Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Keeps Coming Back--repeat Scans And Confirm Line By Line


  • Please log in to reply
No replies to this topic

#1 WalterK

WalterK

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 13 July 2008 - 10:36 PM

Sure enough, I was disappointed when after running Kaspersky online scanner, Malwarebytes, and ComboFix I noted recurring hicjacked webpages and popups and inability to start Auto Update in Services, etc. but at a reduced rate.

I decided to run Malwarebytes a second time which detected several residual entries not eliminated on the first pass.

I then reexamined System 32 and saw that a number of the infected dlls WERE STILL THERE and were not deleted as promised after rebooting.

I decided to PRINT OUT ALL THE LOG FILES from the initial Kaspersky, Malwarebytes, and ComboFix scans and then tediously went LINE-BY-LINE identifying, deleting, and in cases of the System 32 dlls, using McAfee's more secure recycle bin shredder to remove them (inviting McAFee back for short term use as it is free via my comcast.net subscription--see my last post about this).

It was time-consuming and tedious, but it worked. Much more helpful to refer to a printed page than to squint at the screen swiveling from txt files and the Registry trees...

I also took advantage of a Microsoft "836941 Windows Update guided tool" (self extracting cabinet type) which I downloaded to the desktop. It "automatically" peformed the tasks of placing the update sites in the trusted sites of IE (which I had already done), purging the DNS cache or something like that (which I could not do from other Knowledge Base articles) and probably helped solve the
frustrating 0x80070422, 0x80072ee2, etc. error messages which relate to failure to start Automatic Updates in Services, inability to access the Microsoft Update site, constant barrages from the Security Center icon when I had the OneCareLive running, and so on.

NO PROBLEMS NOW EXCEPT MISSING VOLUME ICON IN SYSTEM OR NOTIFICATIONS TRAY.

I NOW RECALL THAT BEFORE VUNDO INFECTION CONFIRMED, RIGHT CLICKING THE VOLUME ICON RESULTED IN A MESSAGE BOX STATING SOMETHING TO THE EFFECT THAT "Cannot adjust due to a hardware problem." This, besides the hijacked webpages, popup pages, and "Not Responding" was a clearcut sign of infection, later confirmed.

The sound volume exe file is missing in System 32, is not located elsewhere, and cannot locate my original XP Home disc--probably in my son's posession in Chicago-- to reinsert the file. I do have sound but can mute or adjust only via Control Panel. (Checking the "place sound icon in system tray" leads to an error message which requires that I reinstall the missing sndvl32.exe which I cannot get...)

I did download a virus-free file placing an icon on the desktop that shows the full sound volume and effects box as one would see right-clicking the volume icon, for convenience.

BESIDES THE VARIOUS INFECTED REGISTRY KEYS, DLLS, ADIRSS.EXE, MY PROBLEM INVOLVED THESE WEBSITE NAMES:

rotator.adjuggler.com
amateurmatch.com
fling.com
google-analytics
altered Google search pages (but no Adware 2009 offers as far as I know)...

and a bunch of others I entered in Restricted Sites as I encountered them working on another user's account on the same laptop-- having to do with college degrees, stock tips, ebay searches, PC adware scans (of all things!)...


SO, KEEP TRYING, RUN THE SCANS SEVERAL TIMES, AND THINK ABOUT CONFIRMING DELETION OF ALL ENTRIES ITEM BY ITEM, LINE BY LINE, USING A PRINTOUT OF THE LOG FILE FOR VISUAL CONVENIENCE AS THE PROCESS IS TIME CONSUMING, TEDIOUS, BUT WORTH IT IN THE END.


WalterK

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users