Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware/spyware/virus? Oh No!


  • Please log in to reply
7 replies to this topic

#1 frstmate72

frstmate72

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 06 December 2007 - 09:46 PM

I've been dealing with some type of infection for a few weeks now. When I run my McAfee scan it runs smoothly until it hits about 35000 files that it has scanned and then every file after that it detects and names a detection. I've tried to let it run completely as it says it is either "quarantining" or "deleting" the files, but it would take days to let it run through every single file and complete the scan. The items that it is detecting are: Downloader-BEA (Trojan), Vundo (Trojan), Vundo.dr (Trojan), Generic.dx, and Generic Downloader.k. It started out with just the "Vundo" items which I thought I had gotten rid of. I had read another post on here an followed the directions by downloading and running the "VundoFix" program. It detected some infected files but apparently did not remove everything. Now there are even more files infected and even more types of infections that I don't recognize.

It doesn't seem to be affecting my computer too much. The only problem I'm having is with my disk drive. I can't seem to download new drivers (i.e. my printer/scanner and my external CD/DVD burner) and when I try to save anything to disk, it doesn't recognize that there is a empty disk in the drive. I don't know if this is related to the infection or not. I have considered redoing my whole computer, but I have many pictures and files that I need to save to CD before I can reconstruct my whole system.

Can anyone help me or advise me what I need to do at this point? If I need to reformat my whole computer, I'll do it, but I really need to save these files first. Any suggestions or help that anyone may be able to offer would be greatly appreciated!

Thank you!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:08 PM

Posted 07 December 2007 - 05:47 AM

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. http://www.ccleaner.com/
During install you will be offered the Yahoo Toolbar. UNcheck if not wanted.

Download and Install Super Antispyware free. Reboot and Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Remove the Vundofix tool you now have and download again.
http://vundofix.atribune.org/

Post back with results of scans and for further instructions.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 07 December 2007 - 06:18 PM

I have run other scans besides McAfee before. The scans that I've run include AdWare2007, PCPitstop Extermniate, RegCure 1.5.0.0 and XoftSypSE.

I followed your instructions and ran the Ccleaner, scanned with the Super AntiSpyware Free (in safe mode) and removed, reinstalled and scanned with the VundoFix.

The results of the Super AntiSpyware Free are as follows:
Threat Detection/Detected Items
Adware.Vundo Variant (6)
Adware.Vundo-Variant/Small-A (12)
Trojan.Downloader-Gen/DDC (5)
Adware.Tracking Cookie (19)
Adware.Vundo-Variant/Small (4)
Unclassified Unknown Origin/System (2)
Adware.VundoVariant/Rel (3)

I allowed it to quarantine all of these items. After that was complete, I ran the VundoFix and no items were detected.

Is there anything else I should do at this point? I have the feeling my problem is not completely solved. Please advise.

Thank you for your help!

Edited by frstmate72, 07 December 2007 - 06:23 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:08 PM

Posted 07 December 2007 - 06:28 PM

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
If you are unable to perform any of the steps, skip and move on to the next. The important thing is to get the
log posted.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 07 December 2007 - 06:49 PM

Can you please tell me how to perform the Hijack This? I'm not familiar with it.

Thanks.

#6 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:08 PM

Posted 07 December 2007 - 07:06 PM

Click on the link I provided in my last post. Scroll down to #9 and it gives step by step instructions for installing and
running HJT.
After you have run the scan and copied the log it produces, post it in the Hijack This Forum. DO NOT post in this forum.
Post in the forum in the link below.
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 07 December 2007 - 07:24 PM

Done!

#8 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:08 PM

Posted 07 December 2007 - 08:18 PM

frstmate72's log is posted in the link below.
http://www.bleepingcomputer.com/forums/ind...mp;#entry680408

If the Hijack This Team has NOT replied in 5 days after you posted your log, see info in link below.
http://www.bleepingcomputer.com/forums/topic14717.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users