Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Vundo, Help Please?


  • Please log in to reply
1 reply to this topic

#1 GANGSTA

GANGSTA

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 04 December 2007 - 10:27 PM

hi guyzz,

recently some how i got vundo.ddc in my system. I have formated my C drive, used kaspersky, spybot, trojanhunter and vundofix but none of them has been able to remove it from the system. Spybot and trojen hunter after detecting it schedules it to delete the file on the reboot but it never works and after some the trojen is still there.

Please some one help me with this, everytime i'm connected with the internet that vundo is downloading new kinds of spywares with it and i cant do anything about it.

here is the hijackthis log:

[codebox]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:05 AM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Special Softwares\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Special Softwares\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Drivers\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Special Softwares\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Net Softwares\Mozilla Firefox\firefox.exe
C:\Program Files\Special Softwares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Special Softwares\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Drivers\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [98b4d72d] rundll32.exe "C:\WINDOWS\system32\shyacflj.dll",b
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Special Softwares\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\SPECIA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Special Softwares\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\SPECIA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPECIA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPECIA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{38E53A87-4A2C-461A-8B2C-696E894AA77B}: NameServer = 202.163.96.3 202.163.96.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{38E53A87-4A2C-461A-8B2C-696E894AA77B}: NameServer = 202.163.96.3 202.163.96.4
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Special Softwares\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 3333 bytes
[/codebox]

Attached Files



BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 AM

Posted 14 December 2007 - 04:52 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users