Home > Solved Hjt > Solved: HJT & Vundo

Solved: HJT & Vundo

Some variants of Win32/Vundo, such as Trojan:Win32/Vundo.KO and Trojan:Win32/Vundo.gen!AJ, are dropped by variants of the Win32/Prolaco family, such as Worm:Win32/Prolaco.gen!C, which are themselves dropped by variants of Virus:Win32/Prolaco, such as Virus:Win32/Prolaco.AW, Virus:Win32/Prolaco.AP and Virus:Win32/Prolaco.AR. Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 11:21AM • Permalink Hi The reason on the second Malwarebytes scan Can someone please help? Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64C312FF-E16D-4BDE-880A-6294D4687378}\ deleted successfully.

Thank you, Jason Alan Graves jasonalangravesJanuary 23rd, 2007, 01:22 AMHello, I just wanted to repost that workaround that allows Spyware Doctor 4 and ZoneAlarm Internet Security Suite 7 to operate together. Here is the log from Malwarebytes' Malwarebytes' Anti-Malware 1.31 Database version: 1533 Windows 5.1.2600 Service Pack 3 12/22/2008 4:18:04 PM mbam-log-2008-12-22 (16-18-04).txt Scan type: Quick Scan Objects scanned: 55057 Time elapsed: Virtumonde is a spyware application that regenerates itself each time you try to terminate the process and remove its files. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Be sure you don't miss any. I did a full system scan using Norton Internet Security full in Safe Mode.

ems25, May 28, 2006 #8 khazars Joined: Feb 15, 2004 Messages: 12,302 It's jsut a clena up and you should use these tools regularly! Entering safe mode after attempting to use HijackThis results in a true blue screen of death, which cannot be recovered from without either restoring the deleted safe mode registry keys, or Vundo may cause webpages to fail to load after sessions of browsing and present a blank page in the browser instead of the webpage. They often use multiple components of the family all working at once.

Vundo may attempt to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager, registry editor, and msconfig, thereby preventing the system from Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. And this configuration works. http://www.techsupportforum.com/forums/f100/solved-problem-trojan-vundo-fnq-and-trojan-js-injector-295818.html C:\Program Files\Windows Media Player\wmpnetwk.exe moved successfully. [Registry - Safe List] Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

I did the checks that you recommended on HijackThis and ran DDS after disabling NIS auto protect. In the Display Properties Control Panel, the background and screensaver tabs are missing because their "Hide" values in the Registry were changed to 1. Edited by JON B, 23 December 2008 - 12:44 AM. 0 Page 1 of 2 1 2 Next Back to Virus, Spyware, Malware Removal · Next Unread Topic → Similar Topics Close any open browsers. 2.

  1. Before I did the scan, I updated the virus definitions and disabled System Restore as Symantec recommends here: http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=3 The scan discovered the Trojan Vundo but could not completely remove it.
  2. When you go into the Malwarebytes Programs folder  what files are missing??  here is a screenshot from my PC to cross reference Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0
  3. I use Bit Defender as my antivirus and firewall.
  4. Ive got SUPERAntiSpy running now and it's finding all kinds of stuff.  I wll also download Hijackthis....
  5. It will create a folder named OTScanIt2 on your desktop.Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  6. Try one of these and maybe they can offer better advice and removal...
  7. I was unable to follow step 2 because it could not install the Panda software.
  8. Once it's done scanning, click the Remove Vundo button.

This spyware that is in your PC has a rootkit involved and neither the ZA or the SpywareDoctor are equipped to handle rootkits properly. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. =============================================== 1. There are a bunch of files in the Malwarebytes Quarantine...is it safe to delete these?

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38e9a8a2-6c5a-4e2a-8108-e2df1e41a415}\ not found. File Attachment: hijackthis2.log mbam-log-2010-02-02 (01-24-58).txt mbam-log-2010-02-02 (08-58-33).txt delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 8:40AM • Permalink Hang This installed with ZoneAlarm ISS 7, actually, not ZAISS 7 but rather the other piece of software I bought along with ZA, which was the "Anonymous Surfing" program by Anonymizer. scan completed successfully hidden files: 0 ***************************************************** Please click here if you are not redirected within a few seconds.

Vundo may cause many websites to be inaccessible. Thanks a million for your help!  I will reboot and then reconnect to the Internet. (I've had it disconnected on the infected machine during this process.) Yes, I had an older http://www.spywarepoint.com/forums/t27129-some-kind-of-unremoveable-spyware.html Oddly enough, I accidently clicked the download link for the removal utility and the NOD32 web scanner jumped into action and quarantined the file. The loading sequence for ZAISS 7 may have been delayed long enough for SD 4 to load it's conflicting boot components but I assure you, all componenets of ZAISS 7 do

Installing the program on another computer and copying the executable into the infected computer's Malwarebytes' Anti-Malware directory usually works too. All I know is this was a fresh install of XP, this was not present before I installed ZoneAlarm, but is after and ZAISS7 can't, or does not want to remove VundoFix V4.2.74 Checking Java version...

I am going to post the Malwarebytes log and the nthe HJT log.Malwarebytes' Anti-Malware 1.31Database version: 1526Windows 5.1.2600 Service Pack 312/20/2008 5:43:23 PMmbam-log-2008-12-20 (17-43-23).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 163633Time elapsed:

Win32/Vundo might also attempt to shut down the McAfee Common Framework service. I just tried that tool, but, in mid-scan, it causes XP to give me the blue screen of death. The program will then begin downloading the latest definition files. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging

The desktop background may be changed to the image of an installation window saying there is adware on the computer. Variants/Versions: Release Date: 2003 How to remove Virtumundo> download VundoFix.exe to your C:\. Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 9:48PM • Permalink OK, will let it finish scanning. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.

Username or email: I've forgotten my password Forum Password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Community Forum The program appears to install, but will not load. Infected DLLs or DAT files (with randomized names such as "__c00369AB.dat" and "slmnvnk.dll") will be present in the Windows/System32 folder and references to the DLLs will be found in the user's C:\WINDOWS\unexugesavad.dll moved successfully.

You will receive a message saying vundofix will close and re-open in a minute or less. Oldsod Message Edited by Oldsod on 01-22-2007 06:54 PM jasonalangravesJanuary 22nd, 2007, 08:54 PMHello, In response to your message, SD4 and ZAISS7 did give me the BSOD, and when it did scanning hidden autostart entries ... LoadLibrary failed for C:\WINDOWS\unexugesavad.dll C:\WINDOWS\unexugesavad.dll NOT unregistered.