Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo/adware Problem


  • Please log in to reply
7 replies to this topic

#1 thevicar

thevicar

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 May 2008 - 08:11 AM

Hi

I appear to have what I think is the vundo infection and was hoping that someone could help or point me in the right direction.

I have run mcafee, Malwarebytes' Anti-Malware, vundofix and superantispyware, these occasionally identify adware etc and delete it but it seems to reoccur. I haven't used any of the other tools I have noticed on your site combofix etc so would like some guidance on how to approach the problem.

Thanks in advance for your time and assistance.

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:30 AM

Posted 09 May 2008 - 10:34 AM

A lot of these infections keep coming back, identifying them and why they are reinfecting requires some research and logs to analyze.

That's why there is a Hijackthis forum staffed by trained experts

You might try downloading the ATF cleaner, updating SAS and MBAM, then physically disconnecting from the internet.

Run MBAM from normal mode, reboot into safe mode using the F8 and then running the ATF cleaner to kill all temp files and then run SAS.
Chewy

No. Try not. Do... or do not. There is no try.

#3 thevicar

thevicar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 May 2008 - 12:27 PM

Thanks Chewy

ran through your task list and found no problems/threats.
Rebooted and re-attached to the internet and ran SAS again and found 1 threat - Adware.Tracking Cookie. Do I need to create a log ad post it to one of the other forums?

Thanks

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:30 AM

Posted 09 May 2008 - 02:25 PM

cookies are pretty harmless

keep an eye on your computer and run a quick scan with MBAM after using it for a few days, if it find something coming back then post that log

especially if you start getting any bad popups

http://www.kaspersky.com/virusscanner

you could do a full scan with this and post a log, it might give us a clue to what went on
Chewy

No. Try not. Do... or do not. There is no try.

#5 thevicar

thevicar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 12 May 2008 - 07:01 AM

I have run for a few days and re-run the Malwarebytes program and it found some infected files, they refer to the Trojan.Vundo. The log is attached below;

any ideas on what to do next?

Thanks

Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Full Scan (C:\|)
Objects scanned: 131762
Time elapsed: 1 hour(s), 16 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0055400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0055401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0055403.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0055404.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0055499.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:30 AM

Posted 12 May 2008 - 07:29 AM

that new update for MBAM is now scanning system restore and showing old infections there

wait on boopme for further instructions

otherwise it's looking good
Chewy

No. Try not. Do... or do not. There is no try.

#7 thevicar

thevicar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 19 May 2008 - 04:39 AM

Thanks for your help.
Everything seems to be ok, other than SAS picking up the tracking cookie adware issue every now and again. But following your previous notes i shouldn't worry too much about that?

The only other problem is that when I try to go to some sites that require logon (eg Paypal, Mcafee) the page requiring uname/pwd can take 10 mins to load even though the internet connection is fine going to other pages?
This has never happened before. Any thoughts? Could this be a symptom of what I was infected with or have I changed some settings somewhere that is causing this?

Thanks

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:30 AM

Posted 19 May 2008 - 06:11 AM

http://www.atribune.org/index.php?option=c...5&Itemid=25

Be sure and run the atf cleaner

keep java updated

you might want to repair IE?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users