Home > Solved Vundo > Solved: Vundo - Of Course

Solved: Vundo - Of Course

Next: Now please run the installer for AVG 8.5: Install >> Activate your Internet connection >> Check for any new updates >> Carry Out a Complete Scan. Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 111184]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-23 20560]S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys []S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys []S4 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9886c6c6-1965-11dd-9d4e-0016d41cfc0c}]\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe.Contents of the 'Scheduled Tasks' folder2008-12-24 c:\windows\Tasks\ifowopbu.job- c:\windows\system32\rundll32.exe scan: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/23/2008 at 01:20 AM Application Version : 4.15.1000 Core Rules Database Version : 3512 Trace Rules Database Version: 1503 Scan type : Quick Scan Total Plus I couldn't find any info related to that particular .AGCI thing. http://realink.org/solved-vundo/solved-vundo-help-hjt-log-help.html

I have some questions though, I downloaded procmon to check out what processes where running on my computer, and I noticed that lsass.exe was running periodically. In a situation like this terminating the threats can cause them to respawn. Trusted: No Trojan: No Chronic: No Adware: Yes Carrier: No Browser Hijacker: No Dialer: No Commercial Keylogger: No Remote Administration Tool: No Suspected: No Company Name: Virtumundo, Inc. Register now to gain access to all of our features, it's FREE and only takes one minute. Homepage

First of all, this solution would be complicated for anybody who is not comfortable working with specifics, but, here is how I did it. If asked to restart the computer, please do so and allow MBAM to finish.3. Then you CLEARLY know that NO PROCESSES would be running that would need to be terminated! Thanks for the quick reply.

At restart I got into the rebooting loop and had to start it with the last known configuration. I ran a full system scan with the Avira CD and it found some trojans. In safe mode, I opened ZAISS 7, and under the "Program Control" tab on the left, I went to the "Programs" sub-tab on the right, and for every instance of SD4 So now I don't know what to do, since even though this variant of Vundo has been detected by other anti-spyware programs they have not been successful in removing it.

Double click combofix.exe and follow the prompts. Edited by Rhythme, 18 May 2009 - 09:22 PM. Should you have any questions, please feel free to ask. Sign In Sign Up Browse Back Browse Forums Online Users Activity Back Activity All Activity Search News Featured Latest The Dark Web Has Shrunk by 85% Multiple Unpatched Vulnerabilities Discovered in

This website is pretty informative.Merry Christmas to all... 0 Advertisements #2 Transience Posted 24 December 2008 - 09:49 AM Transience Unofficial Music Guru Retired Staff 2,448 posts Hi mhyles30 and welcome You sure do seem to be getting a lot of Vundo threads today! Mammuthus Hibernian Scouserus, member of ASAP and UNITE. Back to top #2 Dakeyras Dakeyras Anti-Malware Mammoth Trusted Malware Techs 1,109 posts Gender:Male Location:The Tundra Posted 17 May 2009 - 11:28 AM Please note that all instructions given are customised

Or do these registry keys cause all the problem and also need to be removed prior to me rebooting the machine from safe mode to normal mode? have a peek at this web-site PM me if you need the original winlogon.exe file. Select "last known good configuration", press F8 on startup. 2. Search the forums for related topics from other members: To search the forums, simply click on the Search link found in the Member bar at the top of every page on

Absence of symptoms does not mean that everything is clear. More about the author I have run vundofix but it didn't find the infections. And one more thing.....when does windows reboot? With over 700,000 registered members asking and answering questions, BleepingComputer.com has become a vibrant and lively community of like-minded people.

All components of each program work. I would never have guessed which 4 of the O15: browser hijacks were good and which 4 were bad - they all look like sites that a virus checker would save Record Number: 2707 Source Name: Cdrom Time Written: 20080201145949.000000-300 Event Type: warning User: Computer Name: REIJI-MAIGO Event Code: 51 Message: An error was detected on device \Device\CdRom0 during a paging operation. check my blog Please continue to review my answers until I tell you your machine is clear.

Learn how to get started asking questions and helping others in the forums with the simple instructions below: Create a free account: Before you can use the forums it is If yes, then winlogon.exe file had been replaced by a malicious file. Sign in here.

I actually see a blue screen for 1 second before it reboots again..

Record Number: 2705 Source Name: Cdrom Time Written: 20080201145949.000000-300 Event Type: warning User: =====Application event log===== Computer Name: REIJI-MAIGO Event Code: 1011 Message: Your Windows product has not been activated with What are you waiting for? Judging from the hijacks, is that what Vundo is - an Adware for "anti-virus" software that removes the problem that they inflicted on the world? What this means is that any support and advice you receive from this site is completely free.

Run a FULL SYSTEM SCAN using SAS in safe mode. 2. Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! This isn't a public computer and I don't have any bank account info stored on here and such, but at the same time it's a security hole that I don't think news If the virus has been around for longer than just 2 days ago, that would put my 2 week dead SATA hard drive in a state of suspicion as well, and

The IT dept wants "solve" the problem with a "Format C:". Yes please try the tool without any security applications running. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

Be assured, any links I give are safe.Before we begin, let's move HiJackThis to it's own folder; like C:\HJT for example.