Computer Support Forum

Trojan vundo, updates keep shutting off, I am computer illerate

Question: Trojan vundo, updates keep shutting off, I am computer illerate

My virus scan keeps picking up a trojan vundo. It deletes it but it keeps coming back. I am at my witts end. This of course was after my teenage stepdaughter used the computer. I have ads popping up constantly, my computer is ridicously slow, my automatic updates keep turing off on their own, my computer is a mess. I just don't know where to begin, as I am completely a NOVICE when it comes to computers. Any help and advice would be GREATLY appreciated.
Thanks

Relevance 100%
Preferred Solution: Trojan vundo, updates keep shutting off, I am computer illerate

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Trojan vundo, updates keep shutting off, I am computer illerate

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

1 more replies
Relevance 75.98%

Hello...It seems as though after allowing my teenage stepdaugther to use my computer it is now a wreck. My virus scans are picking up the trojan vundo, but not fixing it.
Here are the symptoms:
VERY slow running.
Ads popping up all the time.
Windows automatic update shuts itself off constantly.
Some webpages will not display even after refreshing numersous times.

I am VERY computer illerate, and any help step by step that can be offered would be appreciated immensley.

I am running Windows XP.

Thanks
 

More replies
Relevance 68.06%

I have a 12 year old son who's computer is running like a "TORTOISE!" Everytime he turns his computer on, it takes at least 5 or more minutes to just get to the picture on the desktop. I do use my sons computer, and have MSN Messenger on it. I also sometimes go into MSN and Yahoo Chat also. I do have the McAfee Security System on here, and do weekly virus scans. Things have popped up that have not been able to be deleted, but just quarantined. Now, everytime the computer is turned on, this pops up.....C\ProgramFiles\Messenger\msmsgs.exe. It asks to bind to a different port everytime that the computer is turned on. What is this, and can you HELP????????????
Thank you kindly in advance!
 

Answer:Computer Illerate Mom Needs HELP!!!!!

6 more replies
Relevance 66.83%

Computer real sluggish, if not totally froozen.
 
We are talking, at a halt 85% wasted time.
 
Here I am. I guess it is time to learn.
 
Can anyone HELP me through this process?

Answer:computer illerate - Vista 32bit

Look in task manager and show all processes. Sort by CPU usage. See if a program is hogging all the cpu?

2 more replies
Relevance 63.55%

I have used Lavasoft ad-aware and Norton, both are showing Trojan.win32 and vundo. I get pop-ups when in active many from ip 88.88.88.88 and many from expired ebay auctions. pop-ups are only when I am inactive and browser is open. No pop-ups when browser is closed. I can't use windows update and apps that need internet connection can't access web.

Using Anti-spy Info I have 6 dll, 4 of which are browser extensions all rated at72 - 99 threat level and are recording key strokes.

I have exported txt files from panda and from norton if they will help.
Dss generated main.txt but not the extra.txt

Deckard's System Scanner v20071014.68
Run by RAC on 2008-06-12 20:00:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as RAC.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:58 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lav... Read more

Answer:trojan, vundo, pop-ups, no updates

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please let us know if you use dial-up for internet access. Thanks.

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity... Read more

8 more replies
Relevance 61.91%

Hello, I'm a newbie to the site and have been doing some reading and trying to orient myself. I'll start with the basics. I most likely have the Trojan Vundo and or malware, and am having a bear of a time removing. - I've installed the following: Eusing registry cleaner Ad-Aware Spybot S & D - but I am unable to install, notice comes up and says "not able to connect" McAfee Stinger HijackThis Main problems are: Not able to enable Automatic Updates in Windows XP, not matter what avenue I use, i.e. control panel and manually change settings or services.msc and try to enable from there. Also, access to most websites is either SLOW or nonexistant - especially if it has anything to do with security. I'm doing most everything in SAFE MODE WITH NETWORKING, and have no problems, but I've noticed that after I do several scans with the various progams, my online capabilities become slow and limited. My regular McAfee will find several trojans and quarentine all but one, a BrowserHelper that I can't find. On a side note, while in services.msc, I noticed several other applications that were disabled. Thinking that if I changed these it would effect the Automatic updates, to no avail. Can changing these settings effect whether or not I can install Spybot S & D? Items changed were NetDDE etc... Read more

Answer:Trojan Vundo, Malware, And No Automatic Updates - Help!

Hello Strohs14 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

3 more replies
Relevance 59.86%

i keep getting this message. i have already disabled automatic updates through group policy editor.

Answer:updates preventing my computer from shutting down

With this batch script you can automatically close apps not responding at shutdown in windows. Please execute the batch script as a administrator.

1 more replies
Relevance 59.86%

since buying my new laptop, i'v had it shut down on me on numerous occasions with no warning, whilst in use.it go'es first to shutdown window & then to configering updates then shuts down.on restart it go'es into the configering updates phase again taking 10to15 minutes to boot up.any suggestions on how to over come this would be greatfully recieved.

Answer:updates shutting computer[vista] down.

Can you check to see if you have KB937287 click here update?

7 more replies
Relevance 59.04%

I just let Windows install todays updates. Everything except Skype (this included an NVidia driver). When the computer started up after the Windows update (with the "don't shut off computer completing updates. etc.) message, the computer shut off. First I thought it was part of the update (and machine would restart) but it was not. Something broke.

I restarted and as soon as hit windows start screen it shut off again. I restarted again and got the "Windows Did Not Start - repair message". I said "run startup repair". Windows shut off during that process. I restarted again, and was able to run the repair process. But once it finished and booted into Windows it shut off again. I was finally able to start Windows so went to command prompt and started to run SFC /Scannow. It shut off during this test.

lastly I thought maybe its an overheat issue. I booted into Windows Safe mode and started the program HWMonitor. It showed my CPU temps at 39 degrees C. Then it shut off again. At this rate I'm going to wear out the on/off button.

Any ideas?

Answer:After todays (7/19) Windows updates my computer keeps shutting off

Try a System Restore yet? Do it in Safe Mode (or repair disk/install DVD), hopefully no restarts to interfere the restore. Then install updates one by one (restart after each and wait a bit to make sure it is alright), Nvidia as last.

You can also try just downgrading GPU drivers first, and restore if it does restart like that.

3 more replies
Relevance 59.04%

Hi,I was redirected to this forum by Superbird after posting this topic in the Am I infected? forum. Would appreciate some help to make sure my computer is clean.I noticed my machine slowing down, so I ran MBAM. It removed Trojan.Agent. On a later scan, MBAM then found Trojan.Vundo.H.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: dkblmn.dll -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\dkblmn.dll (Trojan.Vundo.H) -> Delete on reboot.After rebooting, dkblmn.dll wasn't in c:\windows any more. It was in c:\avenger\ (I think MBAM put it there). I deleted dkblmn.dll. After a few hours, I had a look in c:\windows and dkblmn.dll was there again. I checked the registry and the registry entry that MBAM said it deleted (LSA/Notification Packages) was there. I don't notice any bad symptoms on my machine but the reappearance of dkblmn.dll makes me think something is lurking in here.I had a read on this forum that I can send suspicious files to http://www.virustotal.com/. I submitted c:\WINDOWS\dkblmn.dll and several antiviruses said that dkblmn.dll is infected.Antivirus Version Last Update Resulta-squared 4.0.0.101 2009.05.16 Trojan.Win32.Hiloti!IKAhnLab-V3 5.0.0.2 2009.05.15 -AntiVir 7.9.0.168 2009.05.15 TR/Agent.cfuyAntiy-AVL 2.0.3.1 2009.05.... Read more

Answer:Making sure computer is clean after Trojan.Agent and Trojan.Vundo

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

9 more replies
Relevance 59.04%

My computer is an XP home edition I believe, and it asked me to install some important updated. After doing so, it told me that I needed to restart or shut down my system in order for the updates to take place. When I tired doing so, It gets stuck. I get to a blue "log-off" screen, and it says 6 out of 14 updates are being installed... do not turn off your computer. But it stays like that for hours, and never updates, so I end up having to shut off my computer by hitting the power button. :/

I tried doing a system restore, but those updates have to be installed first. Before it even tries to restore, it deals with the updates. I'm not too sure what to do. Is there any way to bypass these updates, or get them installed some other way? I'd really apriciate the help. Thanks.
 

Answer:Updates for my computer are preventing me from shutting down my computer

Is this a new system? When you go to updates have you validated your copy of XP with Microsoft? Once you do that and make sure your settings are correct in your browser for downloads it does take time but not hours. Are you running firewalls, Zone Alarm etc., anything that would block the updates? Jazz
 

3 more replies
Relevance 58.63%

Hi Guys,

I have a serious problem. Whenever I go to the Microsoft web site and attempt to download updates my computer shuts down. Why is this?
I have Windows XP Professional (SP3)
Could somebody please assist me in solving this problem?

Thanks.

Compton

Answer:Computer Shutting Down During Attempts To Install Critical Updates

In Windows XP, the default setting is for the computer to reboot automatically when a fatal error occurs. An alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message (which is also known as the Blue Screen Of Death (BSOD)).

To change the recovery settings and Disable Automatic Rebooting, right-click on My Computer and select Properties > Advanced tab. Under "Startup and Recovery", click on the "Settings" button and go to "System failure". Make sure that "Write an event to the system log" is checked and that "Automatically restart" is unchecked. Click "OK" and reboot for the changes to take effect.

This will not cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with information displayed that will allow you to better trace your problem. Next time your computer crashes copy down the entire error message (including all the numbers) and post it back here.

