Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj Vundo.bmf


  • Please log in to reply
9 replies to this topic

#1 L4x4t0r

L4x4t0r

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 May 2008 - 09:36 AM

Hello, to prevent you from my english, just be aware that I am french ^^ !
I just have a problem on the family computer ... My sister and my brother are not very aware of danger on the net and the computer got virus but one virus remained and I didn'nt found a good method to delete it ...
The virus name is "troj vundo.bmf"
And actually the only file infected is yayxWomk.dll in system32 folder !
So thank you for your future answers !
(I normally won't have problem to understand your answer even if my writing isn't very good ^^) !

EDIT: I didn't tell you what I am on Windows SP2 !
If you need some informations more just ask ^^ !

Edited by L4x4t0r, 10 May 2008 - 09:37 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:42 PM

Posted 10 May 2008 - 11:03 AM

http://www.kaspersky.com/virusscanner

do a full scan and post the log, if you have trouble with the english versions of these pages then there is a french forum we could refer you to

this infection will probably require expert assistance and with intricate instructions

bonne chance

bienvienue au bleeping computer

Edited by DaChew, 10 May 2008 - 11:07 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 L4x4t0r

L4x4t0r
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 May 2008 - 11:48 AM

Ok thanks ! I will do it !

#4 L4x4t0r

L4x4t0r
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 May 2008 - 10:59 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 11, 2008 5:58:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/05/2008
Kaspersky Anti-Virus database records: 756163
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 71079
Number of viruses found: 13
Number of infected objects: 38
Number of suspicious objects: 0
Duration of the scan process: 02:20:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Béatrice\Application Data\Apple Computer\Safari\PubSub\Database\Database.sqlite3 Object is locked skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab/setup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpy skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpy skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpy skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar RAR: infected - 3 skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab/setup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpy skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpy skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpy skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar RAR: infected - 3 skipped
C:\Documents and Settings\Béatrice\Bureau\Valentin\roguemt1shahraz.wmv.download Object is locked skipped
C:\Documents and Settings\Béatrice\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Application Data\Apple Computer\Safari\Cache.db Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Application Data\Apple Computer\Safari\WebpageIcons.db Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Temp\ltckclbx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Béatrice\Local Settings\Temp\nroldcca.dll Infected: Trojan.Win32.Monder.an skipped
C:\Documents and Settings\Béatrice\Local Settings\Temp\ogbqowlu.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Béatrice\Local Settings\Temp\suhdmjjw.dll Infected: Trojan.Win32.Monder.an skipped
C:\Documents and Settings\Béatrice\Local Settings\Temp\~DF9615.tmp Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Béatrice\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Béatrice\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Béatrice\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\MalwareAlarm\MalwareAlarm.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.aa skipped
C:\Program Files\MalwareAlarm\MalwareAlarm0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped
C:\Program Files\MalwareAlarm\MalwareAlarm3.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\Program Files\MalwareAlarm\pv.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001854.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001855.dll Infected: Trojan.Win32.Monder.an skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001856.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoi skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001857.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001858.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001859.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrg skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001860.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001863.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001864.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001865.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001866.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0003272.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoi skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0003273.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\A0003571.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\A0003572.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\A0003573.dll Infected: Trojan.Win32.Monder.db skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\A0003574.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\A0003575.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\A0003576.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\honpbboq.dll Infected: Trojan.Win32.Monder.de skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\pkafrlrh.dll Infected: Trojan.Win32.Monder.df skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\yayxWomK.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:42 PM

Posted 11 May 2008 - 11:05 AM

===== Locked Objects =====

Number of items = 65

C:\Documents and Settings\Béatrice\Application Data\Apple Computer\Safari\PubSub\Database\Database.sqlite3
C:\Documents and Settings\Béatrice\Bureau\Valentin\roguemt1shahraz.wmv.download
C:\Documents and Settings\Béatrice\Local Settings\Application Data\Apple Computer\Safari\Cache.db
C:\Documents and Settings\Béatrice\Local Settings\Application Data\Apple Computer\Safari\WebpageIcons.db
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int
C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\_restore{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP6\change.log
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log

===== Infected Objects =====

"C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar"
"C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar"
"C:\Documents and Settings\Béatrice\Local Settings\Temp\ltckclbx.dll"
"C:\Documents and Settings\Béatrice\Local Settings\Temp\nroldcca.dll"
"C:\Documents and Settings\Béatrice\Local Settings\Temp\ogbqowlu.dll"
"C:\Documents and Settings\Béatrice\Local Settings\Temp\suhdmjjw.dll"
"C:\Program Files\MalwareAlarm\MalwareAlarm.exe"
"C:\Program Files\MalwareAlarm\MalwareAlarm0.dll"
"C:\Program Files\MalwareAlarm\MalwareAlarm3.dll"
"C:\Program Files\MalwareAlarm\pv.exe"
"C:\WINDOWS\system32\honpbboq.dll"
"C:\WINDOWS\system32\pkafrlrh.dll"
"C:\WINDOWS\system32\yayxWomK.dll"

