Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think My Rig Is Sick!


  • Please log in to reply
5 replies to this topic

#1 pitbullonyourheelz

pitbullonyourheelz

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 23 May 2008 - 07:51 AM

Basically I run avast about every week. For the last 5 days or so the (Win32@Vundo.dll) has been recognized. I run Vista Home Premium SP1. Ran Vundo Fix and somehow it's disappeared. Funny thing is that the Vundo Fix program did not even pick it up, so I wasn't able to click on remove vundo. Ran a scan this morning and it is NOT coming up. I didn't do anything to remove it. I think it's stealthy and playing hide and seek with me,lol. Anyhoo, I also have Startpage ZI & FishDown G viruses when I run Yahoo anti spy. It doesn't seem to be adversely affecting my performance, but I just want them GONE. I delete them and they keep coming back. This is a brand new rig and I'd love to keep it bug free. I also use spybot s&d. :thumbsup:
Posted Image

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:00 PM

Posted 23 May 2008 - 08:08 AM

disable teatimer even if the infection(s) are active

run this scanner(MBAM) and post a log

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062
Chewy

No. Try not. Do... or do not. There is no try.

#3 pitbullonyourheelz

pitbullonyourheelz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 23 May 2008 - 08:55 AM

Thanks DaChew, I'll do that now
Posted Image

#4 pitbullonyourheelz

pitbullonyourheelz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 23 May 2008 - 09:17 AM

Malwarebytes' Anti-Malware 1.12
Database version: 781

Scan type: Quick Scan
Objects scanned: 31022
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdater (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WebSUpdater (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\polX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\GUI2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\binR (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\3036a (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Chris\AppData\Local\Temp\awttrQiF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\byXOhFvU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\cbXRLBuV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\ddCsroMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\rQhebCTN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp0000f131 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp000101d4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp000102ae (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp000102be (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp000107fb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp00010d68 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp00010db6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp00010e52 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp00011ac0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp000132a3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\tmp00014d54 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\xxyyaBRl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\yayvSkkK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chris\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\polX\roEbdll2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\GUI2\FI-dt4x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I hope this did the trick? :thumbsup:
Posted Image

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:00 PM

Posted 23 May 2008 - 10:19 AM

We get a lot of callbacks with vundo

would you please run the first 2, ATF cleaner (right click/run as admin) and SAS, just do the quick scan with SAS

http://www.bleepingcomputer.com/forums/ind...mp;#entry827440

maybe it's all gone

Edited by DaChew, 23 May 2008 - 10:20 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 pitbullonyourheelz

pitbullonyourheelz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 23 May 2008 - 05:09 PM

It's history! What kind of beer do you drink DaChew, I'll buy you a case. Thank you very much.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users