knows how to solve my prob? try this.. http://www.astahost.com/info.php/how-chang...n-xp_t2311.html
Card PM	Report Top Like Quote Reply

fantagero	Nov 16 2007, 12:50 PM Show posts by this member only \| Post #21
[ToFish4RepliesLikeYours] Senior Member 2,723 posts Joined: Jan 2006 From: Pekopon Planet ~~~	thank you
Card PM	Report Top Like Quote Reply

hafiez	Nov 16 2007, 04:08 PM Show posts by this member only \| Post #22
Look at all my stars!! Senior Member 2,980 posts Joined: Jan 2007 From: Mount Chiliad	ur welcome. but, does your problem fixed mr farique?
Card PM	Report Top Like Quote Reply

zero_hour	Dec 29 2007, 07:20 PM Show posts by this member only \| Post #23
Regular Senior Member 1,776 posts Joined: Oct 2004	Just for update u guys, QUOTE snurf Sep 19 2007, 02:07 PM kesan dari virus Flash.10.exe & Macromedia.10.exe search topik tu pastu cari removal nak tukar Properties My Computer tu just edit registry [ Start - Run - regedit - OK ] browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion edit value ni RegisteredOrganization (JambanMu) RegisteredOwner (Die!Die!Die!) that's all thats snurf from Putera.com
Card PM	Report Top Like Quote Reply

phyzhoe	Dec 30 2007, 07:15 PM Show posts by this member only \| Post #24
New Member Newbie 2 posts Joined: Dec 2007	I tried using the removal but after i restart my pc. its still infected QUOTE(zero_hour @ Dec 29 2007, 07:20 PM) Just for update u guys, thats snurf from Putera.com This one worked.
Card PM	Report Top Like Quote Reply

seanlimys	Dec 31 2007, 09:01 AM Show posts by this member only \| Post #25
Look at all my stars!! Senior Member 2,751 posts Joined: Jan 2003 From: Taiping	search at google..alot of solution..look for the smal softwares made by malaysians
Card PM	Report Top Like Quote Reply

sUBs	Jan 1 2008, 08:58 PM Show posts by this member only \| Post #26
RIP VIP 3,941 posts Joined: Jan 2005	http://forum.lowyat.net/index.php?showtopi...post&p=13500697 QUOTE(farique @ Oct 3 2007, 10:39 PM) For those who are having the same problem with me, you can just download this KillFlash.10.exe and run it. It works well. Kudos, to the programmer for this program. QUOTE Attached File KillFlash1.0.zip ( 304.67k ) Number of downloads: 586 Kudos to the 587 who unwittingly deleted legit system files & registry entries. Who would have thought that common sense would fail to prevail. QUOTE Comments -Still in beta.Please send any comment or suggestion to freaz89@yahoo.com FileDescription Software to remove flash.10 virus from you PC. FileVersion - 1.0.0.0 LegalCopyright - This is a free software and can be freely distributed. Made by - freaz@JAD » Click to show Spoiler - click again to hide... « File System Modifications The following file was created in the system: # Filename(s) File Size File MD5 1 [file and pathname of the sample #1] 329,805 bytes 0x05796FB43A83AC87D4E4AF10A8394244 The following file was deleted: %System%\regedt32.exe Note: %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). Memory Modifications There was a new process created in the system: Process Name Process Filename Main Module Size [filename of the sample #1] [file and pathname of the sample #1] 815,104 bytes Registry Modifications The following Registry Keys were created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System The following Registry Key was deleted: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run The newly created Registry Values are: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] NoControlPanel = 0x00000000 NoFolderOptions = 0x00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] DisableCAD = 0x00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions = 0x00000000 NotoolBarsOnTaskBar = 0x00000000 NoShellSearchButto = 0x00000000 <..... not a valid registry value NoRun = 0x00000000 NoFind = 0x00000000 NoTrayItemsDisplay = 0x00000000 NoControlPanel = 0x00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore] NoFileMenu = 0x00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools = 0x00000000 DisableTaskMgr = 0x00000000 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System] DisableCMD = 0x00000000 The following Registry Values were deleted: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] MSMSGS = ""C:\Program Files\Messenger\msmsgs.exe" /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] load = "" The following Registry Value was modified: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell = "explorer.exe" This post has been edited by sUBs: Jan 2 2008, 12:29 AM
Card PM	Report Top Like Quote Reply