1 more replies
Relevance 58.63%

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

Answer:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

12 more replies
Relevance 57.81%

I have been trying to rid my home computer of these virus/trojans, for over a week now. I have run the following scans - Norton 2007, McAfee 2007, Windows Defender, Windows Live One Care, Spybot, Adaware, SUPERAntiSpyware, Bit Defender, FixVundo and VundoFix all in normal and safe mode. As recommended by Norton, I have turned the system restore off. All of these scans have turned up something, which the program has been deleted. However, Norton, Windows Live One Care, Windows Defender, and SUPERAntiSpyware continue to provide notices of the infections, and despite being deleted they reappear!
So I am asking for anyone's help on removing these nuisances. I performed a Hijackthis scan and the results are below. I hope someone can look this over and suggest further steps.
Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:35:48 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\V... Read more

Answer:Trojan.Downloader, Adware.Vundo Variant, Trojan.Vundo and Win32/Fotomoto Infections

Anyone have any suggestions? I'm thinking of just backing up my data and reformatting my hard drive but this is my last resort obviously. Please help...
 

1 more replies
Relevance 56.58%

Here's the Hijack This! Log and Malewarebytes following it:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:57 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Edit by chaslang: Inline HJT & MBAM logs removed. READ & RUN ME sticky not followed.
 

Answer:Trojan.Vundo.H, Trojan.Vundo, and Trojan.Agent keep coming back

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 55.76%

I'm really new to this, so I'll try to provide as much information as possible.

Yesterday the "Rapid Antivirus" malware showed up out of the blue, and completely messed with my computer. I forgot which program got rid of it, but since then I have downloaded and used:

Malwarebytes
Spybot S&D
and the antivirus program I had originally (but is not catching the vundo) is AVG

Everytime I scan with Malwarebytes, there is a mixture of Trojan.Vundo and Malware.Trace infections in my registry keys, and Trojan.Agents in random files in my C drive (for instance, C:\WINDOWS\system32\senekalog.dat came up in my most recent scan)

I also keep getting "blank" popups, which I'm guessing is due to the vundo... I see the blank screen of a popup briefly, before it disappears. However, they are still listed when I alt+tab, it just won't let me open them.







My most recent log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:28 PM, on 1/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\... Read more

Answer:A (Vundo) Trojan on my computer...

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 55.76%

My computer has trojan.vundo.h. I have gotten rid of it but it comes back.

Answer:My computer has trojan.vundo.h. How do I get rid of it?

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/pa... Read more

1 more replies
Relevance 55.76%

I have ran avg which does not detect virus. And I have ran Malwarebytes and it does detect virus but it wont remove it. It will ask to reboot and upon reboot it will not remove its still there. What can I do to get rid of this virus? Thankyou...

----------MALWAREBYTES LOG-------------
Malwarebytes' Anti-Malware 1.31
Database version: 1610
Windows 5.1.2600 Service Pack 3

1/7/2009 10:42:55 AM
mbam-log-2009-01-07 (10-42-55).txt

Scan type: Quick Scan
Objects scanned: 55104
Time elapsed: 20 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\yemokiyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\bihidilo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\lapefafi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\zahasila.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tojewote.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\radimati.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b7c7ad6-7db1-450f-9a7c-58500f9f69ad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b7c7ad6-7db1-450f-9a7... Read more

More replies
Relevance 55.76%

Please help me.
My Symantec Anti Virus has detected the Trojan.Vundo on my computer.
I keep getting all these pop up too.
I am using Windows XP.
 

Answer:Trojan.Vundo is on my computer

Bump
 

1 more replies
Relevance 55.76%

hi,

i am trying to fix my computer. it is going slow and pop ups keep coming up. I ran mcafee virus scan and it found artemis which it said it quarantined. but it still said it had two remaining threats that said Scan After Restart named Vundo.gen.ab I looked at the forums here to see if i could get any insight and i went to websites to download malwarebytes or superantispyare or hijack this, but the computer wont allow me to download them. no download box comes up. ive tried different websites with different mirrors and it still wont work to download the programs. it doesnt allow me to save the target as... either because nothing will pop up. when i try to look at the internet options the same thing happens... no box comes up. PLEASE HELP!!!
Thank you!!!

Answer:need help with computer!!! trojan vundo.gen.ab!

Run this application first, then try mbamPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again=========================Also try thisPlease download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.--------------------------------------Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir% ... Read more

2 more replies
Relevance 55.76%

My computer has a trojan.vundo.h virus that I can't get rid of. I have tried removing it, but it comes back.Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

Answer:My computer has trojan.vundo.h. How do I get rid of it?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

1 more replies
Relevance 55.76%

I seem to have picked up a virus, trojan.vundo. No matter how many times it is repaired/removed by my spyware programs, it seems to keep returning. Very annoying thing.
Can you please help me
Cheers David

Now included is HJT log
No results picked up by vundofix.exe
and SUPERAntiSpyware log

Logfile of HijackThis v1.99.1
Scan saved at 6:00:34 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Commo... Read more

Answer:Myt computer cant get rid of trojan.vundo

16 more replies
Relevance 55.76%

I have Windows XP on my computer. Some time ago Norton Antivirus detected a virus Trojan.Vundo and I have spent countless hours trying to get rid of it. The virus detection box is always on the screen and I have to drag it to a corner in order to be able to see the monitor. This seems to slow down the computer to a standstill as the cpu usage is quite often at 100%. A reboot speeds things up gut everything always slows way down again. I have included the hjt log.
Logfile of HijackThis v1.99.1
Scan saved at 9:06:08 PM, on 02/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\window... Read more

Answer:Can't rid my computer of Trojan.Vundo

9 more replies
Relevance 55.76%

My computer is infected with the virus Trojan.Vundo. When I first realized this I immediately disconnected the internet. Then, from my other computer, I downloaded the programs HiJack this and combofix. I copied them onto a CD and put them on the infected computer. The log reports are below... My computer is still infected with the virus, and I can't do anything about it. Help!!! I also ran multiple scans using NAV and Avast before all of this, and deleted some of the infected files. It didn't help. What should I do next?

ComboFix 07-12-22.1 - ANI 2007-12-21 22:56:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.238 [GMT -5:00]
Running from: C:\Documents and Settings\ANI\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\xknaduha
C:\Program Files\xknaduha\vavuzsps.dll
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\System32\jkkli.dll
C:\WINDOWS\system32\juvprpba
C:\WINDOWS\system32\juvprpba\bg1.gif
C:\WINDOWS\system32\juvprpba\bgtop.gif
C:\WINDOWS\system32\juvprpba\bottom1.gif
C:\WINDOWS\system32\juvprpba\essentials.gif
C:\WINDOWS\system32\juvprpba\icon1.ico
C:\WINDOWS\system32\juvprpba\install1.gif
C:\WINDOWS\system32\juvprpba\juvprpba1.exe
C:\WINDOWS\system32\juv... Read more

Answer:My computer has Trojan.Vundo, and I can't get rid of it!

Bump!
 

1 more replies
Relevance 54.94%

Hi, web browsing has recently become a pain (pop ups) my computer is running with some kinks (occasionally if i open a simple folder i will get a not responding prompt) and my expired norton firewall has told me vundo is trying to get in ( something already has) I ran spybot and it found some malware and trojans but each start up it tells me something is trying to change my registry which i deny

here is my log:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqls... Read more

Answer:I have the nasty Vundo Trojan my computer says

Howdy there WithoutLove

Please follow our instructions for malware removal help which can be found here - NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through the necessary steps post back with the reuslting logs so we can continue with the fix

2 more replies
Relevance 54.94%

DDS (Ver_09-03-16.01) - NTFSx86
Run by 03318803 at 11:46:46.95 on Thu 04/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.182 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Cisco Security Agent *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avga... Read more

Answer:Vundo Trojan infected computer trying to fix it.

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

2 more replies
Relevance 54.94%

Hello, I recently downloaded a batch of zip password cracker programs and seem to have caught multiple trojans/viruses from some of them. I'm running Windows Vista Home Premium with McAfee v8. McAfee found hundreds of entries next time I turned on my computer and deleted most of them. I uninstalled all the zip password recovery programs, but my computer remained slow --VERY slow: it would take about 30 minutes to get to the desktop after logging in. My only taskbar start-up item is McAfee. After that, the computer would take an average of about 5 minutes to open up any program. I also could not open any folders. I ran Spybot S&D and found a lot of infections from Virtumonde and a few others and deleted them. Next time I rebooted McAfee found a few Vundo infections but could not delete all of them. I did some research and found that McAfee alone cannot get rid of Vundo. (See http://vil.nai.com/vil/Content/v_127690.htm --"Removal" section.) I tried once again and found I could not run On Demand Scan any more, but Spybot found more entries of Virtumonde even though it had scanned and deleted all entries of it the day before. I followed the instructinos on the McAfee website to find that even after suspending explorer.exe, winlogon.exe and all instances of rundll32.exe McAfee ODS still did not run. I messed around and found that when I also suspend VsTskMgr.exe (a McAfee process) and SLsvc.exe ODS scan works. It found one entry that it deleted and another one with t... Read more

Answer:Vundo trojan disabled my computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan: * Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.com DDS.scr DDS.pif * Double click on the DDS icon, allow it t... Read more

2 more replies
Relevance 54.94%

Hey can som1 help me, i have a nasty, bad trojan Vundo H infection on my computer. Here is tha MBAM logfile:

Malwarebytes' Anti-Malware 1.38
Database version: 2380
Windows 5.1.2600 Service Pack 2

7/7/2009 9:04:09 AM
mbam-log-2009-07-07 (09-04-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154351
Time elapsed: 1 hour(s), 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{570f61fb-d9db-4160-bba4-6226bef5e6df} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qojazwnv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{570f61fb-d9db-4160-bba4-6226bef5e6df} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\mltodlx.dll (Trojan.Vundo.H) -> Delete on reboot.
And here is the hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:40 AM, on 7/7/2009
Platform: Windows XP SP2 (WinNT 5.01.... Read more

More replies
Relevance 54.94%

Hi there,

My computer has the trojan vundo virus and possibly others. Had run online scans and was not able to clear it out. I have norton antivirus and it scanned today showing this virus in over 3000 files. Can anyone help?????

Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:24 PM, on 9/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\CTRegRun.EXE
C:\Program Files\Creative\Product Registration\English\InetReg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files... Read more

Answer:Trojan Vundo has my computer hostage. Please help!!!!!!

10 more replies
Relevance 54.94%

I can't seem to get rid of this thing. I need my computer for work and none of the removal tools seem to help. Can anyone help?

Here is my hijack log. I will be forever indebted to anyone who can help me with this problem!

Logfile of HijackThis v1.99.1
Scan saved at 10:47:02 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\NavNT\defwatch.exe
C:\Documents and Settings\Owner\Application Data\tmp10.tmp.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spider.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLO... Read more

Answer:Help... trojan.vundo has my computer hostage!!!

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next ... Read more

1 more replies
Relevance 54.94%

Hi,My computer was infected with the Trojan Vundo malware 2 weeks ago. It was a particularly hard to remove. It basically prevented any useful programs from running. I had to system restore the computer in safe mode to an earlier time and then ram MBAM to remove it. Computer was working fine up until a few days ago, it appears the malware has returned but I was able to use MBAM to remove it. I am quite a novice at this stuff, I am not sure if that fixed everything. I feel that my computer is still slow. Can you please check out my HiJack log? Please let me know if I need to do more. Thanks. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:40:37 PM, on 11/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\eHome\... Read more

Answer:Computer infected with Trojan Vundo

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 54.94%

i got a message in my computer that says that i got a virus named trojan.vundo. i can not get rid of it. i already scanned my computer, my norton antivirus detects the virus but the action taken is "unable to repair" i need help please!!!

how can i get rid of this virus.

Answer:Removing Trojan.vundo From My Computer

I suggest you read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.When you have done that, post a log in the HijackThis Forum for assistance by the experts.

1 more replies
Relevance 54.94%

Hello, I hope someone can help.Background on the issue:Last week my computer had two back-to-back bouts with the Vundo Trojan. Using Malwarebytes and Ad-Aware I was able to clean my system, but my computer has been acting unstable ever since with frequent crashes and networking problems and I now have the following issues:1.) The computers primary NTFS drive has switch to RAW.2.) Windows XP checkdisk and diskdefragmenter have been disabled.3.) My browser (both Firefox and IE.6.0) are painfully slow to load despite the router signal being excellent.4.) Even after running Maywarebyles and Norton AV (and having no bad results), my Google searches are still being redirected to advertisements 15% of the time.Drive configuration:I have a primary drive that has a RAID 0 Configuration with two partitions C: and E:Steps taken:1.) I removed all java applications and p2p programs.2.) I tried to do a fresh install of Windows XP OS, and got the BSOD so I did not continue.3.) I ran chkdsk from the command prompt. [Chkntfs c:] as well as e: and I get a message both that the file system is RAW and the file system is dirty. When I try to run[ chkdsk /f/r C: or E:] I get a message that the drive is in use and cannot continue, or I get a prompt to check on restart where I get yet another warning that it cannot perform autocheck on a file system that is RAW.4.) I ran testdisk.6.10, but I wasn?t sure what I was doing and it didn?t seem to find anything anyway.Advice?This is my primary drive... Read more

Answer:Unstable computer after Vundo Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 54.94%

A computer at my job has bee ninfected.

HJT log to follow:

any and all help is GREATLY appreciated!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:55:22 AM, on 12/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Smtray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\WinAble\winable.exe
C:\Documents and Settings\u132\Start Menu\Programs\Startup\Printkey.exe
C:\Documents and Settings\u132\Desktop\SI.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Brinkley, Morgan
O2 - BHO: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C... Read more

Answer:Trojan.vundo on work computer

16 more replies
Relevance 54.53%

Malwarebytes found and removed this Trojan. The puter crashes when playing online games, youtube, even espn site. It has shut down and reboot before the GAMER Scan can complete it's task. I am open for suggestions on how to complete this scan. Thank You for any help you can give me.
DDS (Ver_10-10-05.01) - NTFSx86
Run by HP_Administrator at 10:22:00.73 on Fri 10/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.438 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 101008-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Progr... Read more

Answer:had vundo trojan, now computer crashes and reboots

Finally got the GMER scan done.....8 tries
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-09 13:57:58
Windows 5.1.2600 Service Pack 3
Running: 9oege4lt.exe; Driver: C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\kwwyypod.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB63C06B8]
SSDT 86900008 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB63C0574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB63C0A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB63C014C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB63C064E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB63C008C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB63C00F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB63C076E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB63C072E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB63C08AE]

---- Devices - GMER 1.0.15 --... Read more

1 more replies
Relevance 54.53%

Registry Keys are infected and I think the malware or virus is named Zehogeyeve
I was getting popups in internet Exployer 7, ran Malware and removed them but they keeps showing up! Now my
system is corrupted and I can't make dns entry for a new connection! I called Internet Explorer Technical help and they said I have to call
Gateway and have them restore my computer. I called Gateway and they wanted to charge me in the HUNDREDS to help me restore my system.
I can't do a system restore and I use a wireless linksys that is installed but can't find the internet because I can't put in the ip addresses for it to find the internet.
I also notice other people were on my linksys profile 3 people to be exact I don't know who these people are. I'm at a loss and brain dead trying to find a solution.
I've searched and searched for solutions but none have worked I did repair my Winsock but I'm still having the same problem. Also I can't get into my firewall and all my support options
don't work either. I would GREATLY APPRECIATE ANY HELP. I've been layed off from my job of 24 years and use my computer to look for work online.

Sincerely
muchmalware

Answer:Trojan Vundo.H Gateway desktop Computer

Let's take a look.The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all o... Read more

1 more replies
Relevance 54.53%

Hello, I have a windows XP and I have this trojan virus on my computer.I've had this virus on my computer for a long time and I never realized it was a serious virus unitl I started to have a lot of issues with my computer. I have no idea how to get rid of it. I used Malware bytes to detect my computer and I have 3 trojan vundo h in my registry key and 1 in a file. When I reboot my computer the virus will still be on my computer. Can someone please help me

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/5/2010 5:41:23 AM
mbam-log-2010-09-05 (05-41-23).txt
Scan type: Quick scan
Objects scanned: 167282
Time elapsed: 26 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffe41b56-ff8e-4023-a57c-0a94ec28ebf8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eimwmwnt (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ffe41b56-ff8e-4023-a57c-0a94ec28ebf8} (Trojan.Vundo.H) -> Delete on reboot.
Registry Values Infect... Read more

Answer:How do I remove Trojan Vundo H from my computer system?

16 more replies
Relevance 54.53%

Hi there, i had recently gotten a trojan on my computer causing it to make the internet horribly slow and not let some programs work. I had downloaded superantispyware and removed the virus but my internet is still horribly slow and doesn't work like before. When I am playing an online game(legally) it lags horribly and i end up having to disconnect. THe internet works fine on other computers in the wireless network i tested. My computer is a Compaq Presario R3240US . ALso, i keep getting a message on my computer for windows updates saying that it is not enabled. SO i try to enable it(i have mcafee) and it says to go to control panel and turn it on. SO i did that but every time i turn on the computer i still get the same message. Every time i startup the computer i get a warning message that says cannot find dll, an error like that which is where i believe the virus was. I do not mind doing a system recovery, but the problem is for some reason when i place the windows xp cd,, my computer does not recognize it in the startup, and in fact my computer has been having trouble with the cd drive. Please help me, i cannot afford to pay anything to fix my computer. I have my hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:56 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\wi... Read more

Answer:hijackthis log my computer (Vundo.gen.e trojan removal) PLEASE HELP!!

Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help.

Continue here: http://forums.techguy.org/malware-r.../723077-hijackthis-log-my-computer-vundo.html
 

1 more replies
Relevance 54.53%

Hello,

okay heres whats going on with my computer, a couple of days ago my mcafee virus protection software expired because i was using the mcafee antivirus that came with my computer. i have comcast highspeed internet and it also comes free with mcaffee antivirus protection but i was unaware that i was not using the protection that was free with my comcast internet. so for a day or so my computer was not protect. when i was not protected my computer really slowed down and i would get alot of pop ups telling me to click ok to fix this problem and alot of other pop ups to other sites. so then i contacted comcast and got my computer proctect again, scanned it with the mcafee antivirus protection and after it was i got a pop up from mcafee that read "Detection: Vundo (Trojan), Vundo (Trojan) File Path: C:\WINDOWS\system32\vtsqn.dll". mcafee asked me to quarintine or remove the tojan, i tried both but it continued to pop up after restart after restart. i tried to restore my computer to a earlier time but that didnt work either. i was able to access the internet at this time but i was constantly gettin the same pop ups as before but i was becoming worse. i kept trying to use mcafee to remove the trojan but it would work. so i came upon this site through mcafee help forum and i was pointed to this forum for the 5 steps. i competed step one. then i got to step two, i tried to scan my computer using panda free online scan but it told me i was using internet explorer 5.0 ... Read more

Answer:computer is possibly infected by Vundo (Trojan)

sorry for the second post im not sure how to edit.

i ran Deckard's System Scanner (DSS) again, but this time the highjackthis icon was install on the desktop, but i was unable to find the extra.txt log. even when ran the second time i was unable to find it.

like i said i appologize for the second post.
thank you
Grant

7 more replies
Relevance 54.53%

Hi there ....

