Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I Have A Trojan.vundo


  • Please log in to reply
6 replies to this topic

#1 Zacaroni

Zacaroni

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Huron
  • Local time:10:36 PM

Posted 07 July 2008 - 06:03 PM

Please forgive me if i dont make sense, Ill try to be as detailed as i can.

Last winter i had a ton of trojan.vundo's on my computer. Random sites would aways pop up at random times in Internet explore and sometimes firefox. I was never able to get rid of it, i tryed different tools (VundoFix, FixVundo, VirtumundoBeGone, ect) one day i turned on my computer and everything was crazy and really slow stuff was messing up, so i just used the system recovery disk and restored everything. But it left somekind of back up folder, and antivir keeps detecting different stuff from it. And for the first time since i restored i got a pop up today.

i donno whats wrong should i post a hijack log?

Hopfuly someone can help me, that would be great!

God bless
-zach

Posted Image


Myspace .:. 8BC .:. 2A03


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 07 July 2008 - 10:20 PM

Run a full system scan with SuperAntiSpyware in Safe Mode.

How to start Windows in Safe Mode
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Zacaroni

Zacaroni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Huron
  • Local time:10:36 PM

Posted 08 July 2008 - 01:14 PM

Run a full system scan with SuperAntiSpyware in Safe Mode.

How to start Windows in Safe Mode



Ok i ran it in safemode. it found some trojan.vundo's and removed them, my pc is running way faster. thanks man.

but im still geting stuff like this

Posted Image

Posted Image


Myspace .:. 8BC .:. 2A03


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 08 July 2008 - 04:13 PM

Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode and post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Zacaroni

Zacaroni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Huron
  • Local time:10:36 PM

Posted 10 July 2008 - 11:59 AM

Malwarebytes' Anti-Malware 1.20

Database version: 933

Windows 5.1.2600 Service Pack 2



5:49:56 AM 7/10/2008

mbam-log-7-10-2008 (05-49-53).txt



Scan type: Full Scan (C:\|)

Objects scanned: 337729

Time elapsed: 1 hour(s), 20 minute(s), 43 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 15



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fl studio 8 (Rogue.Installer) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediacoder (Rogue.Installer) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.



Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8ddb26c9-2b90-485b-a2b6-cdf92cf4ab61} (Trojan.Vundo) -> No action taken.



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

C:\WINDOWS\system32\neswpyjp.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\pjypwsen.ini (Trojan.Vundo) -> No action taken.

C:\My Backup -- 08-02-12 0813PM\Program Files\Folder Lock\folder lock v5.7.5.exe (Spyware.OnlineGames) -> No action taken.

C:\Program Files\Image-Line\FL Studio 8\Uninstall.exe (Rogue.Installer) -> No action taken.

C:\Program Files\MediaCoder\uninst.exe (Rogue.Installer) -> No action taken.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP159\A0100268.exe (Trojan.Zlob) -> No action taken.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP179\A0115250.exe (Rogue.Installer) -> No action taken.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP179\A0115285.exe (Rogue.Installer) -> No action taken.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP180\A0116186.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP180\A0116187.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP180\A0116240.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP182\A0118186.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\mlJYrrqp.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\opnlIcYo.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\rqRHyxxX.dll.vir (Trojan.Vundo) -> No action taken.

Posted Image


Myspace .:. 8BC .:. 2A03


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 10 July 2008 - 05:00 PM

Your log shows "No action taken" for the malware items identified. At the end of the scan you need to select the items found and click Remove Selected.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:36 PM

Posted 10 July 2008 - 06:37 PM

After performing a new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users