TSfarique	Jan 17 2008, 03:59 PM Show posts by this member only \| Post #27
8_8 Senior Member 2,147 posts Joined: Mar 2005	sUBs, were there will be major problem surface later on by that? I seriously didnt know about that. I just found the solution on the internet. I am terribly sorry for those who have downloaded that fixing .exe
Card PM	Report Top Like Quote Reply

rekaito_90	Jan 17 2008, 11:43 PM Show posts by this member only \| Post #28
Getting Started Junior Member 51 posts Joined: Jan 2008	haha..go to properties at my computer..see whether ur registered name change or not..mine was change..jambanmu..haha..but the virus ilang already..then folder option will hilang..i use software [forgot the name] its restore n i can use my folder option back
Card PM	Report Top Like Quote Reply

DragonMebius	Jan 18 2008, 09:13 AM Show posts by this member only \| Post #29
ZGMF-X20A Senior Member 1,282 posts Joined: Jan 2008 From: Penang,Seberang Jaya	Can kaspersky and NOD32 detect jambanmu and Brontok Virus ?
Card PM	Report Top Like Quote Reply

normeck	Jan 18 2008, 12:27 PM Show posts by this member only \| Post #30
Look at all my stars!! Senior Member 3,158 posts Joined: Dec 2006	so how to clear this jambanmu?
Card PM	Report Top Like Quote Reply

frankieNrosie	Jan 18 2008, 12:32 PM Show posts by this member only \| Post #31
b\|\|ooDY b\|u3s Senior Member 786 posts Joined: Nov 2007	QUOTE(farique @ Oct 3 2007, 10:39 PM) nvm.. the problem solved. For those who are having the same problem with me, you can just download this KillFlash.10.exe and run it. It works well. Kudos, to the programmer for this program. i also have the same prob.. thanks bro...
Card PM	Report Top Like Quote Reply

muMOmin7	Dec 4 2008, 03:43 PM Show posts by this member only \| Post #32
New Member Newbie 1 posts Joined: Dec 2008	owh..everybody... You all seem to have problem removing JambanMu viruses.. I've found the solution~ Just use Combofix and SDFix.. n you're done.. download combofix at http://download.bleepingcomputer.com/sUBs/ComboFix.exe download sdfix at http://sdfix.net/SDFix.exe 1. Run Combofix.exe 2. Just click Yes if any message appears. 3. Then, process of disinfection runs. 4. You can see the progress. It will show the file detected harmful and automatically deleted. 5. Wait until the process finished 6. Restart your computer. 7. Start your computer in Safe Mode[when turning on the computer, press F8 until you're prompted] 8. Choose 'Safe Mode' 9. Windows starts. 10. Unzip SDFix.exe to your desired destination 11. Run RunThis.bat 12. Command Prompt appears..press Y to continue 13. Process of repairing starts. 14. Just wait until it finished. 15. Done!! Restart your computer in normal mode. Your computer has been disinfected by any kind of spyware or viruses!!! [farewell,JambanMu] [Seriously!] TQ.. <credit to BleepingComputer>
Card PM	Report Top Like Quote Reply

cannavaro	Dec 4 2008, 03:52 PM Show posts by this member only \| Post #33
CATTENACIO Senior Member 3,008 posts Joined: Sep 2005 From: T.T.D.I, Bukit Damansara	What the... talk about thread necromancy. This problem has been solved long ago. Congrats on your first post count.
Card PM	Report Top Like Quote Reply

chrisling	Dec 4 2008, 03:53 PM Show posts by this member only \| Post #34
Helper Trainee+ Senior Member 1,684 posts Joined: Nov 2006 From: KL	muMOmin7, 1. This was the thread almost a year ago... 2. You're not allowed to use or ask others to use ComboFix and SDFix without malware fighting helper's supervision. 3. Please edit your post, otherwise I'll make a report to Mod...
Card PM	Report Top Like Quote Reply

« Next Oldest · Technical Support · Next Newest »

Add Reply Options

Change to:

0.0281sec

0.47

5 queries

GZIP Disabled
Time is now: 7th December 2025 - 01:39 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.