I believe my computer has been infected by some nasty Vundo Variant Rel trojan/virus.

I am running Windows XP SP2 and I think I got infected while I was surfing on Firefox using Google several days ago.

1. My desktop was completely taken over by some spyware
2. My task manager was disabled
3. Google and other websites cannot be launched from Firefox

After running SuperAntiSpyWare, I managed to recover my desktop to how it was before and my task manager is working fine now. However I cannot surf thru Google on Firefox and many websites wont open in Firefox. Funny enough everything is working perfectly fine in IE.

I have noticed that even after scanning 2 items keep coming back, namely Trojan Varian Rel and Adware Tracking cookie. Although it states that they have been removed and Google is working again, everytime I reboot Google on FF refused to work again.

Could you be kind enough and tell me what should I do to get rid of these viruses?
Thanks in advance for your attention.

P.S. I am currently using McAfee.

Answer:Computer Infected By Vundo Variant Rel Trojan

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

16 more replies
Relevance 54.53%

Symantec has found an instance of the virus name : Trojan.Vundo on a work computer.
File: C:\WINNT\system32\hgghfde.dll
Location: C:\WINNT\system32
Clean failed, Quarantine failed, Access denied.

When I ran HJT I got an application error at the end of the scan, about the tim when the report would pop open. "The instruction at '0x10037b81' referenced memory at '0x00000000". The memory could not be 'read'".
Click OK to terminate the program
Click Cancel to debug the program

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 9:23:14 AM, on 9/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Smtray.exe
C:\WINNT\system32\Promon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\eCopy\Desktop\PCL... Read more

Answer:Trojan.Vundo detected on work computer

6 more replies
Relevance 54.53%

Hello there. I hope you can help me. Recently, my computer is really slow and I am getting constant pop-ups from ads (which most of them seem to be registry cleaner ads). I ran my virus protector and it said that I have Trojan.Vundo which has affected 4 Processes, 7 Files, 1 Service, & 152 Registry Files. It told me to restart my computer so it can be fixed but it doesn't do anything. Once again, please help me if you can. Here is the info you need:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Wendy at 9:37:11.46 on Sat 02/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1269 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7D... Read more

Answer:Trojan.Vundo/Computer Slow & Constant Pop-Ups

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

13 more replies
Relevance 54.53%

Windows XP Home Edition Version 2002 Service Pack 2
HP Genuine Intel(R) CPU

Hello, I am in need of help because I have tried fixing my computer since it has a virus, but I am not sure if it's clean. My computer got infected about 2 weeks ago with trojan.vundo, but my Norton Antivirus detected and removed it. After that my computer ran slow and only allowed me to start on safe mode. I downloaded spybot and it found problems but did not fix them completely. Finally, I found your website and read through some forums which helped me a lot. I dowloaded HijackThis and a logfile was saved. I followed some instructions that were posted on an open thread and downloaded ccleaner and then Combofix. I followed the instructions on how to use ComboFix but I was not successful. When Combofix had finished running, it read that it was preparing a Log Report and I waited many hours and left it there until the next day but nothing was created. I closed the screen and everything seemed to be running normal, but my clock and wallpaper were never changed back to its original setttings. I would appreciate any help on how to fix my computer
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32, on 2009-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost... Read more

More replies
Relevance 54.53%

Hello there. I hope you can help me. Recently, my computer is really slow and I am getting constant pop-ups from ads (which most of them seem to be registry cleaner ads). I ran my virus protector and it said that I have Trojan.Vundo which has affected 4 Processes, 7 Files, 1 Service, & 152 Registry Files. It told me to restart my computer so it can be fixed but it doesn't do anything. Once again, please help me if you can. Here is the info you need:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Wendy at 9:07:52.00 on Sun 02/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1326 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7D... Read more

Answer:Computer Slow & Constant Pop-Ups/Trojan.Vundo

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

2 more replies
Relevance 54.53%

I have Dell Inspiron 530 and running Windows XP Home Edition service pack 3. I suddenly started getting pop ups and my AVG says I have the Trojan Horse Vundo.KE. It was moved to the virus vault but keeps coming back and now I can't even use my computer because of how slow it is running. I have run CCleaner and Spybot but it doesn't help. It took me several tries to even run the GMER scan. Upon start-up on two separate occasions I got Rundll errors. One said c:\windows\system32\zugotike.dll and the other said c:\windows\system32\gasidufa.dll specified module could not be found. I can't really go anywhere online or even use my computer now.
Please help I need my computer!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Margaret at 23:37:51.32 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.816 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlse... Read more

Answer:[SOLVED] Vundo Trojan eating my computer

Howdy there Babineaux586 and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this web page for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

11 more replies
Relevance 54.53%

My hijack file is this...

Logfile of HijackThis v1.99.1
Scan saved at 11:56:00 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies... Read more

Answer:How do i remove trojan.vundo virus from my computer?

Welcome to TSG!

I am going to move your thread to Security.

Here are the instructions you need to do:

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and double click on KillVundo.bat
You will first be presented with a warning.
It should look like this
VundoFix V2.13 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

Click to expand...
At this point press enter one time.
Next you will see:
Type in the file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\awtsq.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file ... Read more

1 more replies
Relevance 54.53%

Hi there, i had recently gotten a trojan on my computer causing it to makethe internet horribly slow and not let some programs work. I had downloaded superantispyware and removed the virus but my internet is still horribly slow and doesn't work like before. Everyime i startup the computer i get a message that says cannot run dll, an error like that. BUt i think te virus has been removed as i dont get messaes from mcafee anymore regarding it. I have my hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:56 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Apoint2K\Apoint.ex... Read more

More replies
Relevance 53.71%

Hello --
I just got a computer that is less than one month old and now i have a few of viruses...i tried installing malwarebytes and also spyware blaster and i have the latest version of symantec antivirus but i still have all of these viruses. My computer is frequently becoming non responsive with firefox and office. Symantec actually detects the viruses and says it has removed them but then after i reboot and run the scan again i find that they have returned. Please help me. I have included a MBAM log and a HJT log below.

I was going to install java 12 but then i figured i would wait and see what you guys think ... please help me. thank you.


Symantec scan results:
Risk
Action
Count
Filename
Threat Type
Status
Current Location
Action Description
Trojan.Awax
Left alone
1​ ssqnhhhb.dll
File
Left alone
c:\windows\system32\
The file was left unchanged.
Packed.Generic.203
Left alone
9​ isfpertu.dll
Heuristics
Left alone
c:\windows\system32\
The file was left unchanged.
Trojan.Metajuan
Partial
3​ rfryqh.dll
File
Infected
c:\windows\system32\
Clean was partially successful.
Trojan.Vundo
Terminate Process Required
164​ arrjty.dll
File
Infected
c:\windows\system32\

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:18 AM, on 2/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\s... Read more

Answer:new computer , new problems -- Virus, trojan vundo, awax,

9 more replies
Relevance 53.71%

Hi! I am a new member to this forum & I hope someone can help me. My computer has been running EXTREMELY slowly especially when using Internet Explorer. I have McAfee & it says my computer has the vundo trojan but it could not remove it. I have a broadband connection but right now while surfing the web it is about 20 times SLOWER than dial-up! I ran through the 5 step process (I took forever just to download each program). After the Deckards System Scanner ran my computer locked up for almost a day & I had to reboot. Once I re-booted McAfee said the vundo-trojan was detected & removed (I don't know why it was now able to remove the trojan when it couldn't before) I also don't know if this means my computer is now clean. Once I re-ran the Deckards System Scanner it gave me the "main.txt" file but not the "extra.txt" file. I am attaching the main.txt file below. If anyone can tell me if my computer is clean or what other steps I need to take I'd appreciate it. Also, what programs can I use to prevent this in the future. Thanks in advance!!!


Deckard's System Scanner v20070426.43
Run by Stephen-Home on 2007-05-27 at 21:26:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Stephen-Home.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:27:49 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.0... Read more

Answer:Computer running Extremely Slow (Vundo Trojan)

Hi Nova98


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================

1. Download this file - Here

Alternative link


* IMPORTANT !!! Place combofix.exe on your Desktop

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



=================

Please Run a scan with Deckard's System Scanner and save the log

===================================


In your next post, please include fresh logs from: ComboFix.txt
main.txt
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

19 more replies
Relevance 53.71%

I have the real-time protection for Anti-Malwarebytes, and I was on a website when all of the sudden Malwarebytes popped up a message saying something about a Vundo(sp?) virus/trojan being found. It said it quarantined it, but then when I went to open up Malwarebytes to run a scan, the program got deleted off of my computer! THEN, when I went to download it again from their website, it wouldn't let me install it! Now when I get on the internet I keep getting redirected to different sites, so I know this trojan has done something to my computer.

Could someone please help me? Everyone in my house is mad at me now for ruining the computer even though it's not my fault. I have Windows XP if you need to know that.

Thank you SO MUCH for any help you can give!
 

More replies
Relevance 53.71%

I recently found several viruses in my computer and removed them immediately, but my Norton keeps detecting Adware.Ezula and Trojan.Vundo. I've used FixVundo and deleted Trojan.Vundo once, but it can't detect it anymore. I get random pop-ups and my computer is consistently making a lot of noise ever since it got infected. I've been scanning my computer everyday with Ad-Aware and Norton, yet only Ad-Aware will find tracking and cookie problems. Here's my logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:14 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.e... Read more

Answer:Adware.Ezula + Trojan.Vundo Keeps Infecting My Computer

I also forgot to add that when my computer restarts, it won't completely load to my desktop.