===== Details =====

Number of items = 38
Number of viruses found: 13
Number of infected objects: 38
Number of suspicious objects: 0

C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab/setup.exe --> Win32.Virtumonde.qpy
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab --> Win32.Virtumonde.qpy
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe --> Win32.Virtumonde.qpy
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab/setup.exe --> Win32.Virtumonde.qpy
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe/data0000.cab --> Win32.Virtumonde.qpy
C:\Documents and Settings\Béatrice\Bureau\Valentin\quake III arena(1.32)\Fraps\Fraps_2.9.4.rar/fraps_2.9.4.exe --> Win32.Virtumonde.qpy
C:\Documents and Settings\Béatrice\Local Settings\Temp\ltckclbx.dll --> Trojan.Win32.Monder.gen
C:\Documents and Settings\Béatrice\Local Settings\Temp\nroldcca.dll --> Trojan.Win32.Monder.an
C:\Documents and Settings\Béatrice\Local Settings\Temp\ogbqowlu.dll --> Trojan.Win32.Monder.gen
C:\Documents and Settings\Béatrice\Local Settings\Temp\suhdmjjw.dll --> Trojan.Win32.Monder.an
C:\Program Files\MalwareAlarm\MalwareAlarm.exe --> FraudTool.Win32.SpySheriff.aa
C:\Program Files\MalwareAlarm\MalwareAlarm0.dll --> FraudTool.Win32.BraveSentry.f
C:\Program Files\MalwareAlarm\MalwareAlarm3.dll --> FraudTool.Win32.BraveSentry.b
C:\Program Files\MalwareAlarm\pv.exe --> FraudTool.Win32.DrAntispy.bp
C:\WINDOWS\system32\honpbboq.dll --> Trojan.Win32.Monder.de
C:\WINDOWS\system32\pkafrlrh.dll --> Trojan.Win32.Monder.df
C:\WINDOWS\system32\yayxWomK.dll --> Trojan.Win32.Monder.gen

===== System Restore's cache: =====

Number of items = 19
Trojan.Win32.Monder.an
Trojan.Win32.Monder.db
Trojan.Win32.Monder.gen
Win32.Virtumonde.qoi
Win32.Virtumonde.qrg
Win32.Virtumonde.qrt
Chewy

No. Try not. Do... or do not. There is no try.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:42 PM

Posted 11 May 2008 - 11:13 AM

http://www.bleepingcomputer.com/forums/ind...st&p=821785

please run these programs exactly as directed

don't allow anyone to reinfect the computer by reinstalling any of those downloaded(P2P) programs


Kasp has marked the downloads that are still on your computer
Chewy

No. Try not. Do... or do not. There is no try.

#7 L4x4t0r

L4x4t0r
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 May 2008 - 07:30 AM

So I do it and this is the logs !

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 742

Type de recherche: Examen rapide
Eléments examinés: 32826
Temps écoulé: 7 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\hpbtfdyu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayxWomK.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2dc05b19-27ff-4582-9d81-753ab4d666d5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2dc05b19-27ff-4582-9d81-753ab4d666d5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1466e8d2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1755db4e (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxwomk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxwomk -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\hpbtfdyu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uydftbph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pkafrlrh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hrlrfakp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxWomK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KmoWxyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KmoWxyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\setup.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm3.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\pv.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\foplnahy.dll (Trojan.Agent) -> Delete on reboot.


And the other report :


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2008 at 01:57 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 01:01:05

Memory items scanned : 367
Memory threats detected : 0
Registry items scanned : 4449
Registry threats detected : 0
File items scanned : 62709
File threats detected : 3

Adware.Vundo-Variant/H
C:\SYSTEM VOLUME INFORMATION\_RESTORE{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0001856.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{01EA47AA-4BFC-407F-B19C-1E68611BFAFA}\RP4\A0003272.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP

#8 L4x4t0r

L4x4t0r
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 May 2008 - 07:39 AM

I reboot my computer too each time it was demand !
I create a new restoration point and I delete the older !
So if I understand now the computer is clean .... I will use an antivirus to check if all is allright and uninstall Limewire ...

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:42 PM

Posted 12 May 2008 - 07:48 AM

Do not assume the computer is clean, many infections have deeply hidden parts or have infected a normal program and can reload, you have to watch your computer and rerun some scans and see if anything comes back.

Things are not always easy to kill

Use the computer and make sure all symptoms are gone then rescan and post back if anything shows

Edited by DaChew, 12 May 2008 - 07:49 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#10 L4x4t0r

L4x4t0r
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 May 2008 - 08:16 AM

Ok ! I am rescanning actually to be sure everything is good !
I have clean all useless software and the computer works like he was new ^^ !
I have delete emule and limewire ...
Thanks for your good and fast help ^^ !




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users