Home > Solved Trojan > Solved: Trojan Vundo Removal & Hijackthis Log

Solved: Trojan Vundo Removal & Hijackthis Log

Also attached is the HijackThis log. Closely monitor all bank and credit card statements. Before I did the scan, I updated the virus definitions and disabled System Restore as Symantec recommends here: http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=3 The scan discovered the Trojan Vundo but could not completely remove it. Then clean install the New Version so that there will be no conflicting. http://realink.org/solved-trojan/solved-trojan-virus-please-check-this-hijackthis-log.html

They can also disable pop-ups from certain advertising-related or advertising-supported sites when you visit them, such as the following: ads.180solutions.com ads.doubleclick.net ads1.revenue.net ads2.revenue.net banners.pennyweb.com images.trafficmp.com search.ebay.com web.ask.com www2.yesadvertising.com yahoo.com z1.adserver.com Win32/Vundo also disables Can someone please help? With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Open My Computer. https://forums.malwarebytes.com/topic/7861-need-help-removing-trojanvundo/

Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys R2 wcvs;Windows Certificate Verification Service;C:\WINDOWS\wcvs.exe R2 WzaSvc;Windows Zero Adapter;"C:\WINDOWS\csnsvc.exe" R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f7d1f6-c371-11db-bbf3-0007e97b8cd3}] AutoRun\command Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exeO8 These variants might also check if the Microsoft Malicious Software Removal Tool (mrt.exe) is running and close it. As for the rest, you should look them over and be sure that you know what they all are and what they do.

We can provide you with some helpful links if needed.Since these infections may be used for remote access, or even remote control of an infected system, we recommend that you temporarily I'm concerned because I thought I'd cleaned this about a week ago (Malwarebytes reported 0 infected files then, but it returned a week later). I tried to go back to a prior restore point, but I'm now not able to go back to a prior time/month. Variants of the family have also been observed using encryption techniques in order to obfuscate their communication with remote sites, including Trojan:Win32/Vundo.AX, Trojan:Win32/Vundo.BH, and Trojan:Win32/Vundo.FZ.

Not sure if the updates are stored in the .exe file, but the dates on the other Malwarebytes files had not changed after the update, so I hope the updates got Thread Status: Not open for further replies. Please post the contents of both log.txt and info.txt in your next reply. 0 #3 Leif W. my response Any help or guidance would be appreciated.

No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your Thanks Logfile of HijackThis v1.99.1 Scan saved at 18:10, on 2007-10-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe I would post the MBAM log, but it freezes before it will create a log. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy


any idea how to fix or remove? click resources Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 5:06PM • Permalink What is the Name of the File(s) given, Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 6:37PM • Permalink Good to hear that you think Vundo is Did you get this report from Spyware Doctor?

Please include the C:\ComboFix.txt in your next reply. this content The page will refresh. The file will not save. (The download helper says, download complete, but the file is not saved to the PC.) I downloaded Malwarebytes to a clean PC and then saved the No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know.

They are Trojan.Vundo.H. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ganelifoja deleted successfully. You can find out how to turn off this feature in the article How to disable the Autorun functionality in Windows. weblink We all glad you were able to get your computer cleaned up.

Everything seems to be working fine. Error reading poptart in Drive A: Delete kids y/n? Even if this works, you should continue to test with other free scanners and/or post a HJT log.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

No obvious sings of the infection. I did the checks that you recommended on HijackThis and ran DDS after disabling NIS auto protect. Member Member 49 posts Hi,I'm hoping someone my give me some guidance on how to clean my PC. Sign in to follow this Followers 3 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page.

Record Number: 18186 Source Name: Service Control Manager Time Written: 20081029110713.000000-240 Event Type: information User: Computer Name: MAYDAY Event Code: 7035 Message: The Fast User Switching Compatibility service was successfully sent It should be noted that autorun.inf files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation media. So I downloaded it on a clean PC, saved the file onto a flash drive and then saved it to the infected PC. check over here Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 9:07PM • Permalink There is malware that will delete (eat )

Click Yes. I went to Control Panel->Admin Tools->Services and I could see that the Security Center is now disabled. I then ran Hijackthis and here is what the current log looks like:----------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:22:06 PM, on 1/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer I tried running Malwarebytes as some posts recommend but the software would not download on the infected computer.

Open Notepad2. If it is then click on it to uncheck it.Please attach the log in your next post.To attach a file, do the following:Click Add ReplyUnder the reply panel is the Attachments Click the Ok button and Notepad will open with a log of actions taken during the fix. Click OK.

That may cause it to stall.2. Please help me with removing Trojan.Vundo.H Started by Francis84 , Sep 10 2009 09:30 PM This topic is locked 2 replies to this topic #1 Francis84 Francis84 Members 1 posts OFFLINE After removing this threat, make sure that you install all available updates for your PC. Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Local Service Temporary Internet Files folder emptied. And the logs from even malwarebytes also will help me understand hopfully which Malware / Rogue or other, even if it hasn't found all of it. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.

So I downloaded it on a clean PC, saved the file onto a flash drive and then saved it to the infected PC.