13 more replies
Relevance 53.71%

Symantec antivirus scans first started showing me that I had a trojan.vundo virus about a week ago, every time I started up the computer the quick scan would pop up but tell me that I had to reboot my computer to fix the virus. But every time I turned the computer on it would still be there. About five days ago I started getting numerous fake ads from internet explorer and then from Firefox. About three days ago my computer was slowed so much that if I opened something it would take about ten minutes for it to appear on the screen. I've tried running several computer scans including symantec and norton but I either delete the virus and its there the next time, or it says I can't delete it at all. I also downloaded the Trojan.vundo removal tool from Symantec that told me it couldn't find anything on my computer. Lately I have been restarting the computer in safe mode then running my scans because I have an easier time of deleting the viruses in safe mode and at least for a while I can get my computer running faster until inevitably they come back and the computer gets slower. The viruses have popped up in the scans as several different random nine letter names and a few days ago I started getting alerts when I turned on the computer that Microsoft Intellipoint has to shut down due to an error, when I click more information it said the problem was something called wahotake.dll which also showed up in the symantec scan as a trojan.vundo virus. I don't know if... Read more

Answer:Trojan.vundo virus is slowly demolishing my computer

15 more replies
Relevance 53.71%

Hi i need some help in getting rid of the Trojan. vundo virus on my daughters pc i cannot even get on the web, the firewall will not stay up and the virus status is always showing as unknown? this pop up box with notification of virus keeps coming up a million times! It will not clean or quaranteen the thing..or fix it. I really need some help as i am not that computer illiterate!
i have windows xp. her computer is hooked up by wireless connection in my office downstairs. I would appreciate any help i can get right now. thank you!

Answer:How Do I Remove The Trojan. Vundo Virus From My Daughters Computer?

Download a copy of HJTsetup.exe from one of these locations and save it to your Desktop:Location one.Location two.Location three.You can transfer it via a flashdrive or disk and get the logs back the same way. I suggest you virus scan the flashdrive, if you use one, before you open anything on your clean PC to ensure that there is no risk of infection - just in case. Double click HJTsetup.exe to begin installation. By default it will install to C:\Program Files\HijackThis. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the prompts from there. When HJT opens, click on the Do a system scan and save a log file button. When HJT has finished scanning, a window entitled "hijackthis.log" will open - when you close this window the log will be saved into the hijackthis folder. Copy and paste this into your next reply.Also, run HJT and click on Open the Misc Tools section. Click Open Uninstall Manager... Click Save list... and save it to your Desktop. Copy and paste the file uninstall_list.txt into your next reply.

1 more replies
Relevance 53.71%

So a few days ago I removed the infamous trojan vundo and while I was deleting this virus my computer boot up seemed slower by a lot. Takes two minutes for it to start up to the accounts screen and another two minutes to load the processes on my desktop. Some of the features are disabled like progams don't show up on taskbar, can't view pictures, can't copy and paste on firefox, internet explorer doesn't respond, system tray icons are gone well some, and I think there is more. So please help if you can.

Thanks.

Answer:Trojan Vundo deleted, computer boot up slow.

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Clic... Read more

4 more replies
Relevance 53.71%

Hello,

I have downloaded and ran Malware Bytes which finds these viruses on my computer. I have them removed, but basically the same things are still there if I run a scan again. Please help me get these off my computer!

I'm pasting a log of the last Malware Bytes scan I did:
Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 3

1/6/2009 6:44:54 PM
mbam-log-2009-01-06 (18-44-54).txt

Scan type: Quick Scan
Objects scanned: 60703
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pcjhem.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab568909-6049-424d-901c-b6676ece7201} (Trojan.Vundo) -> Quarantined and deleted successfully.
HK... Read more

Answer:Infected with Trojan.Agent, Trojan.Vundo, Trojan.Vundo.H

Hi and welcome to BleepingComputer Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates". (If you encounter
any problems while downloading the updates, manually download them from
here and
unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will app... Read more

16 more replies
Relevance 53.71%

Hello, I recently caught a virus on my pc. Microsoft Security Essentials labels it as Trojan:WIN32/Sirefef.AB. It claims to have removed the Trojan and it no longer detects it during a scan, but my computer randomly shuts down now with no warning. If I enter safe mode it will shut down VERY fast. I'm using Windows XP home edition. Any help with this would be greatly appreciated. I'm not very computer savvy, but I can follow directions pretty well. Thanks.

Answer:Computer randomly shutting down. Trojan:WIN32/Sirefef.AB was detected before this problem started.

Hello ,looks like we should get a deeper look. Please follow this Preparation Guide and post in a new topic. Let me know if all went well.

1 more replies
Relevance 53.3%

my brother has recently downloaded something and it is freezing up my computer/internet. my internet connection is very very slow and disconnects from time to time. my computer in general has been very slow. i downloaded mozilla firefox thinking it would make my connection a bit faster but it didn't and started giving me random pop ups. i don't know what to do. do i need to reformat it because i want it to be like how it was when i first bought my laptop. please help me!!! i also get trojan.vundo, infostealer, WinFixer, MisleadApp, trojan.Metajuan, and DriveCleaner on my Norton Antivirus. i just got a tracking cookie on my norton scan. risk is low

More replies
Relevance 53.3%

Well, what started out as a simple annoyance quickly worsened.
At first it was just a few pop ups, not being able to access yahoo mail, and a slow computer.
I tried to solve the slow computer part by researching the processes and start up items and going through and deleting or ending ones that were safe to do so. Under the start up items there was a program called "rilihoki." I couldn't find it on the internet other than it not being a good thing. So I clicked it off. I rebooted the computer, and while everything else remained off, it had rechecked itself. So then I decided to try downloading malwarebytes. It won't run though, stating that it couldn't find the specified file. So then I tried downloading something else and went with AVG. It downloaded ok, but wouldn't open and eventually the entire computer froze and had to be turned off. When I turned it back on, I got an error saying it couldn't load c:/windows/system32/rilihoki.dll. Then AVG resident shield popped up showing a long list of files that were infected with the Vundo trojan horse. The list just kept refreshing over and over again with the bottom half of the window not even being completely loaded. I then tried to open AVG but it wouldn't open all the way. Again, the opening page (which only loads half way) would refresh itself over and over again. I ended up running McAffee again, but it didn't find anything. Ad-Aware went through ok, but didn't pick anything u... Read more

Answer:Please Help - Vundo Trojan Virus making computer virtually unusable

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, try this:

Download Combofix from any of the links below but rename it to <insert name here> before saving it to your desktop.

Link 1
Link 2
Link 3
==================================
Double click on the renamed ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

Regards

eddie
 

3 more replies
Relevance 53.3%

Hello thereThis is the first time that I have used your site. My computer has been attacked by the vundo virus and newJuan trojan. I have been trying to fix everything myself for over a week now, but it's time to call in the experts!! At times, it seems like I've got this thing beat and this it's there AGAIN!! I have run the Vundo Fix and it seems like I managed to get rid of one nasty dll which I couldn't get rid of before, but the minute I go on the net I am attacked with popups galore and then I have to start the procedure all over again (running antivirus, anti spyware and malware etc.) to find everything is still there and a whole lot more. So now I am turning to you for your help! I followed your instructions prior to posting the HJT log. Here is the log:Thanking you in advanceCharlotteLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:12:33 PM, on 2/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32&#... Read more

Answer:Bleeping Vundo Virus And Newjuan Trojan Attack On My Computer

Hello Charlotte, We will run ComboFix. You need to disable your Norton Antivirus, AntiSpyware and Windows Defender before running ComboFix, as they will prevent it from running. To disable Norton Antivirus: Please navigate to the system tray on the bottom right hand corner and look for a sign.right-click it -> chose "Disable Auto-Protect."select a duration of 5 hours (this assures no interference with the cleanup of your pc)click "Ok."a popup will warn that protection will now be disabled and the sign will now look like this: You succesfully disabled the Norton Antivirus Guard.To disable Windows DefenderOpen Windows Defender.Click on Tools, General Settings.Scroll down and uncheck Turn on real-time protection (recommended).After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 4. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-... Read more

26 more replies
Relevance 52.48%

Our antivirus failed somehow and the computer started running abnormally slow. Downloaded shaw secure, scan was clean, downloaded malwarebytes and found 21 problems (see below). Then ran trojan remover from Symantec and found 2 more. Removed them. Computer is still SO SLOW and I am not super tech savvy. I have posted a hijackthis log...any help is appreciated SO SO MUCH!!Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CURRENT_... Read more

Answer:Found trojan.vundo and several other malware, removed and computer is still uber slow

Since posting this, I read that a DDS.txt is helpful too and am adding that. thank you for your help!!
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 7:52:37.21 on Sat 08/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.182 [GMT -7:00]

AV: Shaw Secure 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\W... Read more

10 more replies
Relevance 52.48%

I starting getting dozens of Symantec notices about e-mail being rejected by the server. After searching for some answers I downloaded and ran Malwarebytes Anti-Malware and found quite a few problems. After running a few times, it says everything is clean however the e-mail notices still appear.DDS (Ver_09-05-14.01) - NTFSx86 Run by Tech at 12:56:56.43 on Fri 05/29/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.956 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\R... Read more

Answer:Vundo/rootkit/trojan Infection with a computer that continues to try and send spam

I have the Malwarebytes Anti Malware Logs if you want them too.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies... Read more

10 more replies
Relevance 52.48%

Malwarebytes's Anti-Malware reports that my PC is infected with Trojan.Vundo.H., Trojan.Vundo, and Trojan.zlob. Removing with this software was ineffective, as problem re-occured after restart. I have been having lots of popups.

