Home > Solved Vundo > Solved: Vundo: Help With HijackThis Log

Solved: Vundo: Help With HijackThis Log

Join the community of 500,000 technology professionals and ask your questions. The scan found over 200 affected registry files but could not delete these. File delete failed. Incident Adware: adware/coupons Location, Windows Registry Status, No disinfected Incident Adware: Adware/nCase Location, C:\WINDOWS\DownloadedProgramFiles\RCX23.tmp Status, No disinfected Incident Adware: Adware/StartPage/AIW Location, C:\WINDOWS\SYSTEM3\geebb.dll Status, No disinfected That middle one, that ends with have a peek at these guys

A menu should come up where you will be given the option to enter Safe Mode. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed… Anti-Virus Apps Ransomware The Email Laundry Email Servers Cybersecurity *malware, Microsoft Access Full Stack Email I have read every thread on this board and tried the following solutions but have not been able to remove it. Information on A/V control HERE Proud member - Unified Network of Instructors and Trained Eliminators I do not accept personal donations for assistance provided.

What is HijackThis? Did updates, installed avast. I tried running Malwarebytes as some posts recommend but the software would not download on the infected computer. Cheers Mo Windows 7 64 bit, NIS2013 floplot Guru Norton Fighter25 Reg: 11-Apr-2009 Posts: 22,147 Solutions: 481 Kudos: 3,463 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 10:10PM • Permalink

I printed out the list of advice you recommended for tightening security and will be going through it later this afternoon. Click File > Run In the run box type regedit.exe /s C:\vundoh.reg Back in Advanced Process Manipulation. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu C:\Program Files\LimeWire\LimeWire.exe moved successfully.

Right click on winlogon.exe and select Resume This should reboot your computer automatically. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. So I started all over. Get More Info After completing the tasks that you recommended on HijackThis, I ran the log again -- attached is this file as well.

File delete failed. Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:08:44 AM Posted 09 October 2009 - 03:07 AM Due to the lack of feedback this Topic is closed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. Before I ran the tool, I made sure that the infected PC was not connected to the Internet, as per Symantec's instructions.

all is well with my auntys machine. http://www.geekstogo.com/forum/topic/221815-vundo-trojan-help-solved/ optoma - where did you learn combofix? 0 Featured Post Announcing the Most Valuable Experts of 2016 Promoted by Craig Kehler MVEs are more concerned with the satisfaction of those they Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton Yes No Thanks for your feedback.

Thanks! 0 LVL 22 Overall: Level 22 Anti-Virus Apps 15 Message Expert Comment by:optoma ID: 343298522010-12-12 Good stuff with the compressed air! 0 Message Author Comment by:jpfulton ID: 343298812010-12-12 More about the author Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Beware it is NOT supported for use in 9x or ME and probably will not install in those systemsUpgrading Java:Download the latest version of Java SE Runtime Environment (JRE) X Update Scroll down in the main window and find winlogon.exe Right click on winlogon.exe and select Suspend Leave Process Explorer open.

Malware is scanning on the infected machine now and has so far found 21 infected objects. Thanks for introducing me to HijackThis, etc. You can even use your credit card! check my blog Attached Files OTScanIt.Txt 112.62KB 122 downloads 0 #6 OldTimer Posted 28 December 2008 - 02:16 PM OldTimer Global Moderator Global Moderator 3,273 posts Hi sethico.

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. Thank you!

MrsTrump, Oct 12, 2005 #26 dvk01 Derek Moderator Malware Specialist Joined: Dec 14, 2002 Messages: 50,575 Start killbox paste the first file listed below into the full pathname and file to

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Please note that your topic was not intentionally overlooked. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. You will be prompted you are about to remove a BHO.

Scroll down the list in the second window and find C:\WINDOWS\system32\mljji.dll Right click on that entry and select Unload DLL You will have to click OK about six times In HijackThis When you go into the Malwarebytes Programs folder  what files are missing??  here is a screenshot from my PC to cross reference Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found. http://realink.org/solved-vundo/solved-vundo-of-course.html They are the types of people you feel privileged to call colleagues.

Before I did the scan, I updated the virus definitions and disabled System Restore as Symantec recommends here: http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=3 The scan discovered the Trojan Vundo but could not completely remove it. Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 4:59PM • Permalink After I ran Norton IS, the scan results We apply our Threat… The Email Laundry Security Phishing Anti-Virus Apps Anti-Spyware Advertise Here 806 members asked questions and received personalized solutions in the past 7 days. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.

Several functions may not work. Join our community for more solutions or to ask questions. Register now! Explorer started successfully < End of fix log > OTScanIt2 by OldTimer - Version fix logfile created on 12262008_124800 Files moved on Reboot...

Leave Advanced Process Manipulation open Go back to Process Explorer window. Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 9:48PM • Permalink OK, will let it finish scanning. Java cache emptied. Before I ran the tool, I made sure that the infected PC was not connected to the Internet, as per Symantec's instructions.

New log: Logfile of HijackThis v1.99.1 Scan saved at 4:10:35 PM, on 10/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 11:21AM • Permalink Hi The reason on the second Malwarebytes scan