Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Virus


  • Please log in to reply
1 reply to this topic

#1 robertybob

robertybob

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 07 July 2008 - 06:46 PM

I'm infected with the virtumonde virus. I've tried the two generally recommended programs to deal with it (vundofix and virtumundobegone) but to no avail. I'm a real amateur in these matters. Can you help me please.
Here's what VBG log says:




[07/07/2008, 23:44:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bob\Desktop\VirtumundoBeGone.exe" )
[07/07/2008, 23:44:49] - Detected System Information:
[07/07/2008, 23:44:49] - Windows Version: 5.1.2600, Service Pack 2
[07/07/2008, 23:44:49] - Current Username: Bob (Admin)
[07/07/2008, 23:44:49] - Windows is in SAFE mode with Networking.
[07/07/2008, 23:44:49] - Searching for Browser Helper Objects:
[07/07/2008, 23:44:49] - BHO 1: {06D3D88A-1406-4024-9D21-26EED59A20BC} ()
[07/07/2008, 23:44:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:49] - Checking for HKLM\...\Winlogon\Notify\efcYPjIy
[07/07/2008, 23:44:49] - Key not found: HKLM\...\Winlogon\Notify\efcYPjIy, continuing.
[07/07/2008, 23:44:49] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/07/2008, 23:44:49] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/07/2008, 23:44:49] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/07/2008, 23:44:49] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/07/2008, 23:44:49] - BHO 6: {C5F8EC28-8F68-4397-B050-0F644DFD0789} ()
[07/07/2008, 23:44:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:49] - Checking for HKLM\...\Winlogon\Notify\jkkJbcDU
[07/07/2008, 23:44:49] - Key not found: HKLM\...\Winlogon\Notify\jkkJbcDU, continuing.
[07/07/2008, 23:44:49] - BHO 7: {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} ()
[07/07/2008, 23:44:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:49] - Checking for HKLM\...\Winlogon\Notify\byXnOhee
[07/07/2008, 23:44:49] - Found: HKLM\...\Winlogon\Notify\byXnOhee - This is probably Virtumundo.
[07/07/2008, 23:44:49] - Assigning {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} MSEvents Object
[07/07/2008, 23:44:49] - BHO list has been changed! Starting over...
[07/07/2008, 23:44:49] - BHO 1: {06D3D88A-1406-4024-9D21-26EED59A20BC} ()
[07/07/2008, 23:44:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:50] - Checking for HKLM\...\Winlogon\Notify\efcYPjIy
[07/07/2008, 23:44:50] - Key not found: HKLM\...\Winlogon\Notify\efcYPjIy, continuing.
[07/07/2008, 23:44:50] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/07/2008, 23:44:50] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/07/2008, 23:44:50] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/07/2008, 23:44:50] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/07/2008, 23:44:50] - BHO 6: {C5F8EC28-8F68-4397-B050-0F644DFD0789} ()
[07/07/2008, 23:44:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:50] - Checking for HKLM\...\Winlogon\Notify\jkkJbcDU
[07/07/2008, 23:44:50] - Key not found: HKLM\...\Winlogon\Notify\jkkJbcDU, continuing.
[07/07/2008, 23:44:50] - BHO 7: {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} (MSEvents Object)
[07/07/2008, 23:44:50] - ALERT: Found MSEvents Object!
[07/07/2008, 23:44:50] - BHO 8: {E6CCF330-8F00-47DC-A3FA-5CF2A7D49A48} ()
[07/07/2008, 23:44:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:50] - Checking for HKLM\...\Winlogon\Notify\urqRJcDs
[07/07/2008, 23:44:50] - Key not found: HKLM\...\Winlogon\Notify\urqRJcDs, continuing.