Is this something I can fix on my own with your advice?
Below is the log from Malwarebytes and hijackthis:

Malwarebytes' Anti-Malware 1.34
Database version: 1828
Windows 5.1.2600 Service Pack 3
3/8/2009 11:59:26 PM
mbam-log-2009-03-08 (23-59-26).txt
Scan type: Quick Scan
Objects scanned: 74428
Time elapsed: 10 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 41
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\jopafuyi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\naninuwo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\digukate.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hatopiko.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vcquzn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdddd034-fb40-497f-a79f-8021f0abd83e} (Trojan.Vundo.H) -> Quarantined and dele... Read more

More replies
Relevance 52.48%

My Symantec has been working over time since 6:54pm (it is now around 7:40pm). I'm getting non-stop Trojan.Vundo and Trojan.Vundo.B "attacks" and the program is doing its best to delete what it can. The viruses (?) are coming from my Temp files and they all start with DWH followed by a series of numbers or letters.

Is there a way to stop these from multiplying? I'm afraid to do much with my computer as Symantec is cleaning up my system. It doesn't look like it's going to end anytime soon since it's practically been about an hour of non-stop detection of new ones.

Help!
 

Answer:Nonstop Trojan.Vundo and Trojan.Vundo.B attacks

PS - I have Symantec Endpoint Protection (corporate version I think).

I also have Ad-Aware from Lavasoft.
 

2 more replies
Relevance 51.66%

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.... Read more

Answer:Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

4 more replies
Relevance 51.66%

I have Vista32 and managed to aquire some malware that is causing massive ammounts of popups and general mayhem when i try to remove it.
The malware found is Vundo.gen!R & Vundo.gen!H.

I have partially managed to clean the system however now i also get a rundll error.... c:\windows\system32\ssqNDvts.dll

Syware doctor doesnt find anything however Defender keeps on finding and trying to clean the file which caused my browser to completely crash everytime it was loaded so i had to use vista system restore to get it all working again, unfortunately the last known good restore point also has the malware on it so i just keep going round in circles.

If someone could please offer me a solution it would be much appreciated.

My Hijack this log looks like this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:16, on 26/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\... Read more

More replies
Relevance 51.66%

Hello, I inherited a computer and installed photo editing software and UN-installed other unneeded software. While surfing for photo editing tutorials I clicked on a link that looked promising and the mayhem started. All kind of popup windows. Warnings that asked me to click to scan the computer, adds etc. Now my google searches are all re-dirrected. Avg and superantispyware found these: Trojan Horse Crypt.mxcTrojan Horse SHeur2Vundo/Varient-SenoritaVundo -{Fixed}Avg and superantispyware reported these as quarantined but after reboot another one is found again.I disconnected the internet wire and all is calm but I expect the mayhem to start again when the internet is hooked back up. I hope you are able to help and do appreciate your time. And I hope I did my homework and that these are the files you need.Thank you in advance.DDS (Ver_09-12-01.01) - NTFSx86 Run by Dur at 15:31:27.67 on Tue 01/26/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2714 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost -k DcomLaunchsvchost.exeC:\Windows\System32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Windows\system32\s... Read more

Answer:Trojan Horse Crypt.mxc and SHeur2, Vundo/Varient-Senorita, Vundo -{Fixed}

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 51.66%

About a month ago I noticed my computer was starting to slow down, particularly when using internet explorer. My Husband had also downloaded 'Steam' an online gaming programme and bought Day of Defeat - a completely online game played on servers..... however i dont think this was the problem - however one of the above infections had started to interefere with the platform and engine and now it is unplayable. I was alerted via Norton internet Security that I reapetdly was being infected with 'W32 Tratsinf!' and this was happening every 2-3 minutes, then it would be 'Downloader, Trojan Vundo and Metajuan. I dont know how these all got into my computer but they did despite me have Norton Internet security. I became confused from there....and still am. I have looked at the regisrty keys, where Values had been added etc and - but to be honest deleted a value that was added - System32/Vundo.exe but only went as far as that. i have deleted files that appear to be infected aswell.I was getting pop ups, alerts my system was unstable tempting me to try products to fix the problem and other error messages and i think it.they infected by AV as it has not been picking some infections other programmes have.I have followed your advice and run all the AV, AdAwareprograms, and i must admit my computer has really stabilised from there. could someone please look at the HJT Log to see if i have eradicated the problems, made them worse......Logfile of Trend Micro HijackThis v2.0.2Scan saved a... Read more

Answer:Help! Trojan Vundo, Trojon Metajuan, W32 Tratsinf!, Virtumonde And Downloader Is Slowly Destroying My Computer.

Hello Michellebro and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

14 more replies
Relevance 51.25%

Hi.. I'm having problems with multiple virus/malware infections. My computer is running very slow at times and im limited as to what I can do at times also. For example, yesterday I couldn't click on any programs on my start list until I restarted my computer. I've uploaded the attach.txt file as well as my most recent log file from Malwarebyte's antimalware and hijack this. Thank you very much for your help... please let me know if there is anymore info needed from me. Take care -ShawnDDS (Version 1.1.0) - NTFSx86 Run by Home at 19:51:21.19 on Sun 01/04/2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uStart Page = hxxp://www.aol.com/?src=aimuURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dlluURLSearchHooks: H - No FilemURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllmWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\wmsdkns.exe,BHO: {0a935262-9b91-4352-9c18-d679a63c682b} - c:\windows\system32\yatumeva.dllBHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dllBHO: Google To... Read more

Answer:Multiple virus help needed - vundo.h, vundo, trojan.agent

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

6 more replies
Relevance 51.25%

Desktop Sony Vaio, Windows XP + SP3, 1GB RAM.These four infections - HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE periodically try to execute and Norton Security Suite BLOCKS them all. Along with these four, about 16 files are also blocked, all associated - fpq52.tmp (TROJAN HORSE), fpq4b.tmp (HACKTOOL.ROOTKIT), fpq4c.tmp (TROJAN HORSE), fpq4a.tmp (TROJAN.PANDEX), fpq4f.tmp (TROJAN HORSE), fpq4e.tmp (TROJAN.VUNDO), etc.I am presently running Norton Security Suite 4, F-PROT Antivirus, IObit Security 360, SpyBot-SD Resident, SuperAntiSpyware, Malwarebytes and Secunia PSI. These will not eliminate the infections.This PC is a neighbor's which originally had the Windows firewall OFF and greyed out, Firefox Google Hijack and the following infections, which are all now repaired -- HIJACK.WINDOWSUPDATE, Hiloti.B.gen!Eldorado, Trojan2.HZYZ, WORM.BDQA, TROJAN.AGENT.APHZ, ROGUE.AGENT/GEN-NULLO(dll), WORM.BLAH. (I mention these to provid a little background info). There were about 50 Windows Updates that were blocked but now installed.Thanks in advance for your assistance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Leah at 13:31:16.40 on Thu 06/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.95 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Updated) {3... Read more

Answer:Infected with HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

47 more replies
Relevance 50.84%

Hi all at BleepingCounter,I have recently got infected with several nasty virus / worms and trojans from my school computers. I have since went to reformat my notebook along with my external hard disk (HDD).But when I did a virus scan with AVG, I found several infections, whereby I immediately google the possible solution to getting rid of these pesky troubles.From the SUPER Anti Spyware thorough scan, I have been infected with the Adware. tracking cookie and Adware. Vundo Varient/Rel. I have tried to delete it several times, but it refused to be deleted with SAS.Then I found this website offering great solutions, so I immediately downloaded the Malwarebyte's Anti-Malware which showed that the vendors were Trojan Vundo, Trojan Agent and Malware trace from the quick scan.And I also saved the logfile of the Trend Micro scan..My operating system is Windows XP, it was downgraded from Windows Vista Business. And I currently have AVG 7.5, Avast! Home Edition 4.0, SAS AND Malwarbyte's Anti-Malware.I am really quite new and ignorant of these viruses and programs, but I am doing whatever I can on my part to save my notebook and I hope that you guys might be able to save my notebook too, it is at present only 3 days old before I received all these nasty viruses!So I copied and pasted the Hijack file file below... And then I also copied and pasted the log from after I clicked removed selected during the Malwarebyte's scan..Am I being paranoid or do I have more viruses?Logfile of... Read more

Answer:Infected With Trojan.vundo / Adware Vundo Varient/rel

Hello Jacintha and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

10 more replies
Relevance 50.84%

Hey guys. So recently I've been getting pop ups from my Norton 360 notifying me that there was a Trojan Vundo trying to access my computer and I kept trying to block it and it was successful but I keep getting annoying pop ups when I never had this before.

This is a brand new computer that I've had for maybe a month now. I've only started having problems this week after I re-downloaded Open Office.

I tried running the Vundo Fix but it couldn't find any infected files so I ran Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:20 PM, on 10/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Commo... Read more

Answer:Trojan Vundo Vista - Vundo Fix didn't find anything

I'm gonna run Norton 360 and then re-run Hijack This and see what I can come up with and then I'll re update you guys.
 

