Home > Solved Trojan > Solved: Trojan Vundo.dvs Probs

Solved: Trojan Vundo.dvs Probs

Logfile of HijackThis v1.99.1 Scan saved at 1:24:35 PM, on 1/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> No action taken. I hope one of you would be able to help me. C:\WINDOWS\system32\bthfiquw.dll (Trojan.Vundo) -> No action taken. his comment is here

O8 - Extra context menu item: Betfair enable instant betting - file://C:\Betfair Scripts\InstantBetting.htm O8 - Extra context menu item: Betfair enable instant betting (set odds) - file://C:\Betfair Scripts\InstantBettingWithOdds.htm O8 - Extra I'm currently at work, but I'll try this stuff when I get home later this evening. Here the trouble started. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Please ask any needed questions,post logs Clicking Here

Sign in here. I think the office 2003 is safe and this could be a false detection. I can only access certain websites, cnn.com, gmc.com just to name a few. I ran both my Anti-Virus then SAS and both ran clean.

C:\Program Files\PC Tune-Up\RdvChk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. The Win32/Vundo family is closely associated with the Win32/Virtumonde and Win32/Conhook families, which together may install other variants of each other. Not now. Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not re-infect the computer after it's removed, Symantec suggests sharing with Read Only access

All In One TweaksAndroidAnti-MalwareAntivirusAppearanceBack UpBrowsersCD\DVD\Blu-RayCovert OpsDrive Utilities (HDD, USB, DVD)DriversGamesGraphicsInternet ToolsMultimediaNetworkingOffice Tools System ToolsMacintoshNews Archive- Off Base- Way Off Base Spread The Word Follow @majorgeeks MajorGeeks RSS / XML Feed · Next,we will remove the tools that we've used in our malware removal process. Double click on adwcleaner.exe to run the tool. https://forums.pcpitstop.com/index.php?/topic/156953-trojanvundo-problemsresolved/ MalwareTips.com is an Independent Website.

Why should I update my software? Some variants of Win32/Vundo, such as Trojan:Win32/Vundo.KO and Trojan:Win32/Vundo.gen!AJ, are dropped by variants of the Win32/Prolaco family, such as Worm:Win32/Prolaco.gen!C, which are themselves dropped by variants of Virus:Win32/Prolaco, such as Virus:Win32/Prolaco.AW, Virus:Win32/Prolaco.AP and Virus:Win32/Prolaco.AR. If you don't use WinAmp constantly, removing this entry will free up some system resources. ) O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot (Description: RealPlayer scheduler. We do recommend that you backup your personal documents before you start the malware removal process.

Examine the time/date of install and last used. https://forums.malwarebytes.com/topic/13822-trojanvundo-and-trojanvundoh-problems/?do=getFirstComment If asked to restart the computer, please do so immediately. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" Save it to your desktop.

C:\WINDOWS\system32\bthfiquw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. this content I am 99.99% sure, after running a complete scan using the rescue disk which I have PMed you, the looping reboots would halt. None of these have been able to aid me in getting all of these problems solved. The advertisements generally link to sites offering non-functional (or occasionally outright harmful) programs that purport to be capable of ridding the computer of non-existent malware in return for a fee payable

yes it did....thank you very much. Found the malware, quarantined it and tried to reboot. To keep your computer safe, only click links and downloads from sites that you trust. weblink Far as the blue screen.

Upon completion of the scan, click on Show Result You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected. And then reboot! [This will bascially do two things - clean out the system restore files that are infected and disable the system restore. Perform a system restore, prior to the infection state.

It should be noted that autorun.inf files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation media.

Next... Thank you again mommydaniseJanuary 9th, 2009, 10:27 AMHere's the first logfile you asked for... Close all applications and windows. C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\12000000009710.isw.sect (Trojan.Vundo) -> Quarantined and deleted successfully.

PM me if you need the original winlogon.exe file. Close any open browsers. It's also important to avoid taking actions that could put your computer at risk. http://realink.org/solved-trojan/solved-trojan-vundo-virus-hjt-log-appreciate-a-look.html Analysis by Jaime Wong and Jireh Sanico Prevention Take these steps to help prevent infection on your PC.

The stored data may be a malicious executable component of Win32/Vundo that is also uniquely encrypted using the generated string and RC4 or TEA encryption algorithms. DO NOT enable terminating memory threats. Several functions may not work. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

Thank you! And one more thing.....when does windows reboot? DO NOT enable terminating memory threats. Oldsod.

Open the rest of the properties and see who the vendor is , software version and number and from where the file certificates are from. right click My Computer, open the Properties, open the System Restore tab, check the "Turn off System Restore on all drives" box, click Apply, click OK and close the window.