Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo? Malware? Connectivity Problems...help!


  • Please log in to reply
3 replies to this topic

#1 teriyakisaki

teriyakisaki

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 17 September 2008 - 01:58 AM

alright folks. so i am on vacation here at my parents house and my laptop is currently out of commission. my parents computer has had viruses gallore (my dad is waaayy too lazy to update his norton, and doesn't like it if i put on stuff that actually works...), and so normally to spare myself the headache of closing popups and such and just hook up my computer to their hardline. my laptop has recently been having trouble turning on (shorter power button?) and so i brokedown and used my parents computer. i noticed my dad finally took some initiative and helped clean up the computer as all of the popups and such were gone. i'm surfing, and all of a sudden i get bombarded by all sorts of popups and alerts regaurding security threats, malware, etc, and i know they are all fake as they are advertising specific programs. i then begin to notice that hte virus also made it so that anytime anything was googled, the first 2 results were to the fake protection program's website, and also to some you-tube related porno deal. i also noticed two new icons on the desktop. one for megaporndump.com and one for megafreeporn. the worst part is i can delete the icons, but they just come right back on reboot.

i did some searching and found the program file that was causing the icons, and it was in a program titled PCHealthCenter. i deleted all of the files in the folder, including some .exe's named simply 1-7. the .exe's were in my processes so i stopped them and deleted them. i then started to google some of hte processes i had running, some came up as they could go either way, others came up definately negative. they all started with YUR followed by numbers and letters. i researched all of them and they seemed to be attached to some sort of vundo virus. i stopped all of the processes. i also tried using the symantec FixVudno to no avail. i also tried VundoFix from atribune.org as it seemed legit. of course this did not fix the issue either. i did some googling which brought me to a site called exterminate_it.com. i followed some of the advice looking through registry keys and such, but after going through about 40 registry keys and not finding any they listed, i gave up hope. the registry values mentioned to delete shared the same "YUR" beginnings, so i deleted all of the registry values with YUR. this didn't really fix anything that i could notice. i later notice that the "X" in the exterminate-it program was the same on some of hte popups, and the genuises made it so googling theirvirus would bring you right to their scam site which would "fix" the virus they infected you with. i'm a little upset.

i've also tried adaware, and it picked up 22 infected files, but never finished "deleting" the infected files (sat for hours and i ended up just closing the program), but i'm sure it cleaned something up. i've also installed spybot search and destroy as well as spyware doctor, however the next problem came up. i try to update the programs because its required upon installation, however everytime i try this, it fails with the error message of being unable to connect to the server. i also noticed that my AIM has been able to connect to the AOL server since this issue came about. my firefox has also had server connectivity issues. i also noticed that the internet explorer now runs "without add-ons" and it won't let me reactivate add-ons (its greyed out). some of the popups still come up, one comes up (the one that is the most consistant) but is now blank as all of the images and links on the popup were deleted when i deleted the "PCHealthCenter" program files. i do also remember seeing something for TotalSecure2009. i have hijack this, but have no idea how to use it, i assume it just makes log files for you geniuses to look at? i was using mostly firefox until it recently started having connectivity issues, especially after i "updated" it. it never had the problems with popups and such (obviously), but i'm worried the "update" for firefox was maybe part of the virus?

i am using windows XP. i don't know the other specs of the computer as its a DELL that my dad bought maybe 5-8 years ago. still runs decent considering...

Focus
How do i resolve the connectivity issues so my antivirus programs can update?
How do i get rid of this nasty bug?
How do i clear the icons?

I assume these all will be solved together. Thank you very much for any and all help. It is greatly appreciated. Normally i would think nothing of an extra popup or two, but i feel really bad that it came about while i was on the internet, after my dad had finally stepped up to the plate and solved some of the issues. furthermore, my own hard-headedness has probably made the problem worse. I greatly appreciate this. Thank you in advance.

Edited by teriyakisaki, 17 September 2008 - 01:59 AM.


BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:22 PM

Posted 17 September 2008 - 08:56 PM

Welcome to Bleeping

That's a rather nasty infection to cleanup with a working internet connection and the right tools

If you can't use a healthy computer I don't know any remedy except to format and reinstall

It would have been better to not let things get this bad, but experience is lessons learned
Chewy

No. Try not. Do... or do not. There is no try.

#3 teriyakisaki

teriyakisaki
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 September 2008 - 02:28 AM

well the big thing is this literally happened over about 24 hours. as the days go by, things get slightly worse and worse. fortunately i at least have my internet connection still. so does anybody else want to weigh in or is all hope lost?

Edited by teriyakisaki, 18 September 2008 - 02:28 AM.


#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:22 PM

Posted 18 September 2008 - 06:42 AM

We can try some different programs or executables, it might be a long uphill battle. I was just stating the fact a clean install would be quicker and a sure way to remove the malware.

Download this file to your Desktop: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
Start the setup_.exe-file and click "Next".
The tool will be unzipped now to his own folder on the Desktop, confirm this by pressing "Next" again.
Now, click "Scan" to start the quick scan.
When it's finished, the found malware will be showed to you, press "Delete".
Now click the button "Reports" in the main screen and save the logfile to your Desktop.
Post this logfile in your next reply
After that you'll get this message: "Do you want to uninstall?", choose "Yes".
The tool will be deleted then.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users