1 more replies
Relevance 50.84%

Hi everyone, this is my first post, thanks for reading.My new HP laptop runs Windows XP 32 bit. I have repeatedly contracted virtumonde and vundo in the past 6 months, and in past episodes I have used the factory-system restore CD to reset my hard drive and system settings, thereby erasing the virus.But earlier this week, I ended up with Vundo again. I have used Avira, Spybot, and Malwarebytes, but as I've learned through experience, they delete instances of vundo, but do not remove the root cause. Malwarebytes pulls up 7 files on each run, each named Trojan.Vundo.H or Trojan.Vundo.BOH or Trojan.VundoThis episode seems to be more complicated than earlier occasions. After performing a full restore, and before reloading software onto my machine, I plugged in my external hard drive - then Vundo infected my system again. It is completely impossible for me to reformat my external hard drive, as I have legally binding and career crucial documents on the external hard drive. I have run those programs on the external hard drive as well, and it does discover Malware files.If it might help, I have a mac computer as well, so if there is any way to run an antivirus program from the mac to clean the external hard drive, I can do that.Any help you can offer would be astoundingly appreciated. Best, BillWith the external unplugged, I just ran HijackThis, pasted below.I also ran Malwarebytes, and have pasted that log below as wellHIJACK THISLogfile of Trend Micro HijackThis v2.0.2Scan saved a... Read more

Answer:Vundo (Trojan.vundo.h) on XP and external hard dive

Hello.Re-run scan with MalwareBytes Anti-MalwareYour MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.Post back with a new DDS logs as well.With Regards,Extremeboy

3 more replies
Relevance 50.43%

Hello! I am so new to all of these! I already searched for the removal of these viruses and read in a lot of forums. All of these forums have logs, etc. involving the precious system files. I don't even understand the logs and I have read instruction on how to remove these but they do not guarantee anything. I am afraid that the PC might malfunction and be sent to the Repair Shop again. (It just got sent 4 days ago) I ran Malwarebyte's Anti-Malware and scanned my computer and found 46 infections. It shows the option that removes the selected files but I'm afraid because these files are categorized as 'Registry Keys, Registry Values, Memory Modules, and Registry Datas'. Should I delete them anyway?

And so, I want a professional, expert, etc. in all of these since I am such a sucker to all of these virus removal stuff.. I want that pro to walk with me through all of these. From the very first step to the very last and that is when the virus will be wiped out.. Please help..

Answer:Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner... Read more

10 more replies
Relevance 50.02%

Lately my computer has been exceptionally slow. Blue screens a time or two. Ive recognized a few other suspicious things such as 'Service Distribution Software 3.0' trying to install at 3 am for the past 2 weeks. I also looked at my ReportingEvents.log and noticed that even though Microsoft updates were downloading successfully they were not installing since 6-10-2010 (i went ahead and attached a copy of that as well). Also, Firefox was acting really funny. Taking a huge amount of time to load. I also found that even if I shut Firefox down, it was always running. Even if I went to Task Manager to kill firefox.exe, it was very difficult to get it to finally stop running.I even saw a post here saying: ------------------------------------------------------------------------QUOTELets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it.Lets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 local... Read more

Answer:Trojan horse Vundo.JW - Trojan.Mebroot. Mebroot/Sinowal Infection, Trojan.Tracur, Trojan.TDSS or what?

Hi deetheis,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - MBAMOpen Malwarebyte's Anti-Malware.Under the Updates tab, click Check for Updates. Let the updates install (if any).After that, under the Scanner tab, click Perform Quick Scan and then Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBA... Read more

2 more replies
Relevance 50.02%

Hello. For the past week I have been getting constant notifications that I'm infected with the Vundo trojan virus. I booted into safe mode, ran scans, and deleted parts of it (once the scan was over it would tell me to reboot so that it could delete the rest on boot up, but it hasn't every time) but it keeps coming back. I've read up a little on vundo and found that it is a registry virus but I have no idea what that means. I use AVG Free 8.5, SUPERAntiSpyware, and Malwarebytes' Anti-Malware but even with using these it still comes back. So could I please have a little help with getting this thing off of my computor once and for all?

Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 5:23:40 PM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\Viewpoin... Read more

More replies
Relevance 50.02%

Hi,

I'm running Windows XP on a netbook. As of yesterday, Symatec Endpoint Protection detected the Trojan.Vundo/Suspicious.Vundo viruses in almost all my system files. Sometimes, Symatec manages to clean one or two files, but it's detected 100+ that have been infected. I've tried System Restore but it wouldn't revert back to a previous state. I don't believe that this is the work of the virus, because I've tried using System Restore about 6-7 months ago with no luck. I've tried using VundoFixer to fix it but it did not detect anything.

The DDS, attach.txt and ark.txt are below/attached.

------------------------

DDS (Ver_09-10-26.01) - NTFSx86
Run by Cindy at 22:11:06.82 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.217 [GMT -2.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091028-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files&#... Read more

Answer:Trojan.Vundo/Suspicious.Vundo Virus

Hello paperstarsWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked b... Read more

11 more replies
Relevance 49.61%

Few weeks ago my Gateway DX4300 displayed a dialogue box that stated, "Your Computer has detected a Trojan Horse Virus, Shutting down." It then shut down, as the message stated it would. No Biggy...figured the computer was doing what it was meant to do upon a security threat. Well, after a few minutes I tried restarting the computer, and nothing, no power, no lights, no noises, completely dead.

So...thus far, I have tested the PSU with the paper clip trick, and an actual PSU tester, and it works just fine, according to those 2 test. I have also replaced the motherboard, thinking for sure that had to be the problem, but of course not, still no power whatsoever. I then figured, maybe it is the power button itself, so I used a screwdriver to short the 2 power on switch pins, and nothing. I have also replaced the CMOS battery, tested multiple outlets, power cord is good, reseated all connections. Also tried jumping it by moving the jumper from pins 1 & 2 to 2 & 3. And still nothing...

I have no idea what to try next...any help would be greatly appreciated!

Was also wondering is there a Trojan Horse that can actually cause a complete power/system failure...tried googling it, couldn't find anything on it.

Computer Specs:
Gateway DX4300 | Vista Home Premium 64x | AMD Phenom 9750 Quad Core Processor | ATI Radeon 4650 GPU

Answer:PC won't restart after "Computer has Detected Trojan Horse Virus, Shutting Down"

I currently have this same thread in the "Memory and Power Supply" section. The individuals that have responded are all saying it is the PSU that is faulty. I will be acquiring a working PSU tomorrow evening to confirm that is the issue at hand. Once testing is complete, I will follow up with an update...

3 more replies
Relevance 49.61%

I have tried to use SUPERAntiSpyware to remove this and each time I remove it and then reboot windows will not start...So I have to start windows from its last good configuration. My norton has also picked it up and tried to fix it doesn't seem to work either. I tried Vundofix as well..it found it and then fixed but still its there. I think there is also alot more going on besides that. My computer is running very slow..the background has changed to a antispyware add and I'm getting tons of popups as well as a rund.dll error message and my homepage has been changed. Thanks for reading hope you can help.Hijackthis log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:39:05 AM, on 4/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdat... Read more

Answer:Adware.vundo, Adware.vundo-variant/small A, Vundo Trojan..need Help

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt, rapport.txt and a new HijackThis log in your next reply.

21 more replies
Relevance 49.61%

Hmm my computer's in pretty bad shape thanks to these damn trojans

Norton started detecting these trojans 3 days ago, and could only block them.

Everytime I try to access IE, there will be a bunch of popups and advertisements.

I tried scanning with Norton Antivirus + Ad-Aware 2007, but nothing could be found.

After that, I went to Cnet downloads, and got myself Spyware Terminator + A-squared 3, both which managed to scan and detect some of the threats. It cleared some of the files and registry keys, but still couldn't kill off the files such as wvuroli.dll that are used by core processes, such as explorer.exe, etc.

Currently my IE doesn't have any popups, but I'm worried that these trojans will return, and I want them completely out of my system

I've browsed tech support guy forums a bit, and found a thread thats similar to my problem:
http://forums.techguy.org/malware-removal-hijackthis-logs/554392-solved-trojan-vundo.html

Following the instructions from that thread, I downloaded VundoFix 6.77 and ran it about thrice. The first time cleared off a bunch of files, the second time detected none, and then the third scan detected new files again !!!!

Below are the logs for VundoFix and HijackThis, please help !!! thanks

=============
My VundoFix Log
=============

First Run
VundoFix V6.7.7

Checking Java version...

Scan started at 1:29:37 PM 1/31/2008

Listing files found while scanning....

F:\WINDOWS\system32\gjkmp.ini
F:\WINDOWS\system32\g... Read more

Answer:Solved: Help with Trojan.Vundo, Trojan.Metajuan, Trojan.Downloader

13 more replies
Relevance 49.61%

Hi,

My Symantec was sending messages regarding trojan.vundo, trojan.metajuan and backdoor.trojan. I found some info that lead me to your combofix tutorial, which I run and now the pc seems fine, though, in the tutorial is strongly recommended to post the log. Should I?

Thank you!!
-Cristina.

More replies
Relevance 49.61%

Avast first alerted me to an infection, which I quarantined, called Win32:malware.gen. I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan. I have done this several times and Malwarebytes continues to find infected .dll files described as TROJAN.HILOTI.GEN, TROJAN.AGENT, and TROJAN.VUNDO.I followed all the prescribed methods from this website from here:http://www.bleepingcomputer.com/virus-remo...undo-virtumondeNeither Vundo Fix or VirtumundoBegone found anything. Malwarebytes keeps finding .dll files every time I run it.Note: I had to rename the mbam.exe file in order to run it. I could download it, but it wouldn't run unless it was named something else.I am now following the instructions from here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Note: I can not run GMER without my machine crashing so I can not attach the required ark.txt log. Finally, once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it.I would appreciate any help on this. I'm at the end of my rope. I've been trying to eradicate this for 3 days now. All my important files have been burned on a CD-R so I am willing to nuke the whole drive/OS if that is required.Thanks in advance and I hope to hear from someone soon.So I will now post the DDS.txt report as requested a... Read more

Answer:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

4 more replies
Relevance 48.79%

Hi!

I recently had a problem with removing Trojan Vundo and Trojan Vundo H from my computer. I did the read first cleaning procedure and my computer seems to be okay now, but I was hoping someone could look at these logs and make sure. I can't seem to access my Spybot or Combofix logs either. Thank you so much!