[07/07/2008, 23:44:50] - BHO 9: {e7eccff8-02b8-49be-9900-47f6bfebb21f} ()
[07/07/2008, 23:44:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:50] - Checking for HKLM\...\Winlogon\Notify\oyxojy
[07/07/2008, 23:44:50] - Key not found: HKLM\...\Winlogon\Notify\oyxojy, continuing.
[07/07/2008, 23:44:50] - Finished Searching Browser Helper Objects
[07/07/2008, 23:44:50] - *** Detected MSEvents Object
[07/07/2008, 23:44:50] - Trying to remove MSEvents Object...
[07/07/2008, 23:44:51] - Terminating Process: IEXPLORE.EXE
[07/07/2008, 23:44:51] - Terminating Process: RUNDLL32.EXE
[07/07/2008, 23:44:51] - Disabling Automatic Shell Restart
[07/07/2008, 23:44:51] - Terminating Process: EXPLORER.EXE
[07/07/2008, 23:44:52] - Suspending the NT Session Manager System Service
[07/07/2008, 23:44:52] - Terminating Windows NT Logon/Logoff Manager
[07/07/2008, 23:44:52] - Re-enabling Automatic Shell Restart
[07/07/2008, 23:44:52] - File to disable: C:\WINDOWS\system32\byXnOhee.dll
[07/07/2008, 23:44:52] - Renaming C:\WINDOWS\system32\byXnOhee.dll -> C:\WINDOWS\system32\byXnOhee.dll.vir
[07/07/2008, 23:44:52] - File successfully renamed!
[07/07/2008, 23:44:52] - Removing HKLM\...\Browser Helper Objects\{C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF}
[07/07/2008, 23:44:52] - Removing HKCR\CLSID\{C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF}
[07/07/2008, 23:44:52] - Adding Kill Bit for ActiveX for GUID: {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF}
[07/07/2008, 23:44:52] - Deleting ATLEvents/MSEvents Registry entries
[07/07/2008, 23:44:52] - Removing HKLM\...\Winlogon\Notify\byXnOhee
[07/07/2008, 23:44:52] - Searching for Browser Helper Objects:
[07/07/2008, 23:44:52] - BHO 1: {06D3D88A-1406-4024-9D21-26EED59A20BC} ()
[07/07/2008, 23:44:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:52] - Checking for HKLM\...\Winlogon\Notify\efcYPjIy
[07/07/2008, 23:44:52] - Key not found: HKLM\...\Winlogon\Notify\efcYPjIy, continuing.
[07/07/2008, 23:44:52] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/07/2008, 23:44:52] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/07/2008, 23:44:52] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/07/2008, 23:44:52] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/07/2008, 23:44:52] - BHO 6: {C5F8EC28-8F68-4397-B050-0F644DFD0789} ()
[07/07/2008, 23:44:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:52] - Checking for HKLM\...\Winlogon\Notify\jkkJbcDU
[07/07/2008, 23:44:52] - Key not found: HKLM\...\Winlogon\Notify\jkkJbcDU, continuing.
[07/07/2008, 23:44:52] - BHO 7: {E6CCF330-8F00-47DC-A3FA-5CF2A7D49A48} ()
[07/07/2008, 23:44:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:52] - Checking for HKLM\...\Winlogon\Notify\urqRJcDs
[07/07/2008, 23:44:52] - Key not found: HKLM\...\Winlogon\Notify\urqRJcDs, continuing.
[07/07/2008, 23:44:52] - BHO 8: {e7eccff8-02b8-49be-9900-47f6bfebb21f} ()
[07/07/2008, 23:44:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/07/2008, 23:44:52] - Checking for HKLM\...\Winlogon\Notify\oyxojy
[07/07/2008, 23:44:52] - Key not found: HKLM\...\Winlogon\Notify\oyxojy, continuing.
[07/07/2008, 23:44:52] - Finished Searching Browser Helper Objects
[07/07/2008, 23:44:52] - Finishing up...
[07/07/2008, 23:44:52] - A restart is needed.
[07/07/2008, 23:45:01] - Attempting to Restart via STOP error (Blue Screen!)

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 07 July 2008 - 10:19 PM

Run a full system scan with SuperAntiSpyware in Safe Mode.

How to start Windows in Safe Mode
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users