Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vindo Infection - Stubborn And Won't Stay Removed


  • This topic is locked This topic is locked
3 replies to this topic

#1 drider_dave

drider_dave

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 07 May 2008 - 08:50 PM

First off, thanks in advance for any help you can provide.

My wife's computer has caught a virus. It has SmitFraud and Virtumonde/Vundo. It was delivered as a fake video codec which installed VirusHeat onto the computer, along with both viruses (virii?). There was no anti-virus software loaded (my fault as I have the latest Symantec version on my machine... but overlooked hers.)

I installed WebRoot SpySweeper and it located and deleted both viruses, but they both came back after a reboot. Went through several safe-mode, on-startup scans with no better results. I could see the random-named processes in both the Sys32 directory as well as in CurrentVersion/Run in the registry. Ending those proccess does stop the popups for that session, but deleting the reg entries and files had no lasting effect.

I found and ran SmitFraudFix, VundoFix, VirtumundoBeGone.exe, in normal and safe mode, and none were able to succecfully clean this bug out.

I ran Kaspersky and DSS and generated the logs you'll need. NOTE: DSS wouldn't download Hijack on its own so I grabbed the latest version from Trend's website. DSS did not generate the extras.txt file however.



Thanks again for any help you give.
Dave

Attached Files


Edited by KoanYorel, 08 May 2008 - 04:43 AM.
to clear away personal links


BC AdBot (Login to Remove)

 


#2 drider_dave

drider_dave
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 10 May 2008 - 01:27 PM

Just a bump to push this back to the active stack. Tried the available fixes out there with no success. I see a LOT of "Can't remove Vundo" posts on here. Damn vundo...

Thanks for any hep you can offer!

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:48 AM

Posted 10 May 2008 - 11:27 PM

Hello drider_dave,

Just a bump to push this back to the active stack.


It is not a good idea to "Bump" your post, as it will only delay
help for your log.


When selecting logs we generally use two criteria to
look for unanswered logs.

1. We started from the oldest to the most recent. That means if you
keep bumping, your log is at the top of the list, and since we do not work
from the top, it will be looked at last!!

2. We look for first for posts with no replies. A bump is a reply so
you get pushed further down the response ladder.



Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world!

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

After you run the antivirus program, post the log it produces and a fresh hijackthis log.

Edited by SifuMike, 10 May 2008 - 11:35 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:48 AM

Posted 20 May 2008 - 09:15 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users