Best regards,
J
 

Answer:Trojan Vundo and Trojan Vundo H issues

Welcome! to MajorGeeks.com!

Were you able to run ComboFix as requested in the READ ME? If so, please attach the log. If not, please go back and run CF and attach the log once complete.
 

9 more replies
Relevance 48.79%

Hello,

It seems that I have went into a site that decided to bomb me with viruses, ones that are hard to get rid of. The ones my Malware continues to find, and remove, but yet always comes back are:

Trojan.Vundo
Trojan.Vundo.H
Trojan.Agent
Trojan.Downloader
Trojan.BHO.H

I believe these are the main ones. I am bombarded with a million pop ups, everytime I search for something a popup with another search comes up. It's tiring, and I'm afraid of purchasing anything online. I read another post another user was having the same trouble, but read that I should post one of my own?

Please help me remove these viruses and perhaps suggestions on purchasing any anti-virus, anti-malware, anti-spyware programs? My IT guy from work had installed Malwarebytes' Anti-Malware program for me, and I've been using that to remove the viruses that continue to come back. I also installed Ad-Aware, but it crashes everytime I run a scan for some reason.

I have Windows XP, mmm and I'm not sure what other information is required? My Posts may actually post twice, and I apologize for that, but this virus is interfering with my web browsing as well. Things aren't loading and going extremely slow. Please Help! I am very very computer illiterate, so also please have patience with me. Thanks!
 

Answer:Removal of Trojan.Vundo and Trojan.Vundo.H

bump
 

1 more replies
Relevance 48.79%

Hi,

Looking for some help with a pesky virus. Tried deleting with Malwarebytes. But the files keep coming back. It causes persistent popups and tells me I have a virus and offers a link to anti-virus software. From looking around the web, this is pretty standard, but appears complicated to get rid of. Thank you for any help you can give me.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jake at 23:11:29.93 on Fri 02/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.355 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: McAfee Personal Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EX... Read more

Answer:Infected with Trojan.vundo and trojan.vundo.h

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.Extra note: The combofix tutorial recommends to disable your Antivirus, in your case McAfee. For McAfee, I rather recommend to temporary uninstall it, because Mcafee causes a lot of problems with Combofix after reboot, this because McAfee enables again after reboot. So please temporary uninstall McAfee first, then reboot and then scan with Combofix.

8 more replies
Relevance 48.79%

Hello,Recently, my browswer Mozilla Firefox 3.05 has been locking up. I will shut it down and then either my anti-virus will find a Trojan or if I run Malwarebytes Anti-Malware, it keeps finding variations of Trojan Vundo or Trojan Vundo.H, etc. Another thing I've noticed is that sometimes a C:\Program Files\GetModule directory will appear and I will have to delete it. I have this problem on a desktop and a laptop. Let's start with my desktop first, which is running Windows XP SP3, McAfee Antivirus 8 with the latest virus DATs. I have just cleaned the computer Malwarebytes, but I fear it will return again. Below is my Hijack log. If someone wiser than me could review this logs, I would appreciate your feedback.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:51, on 2008-12-28Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Pr... Read more

Answer:Trojan Vundo and Trojan Vundo.H and Get Module

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.
Regards,

Rosty.

1 more replies
Relevance 48.38%

I have been having repeated/reoccurring infections of Adware. Vundo Variant, Adware.Vundo Variant / Small-A, Adware. eZula, Trojan. Downloader-NewJuan/VM, Trojan. Downloader-Gen/DDC., and Adware. Tracking Cookie. The infection originally started when trying to fix my son's computer which was infected mainly with a Trojan Vundo (can't remember exact name). I download fixes (programs) to my laptop computer and then transferred them to his computer since it was offline. I apparently downloaded/ran something that immediately infected my computer. Trojan Vundo was immediately picked up by McAfee, and supposedly removed.My laptop is protected by McAfee Security Center (always updated and running). I am using Windows XP (always updated). I use IE (always updated/latest version).I have used Ad-Aware 2007, Spybot S&D, SUPERAntiSpyware, and others I can't remember in attempts to remove. I have also used other Anti-virus programs, Advast!, etc. since I was told that different programs pick up different infections. I have also followed many links and suggestions from this and other sites to remove the problems. I have also used SmitFraudFix and RogueFix , which have picked up problems, which were then removed. I have run all the programs in both normal and safe mode.When I run the various programs, it will pick up the infections and I go through the process of removing them. The computer seems to work great w/o any problems until I get on the internet and then the popups, redire... Read more

Answer:Adware. Vundo Variant, Vundo Variant / Small-a, Ezula; Trojan. Downloader-newjuan/vm, Trojan. Downloader-gen/ddc, Adware. Track...

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved.Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter.Use fluffybunny.exe from now on.Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.Thanks,Charles

10 more replies
Relevance 47.97%

I've had minor infections in the past, usually solved by following the instructions of other fixed threads. This is a bad one and I really need help.

It started when I downloaded an episode of criminal minds over bit torrent that required a "content license" that turned out to be the Vundo Trojan. My google search results were being redirected to ad.yieldmanager.com and searchfindsite and AVG Free/Spybot Search & Destroy detected infections in the Windows/Temp/ directory but they kept coming back after being removed. I also tried Malwarebytes and Combofix, but the registry keys seem familiar enough to me. Two were out of place, but there must be more because I'm still having problems.

I can't boot to Safe Mode. Upon loading the DOS libraries, the system restarts. Also, Root Repeal crashes my computer when I try to run a report. Here is my DDS log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Heikkila at 1:50:51.25 on Tue 12/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1356 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsv... Read more

Answer:Trojan Vundo PL, Vundo H Infection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

7 more replies
Relevance 47.97%

Compaq laptop
Windows XP home
MS Auto updates -- disabled on Win startup
Auto updates cannot be enabled
Auto updates process cannot be started
Browser hijacked
pop ups
blank "404" when navigating to search engines or virus detection sites
System is bogged down with 100% cpu activity -- if connected to internet
System available if internet connection is disabled, NIC / wireless unplugged

Symantec vundo scanner in safe mode turns up no hits
Eset may have quaranteed and deleted some of the malware -- msg regarding 'Virtumondo', though it did not prevent escalation of system takeover by attack.

When I found this site (techsupportforum.com), I followed instructions to provide attached files.

Thanks for any help identifying and eliminating this problem. I like the apparent 'upgrades' to the HJT file/logs (attached from your scanners -- nice job). Impressive. I would like to learn more from you. Thank you very much for being available.
Keith

Answer:Vundo symptoms -- not Vundo trojan

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system. It looks like Vundo is indeed still present on your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine befo... Read more

8 more replies
Relevance 47.97%

Hello.

Could you please help me?

A couple days ago, I got hit with a TON of trojans. McAfee sent up notice after notice that it had caught and "removed" this trojan and that trojan and I don't know how many FakeAlert thingies.

(Just now, I got two VUNDO.gen.bp "caught and removed" notices.)

A McAfee scan turns up nothing. Spybot Search & Destroy shows a Firewall Bypass and Malwarebytes' Anti-Malware shows two instances of Trojan.Vundo, eight of Trojan.Vundo.H, two Trojan.FakeAlerts, three Fake.SystemTools & one Disabled.SecurityCenter.

I "remove" these with Spybot & Malware and they keep coming back. They mainly seem to be opening new windows, opening up IE and just causing a pretty heavy lag. I'm getting fake virus removal programs popping up too. Oh, and "Are you sure you want to navigate away from this page?" stuff but that only seems to be happening at Facebook so that could be them I suppose.

Here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:34 AM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
... Read more

More replies
Relevance 47.97%

Deckard's System Scanner v20071014.68Run by sallyann drake on 2008-06-17 23:14:55Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --121: 2008-06-17 22:15:03 UTC - RP292 - Deckard's System Scanner Restore Point120: 2008-06-17 20:05:15 UTC - RP291 - Microsoft OneCare Protection Checkpoint119: 2008-06-17 19:56:22 UTC - RP290 - Installed Windows XP KB923845.118: 2008-06-17 19:55:46 UTC - RP289 - Installed Windows XP KB914882.117: 2008-06-17 18:50:37 UTC - RP288 - Cleaned registry with Windows Live OneCare safety scanner-- First Restore Point -- 1: 2008-06-17 07:54:28 UTC - RP172 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 79% (more than 75%).Total Physical Memory: 502 MiB (512 MiB recommended).-- HijackThis (run as sallyann drake.exe) --------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:16:53, on 17/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:Program FilesMicrosoft Windows OneCare LiveAntivirusMsMpEng.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsy... Read more

Answer:Trojan:win32/vundo-gen!c And Vundo-gen!e

sorry didnt know it had to all be in the same post

3 more replies
Relevance 47.97%

In the nearly 2 years of having this computer, I have never had a trojan affect it like this one, if anyone can help it would be much appreciated. it popped up this morning on the CA Security Virus Infection Alert and it showed:

C:\WINDOWS\System32\ekomupaf.tmp - infected
C:\WINDOWS\System32\ekomupaf.ini - deleted

This pops up every time I have restarted windows.

A quick scan on the spyware tool on CA and it came up with the following names in the report:

vundo
vundo CXI
Haxdoor E

however if I try to quarantine these files CA crashes/freezes.

it has slowed down the computer quite substantially, and every now and then IE7 randomly opens and then closes (I am using firefox though)

DDS Log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Will at 12:54:25.29 on Tue 12/05/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1499 [GMT 9.5:30]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.ex... Read more

Answer:Trojan Help.. vundo/vundo CXI/haxdoor E

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Get help here
Right click on CA Antivirus icon near the clock (a shield).
Click on CA Anti-Virus > Snooze Anti-Viru... Read more

18 more replies