Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojanvundo


  • Please log in to reply
5 replies to this topic

#1 Abbie_S

Abbie_S

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW England
  • Local time:06:21 PM

Posted 19 July 2007 - 07:22 AM

I have downloaded the virus removal tool vundofix.exe and ran the program which found the files in the system 32 folder. I then followed the instructions for removing the virus and it said it was unable to remove one of them.. it then said reboot the pc so i clicked yes. So once the computer had restarted the instructions said next to run the removal tool again if the virus was still infecting your computer. However! when the pc was back on the tool was no longer there. Does anyone know why this has happened? and what i can do next to get rid of this trojan once and for all.

PLEASE HELP! :thumbsup:

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:21 AM

Posted 19 July 2007 - 07:04 PM

Are you saying that 'Vundofix' had disappeared from your pc?
Have you done a search for it?

BBPP6nz.png


#3 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:21 PM

Posted 19 July 2007 - 09:30 PM

Superantispyware is very effective at removing a lot of vundo infections, try this: Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#4 Abbie_S

Abbie_S
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW England
  • Local time:06:21 PM

Posted 21 July 2007 - 07:32 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2007 at 01:25 PM

Application Version : 3.9.1008

Core Rules Database Version : 3272
Trace Rules Database Version: 1283

Scan type : Complete Scan
Total Scan Time : 00:15:40

Memory items scanned : 592
Memory threats detected : 0
Registry items scanned : 6805
Registry threats detected : 23
File items scanned : 13191
File threats detected : 94

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@drivecleaner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@247realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ad1.emediate[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@admarketplace[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adopt.euroclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adopt.hbmediapro[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adrevolver[4].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.monster[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.planetactive[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.realcastmedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.realtechnetwork[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adserver.cheatplanet[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adtech[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@anad.tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@as-eu.falkag[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@as-us.falkag[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@as1.falkag[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ath.belnk[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@belnk[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@bluestreak[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@casalemedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@counter.hitslink[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@dealtime.co[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@dist.belnk[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@e-2dj6wfkoknaziaq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@e-2dj6wjloqgajcep.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@e-2dj6wjmiuhdjweo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@edge.ru4[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@etype.adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@fastclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@keywordmax[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@linksynergy[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@maxserving[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@overture[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@partner2profit[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@qksrv[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@reduxads.valuead[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@revenue[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@starware[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@targetnet[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tracking[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tradedoubler[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@trafficmp[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tribalfusion[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tripod.lycos[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tripod[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@valueclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@www.adtrak[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@www.burstbeacon[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@www.burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@www.dgm2[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@www.screensavers[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@xml.bravenetmedianetwork[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@z1.adserver[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@zedo[1].txt

Adware.180solutions/ZangoSearch
C:\Program Files\Zango\zangoau.dat
C:\Program Files\Zango\zango_gdf.dat
C:\Program Files\Zango\zango_hpk.dat
C:\Program Files\Zango\zango_kyf.dat
C:\Program Files\Zango
HKCR\ClientAX.ClientInstaller.1
HKCR\ClientAX.ClientInstaller.1\CLSID
HKCR\ClientAX.RequiredComponent
HKCR\ClientAX.RequiredComponent\CLSID
HKCR\ClientAX.RequiredComponent\CurVer
HKCR\ClientAX.RequiredComponent.1
HKCR\ClientAX.RequiredComponent.1\CLSID

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-3086904545-2091821898-2794208661-1006\Software\IST

Adware.180solutions/Search Assistant
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version

#5 Abbie_S

Abbie_S
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW England
  • Local time:06:21 PM

Posted 21 July 2007 - 07:37 AM

Shall i run that program again to see if all the threats have gone?

Another problem i am having which after running that program above i dont think i should have is that when you run a 'quickclean' with McAfee it wont work when it starts scanning the temporary internet files and says its encountered a problem with the MISP shell? Any ideas on why it says that? :S

#6 buddy215

buddy215

  • BC Advisor
  • 12,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 21 July 2007 - 08:26 AM

You may find the discussion in the link below helpful concerning the McAfee problem.
http://forums.mcafeehelp.com/viewtopic.php...d80ccdf46a2c464

You should attempt to find the Vundofix program on your computer.

I don't know if you ran the Super Antispyware in safe mode or not. If you didn't I suggest you do that.

You should also post a Hijack This log in the Hijack This forum. DO NOT post the log in this forum.

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users