Home > Solved Hijack > Solved: Hijack This Log (probably Vundo)

Solved: Hijack This Log (probably Vundo)

Save the output "DDS.txt" Now post back and attach both the Hijackthis log and DDS.txt Quads  800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo also, i got a pop up with a url containing the word sagipsul, should i worry or does this come with my problem? Record Number: 8921 Source Name: Windows Product Activation Time Written: 20071222042458.000000-300 Event Type: warning User: Computer Name: REIJI-MAIGO Event Code: 1011 Message: Your Windows product has not been activated with Microsoft Should I let the scan finish & see if it will delete the infected files before continuing with HiJackThis? http://visu3d.com/solved-hijack/solved-hijack-log-vundo-varient-trojan.html

Jan 2, 2009 #12 kimsland Ex-TechSpotter Posts: 14,524 Yes actually I saw that it looked updated, but that's my standard advice - update first Regarding SAS; you can un-install it now So I downloaded it on a clean PC, saved the file onto a flash drive and then saved it to the infected PC. The home edition is freeware for noncommercial users.Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if Click Start, and then follow the instructions. https://www.bleepingcomputer.com/forums/t/93678/vundo/

Yes the files I mentioned cannot be trusted at all if any back-ups made that use these. Sorry I don't have the file date, the user was very impatient and wanted his laptop back. Please reply to this thread.

  1. Me Too0 Last Comment Replies 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 4:28PM • Permalink My computer is infected
  2. After completing the tasks that you recommended on HijackThis, I ran the log again -- attached is this file as well.
  3. Next: Now please run the installer for AVG 8.5: Install >> Activate your Internet connection >> Check for any new updates >> Carry Out a Complete Scan.
  4. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. 0 LVL 1 Overall:
  5. There is then also a link on that site "Logfile of Hijackthis...." (just below the Box near to where the "analyze" button is.
  6. In this case it looks like the Vundo.H  variant,  Norton pulls up all the registry entries to do with Vundo even if some don't exist.
  7. To activate Windows, use the Product Activation Wizard.
  8. Run Malwarebytes, Update it's definitions, then Run a Full Scan.
  9. GRAND SLAM APPRECIATION It didn't =( , and i don't know what could be the problem .
  10. Or if that does not work, would it work if I were to use the new hard drive to backup the files and then reconnect the drive after reformat?As I mentioned

Do not start a new topic. Would you say a regular reformat of my C partition be good enough to clean the virus off the system if I delete all instances of the extentions you listed from Krauss A 1792 U.S. Did we mention that it's free.

Now i just run Norton AV and it found these threats File name C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. The program appears to install, but will not load. I would counsel you to disconnect this PC from the Internet immediately.

Give the R.P. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Meaning if I do make a fresh install then plug in my hard drive I'd probably get infected again? Click Yes.

These backups are important in case we need to restore any 'fixed' entry(s) later.To do this:Click My Computer, then C:\Right click in the right-hand panel.In the menu that opens, click New>Folder.That Join the community here, it only takes a minute. The fixes are specific to your problem and should only be used for this issue on this machine!. Many people stated that the virus simply copies itself back into the computer after an anti virus has wiped it, but I haven't seen it yet.

Mammuthus Hibernian Scouserus, member of ASAP and UNITE. have a peek at these guys That is a rootkit which has been around for several months now. Don't keep going on. 2. It will scan and the log should open in notepad 6 - Status Check Please reply with 1.

Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 6:42PM • Permalink Ok, It looks like you have some of Here is a new link to the hijackthis log file anylized, after i renamed the hijackthis exe file http://www.hijackthis.de/logfiles/f7070d6abdf76c22aade5d81915bac39.html 0 LVL 1 Overall: Level 1 Message Author Comment by:sisiliano ID: Back to top #4 Dakeyras Dakeyras Anti-Malware Mammoth Trusted Malware Techs 1,108 posts Gender:Male Location:The Tundra Posted 18 May 2009 - 07:32 AM Hi Thank you for replying, and I am check over here Record Number: 8917 Source Name: Windows Product Activation Time Written: 20071222032458.000000-300 Event Type: warning User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping

Close HiJackThis. Before I ran the tool, I made sure that the infected PC was not connected to the Internet, as per Symantec's instructions. When completed, it will prompt that it will reboot your computer, click OK.

Thanks for introducing me to HijackThis, etc.

Attempting to get myself to post something you want to read because you do not like my advice just will not wash at all, if this was one of my own Mit Hilfe dieser automatischen Auswertung soll der Benutzer bei der Auswertung unterstützt werden. Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo Back to top #11 Dakeyras Dakeyras Anti-Malware Mammoth Trusted Malware Techs 1,108 posts Gender:Male Location:The Tundra Posted 19 May 2009 - 10:52 AM Hi So this is Virut?Aye it is most

CPU is running +50% constantly. floplot Guru Norton Fighter25 Reg: 11-Apr-2009 Posts: 22,083 Solutions: 481 Kudos: 3,452 Kudos0 Re: Help with Vundo Trojan Posted: 03-Feb-2010 | 9:56AM • Permalink Hello 800midori19 Thanks for coming back and There are a bunch of files in the Malwarebytes Quarantine...is it safe to delete these? http://visu3d.com/solved-hijack/solved-hijack-this-please.html Double-click mbam-setup.exe and follow the prompts to install the program.

Now put a tick by DELETE ON REBOOT. I will update... It is important to note this, as a clean looking HijackThis is not always a sign your system is clean. It looks like natulevo.dll and other malware are still infecting the PC.

if anything else is need please let me know Imma follow the very thorough instructions first Jan 1, 2009 #1 BlkHeartWolf TS Rookie Posts: 151 Right Click on MyComputer icon Have it fix anything it finds. Flash_Disinfector FOR XP: Please download Flash_Disinfector and save it to your desktop.Double click to run it.You will be prompted to plug in your flash drive. My problem that I stated last post is that both the system drive and storage drive are on the same hard drive.

I have bad news I'm afraid One or more of the identified infections is a severe Polymorphic File Infector This allows hackers to remotely control your computer, steal critical system information Wird eine Abweichung festgestellt, so wird diese in einem Protokoll (Logfile) angezeigt. Edit: Ran a full AVG scan minutes after and it found nothing. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

The virus alert is constant on my desktop and multiple attempts to remove with Symantec's removal tool have failed. Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 9:48PM • Permalink OK, will let it finish scanning. Any problems encountered and or any further symptoms?A new HijackThis Log. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

Please continue to review my answers until I tell you your machine is clear. My problem that I stated last post is that both the system drive and storage drive are on the same hard drive.