My first post so please be gentle ...
My brother's Windows XP (SP2) PC suddenly began to hang when performing searches on www.google.co.uk
McAfee detected the Vundo trojan and duly 'removed' a few files. Still google hangs.
I followed the instructions to let VundoFix.exe scan then remove infected files. It found about nine such .dll and .ini files. It removed seven and couldn't remove two. I restarted the machine as instructed but began a never ending loop of finding the two problem files and not being able to delete them, restarting, fail to delete, rescan etc. I've attached a log showing which files seem to be created by Vundo. It appears that each time I delete the seven files, two are undelete-able, seven are deleted but then they appear again (random names) some time later (on restart?). Either way I cannot completely purge the PC of the files that VundoFix.exe identifies as being problematic.
I can see that the files in question (usually an eight character random string of alpha-numerics followed by .dll or .ini for example nnnnLbaY.dll) are owned by the logged in user with read/write/execute permissions. However the files are not removable by a conventional 'rm -f <file.name>' Linux command (I'm used to Linux/UNIX rather than Windows and so run Cygwin a Linux command line emulator that maps to DOS commands); 'Permission denied'.
I used VirtumundoBeGone.exe to check for any nasties, I've attached the log but it seems there were no infections of this type.
I ran HijjackThis.exe and have attached a log. When I ask HijackThis to fix the following two objects:
O4 - HKLM\..\Run: [840b6e6e] rundll32.exe "C:\WINDOWS\system32\rrfjmcqf.dll",b
O4 - HKLM\..\Run: [BM87385df2] Rundll32.exe "C:\WINDOWS\system32\dpbxxfsi.dll",s
The .dll's are STILL present, even if I again try and remove them manually. Minutes later the other random .dll's and .ini's are back in C:\WINDOWS\system32\
Please could someone help me figure out how to get these files off my brothers PC.
Thanks in advance!