Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

8 virus/trojans found


  • Please log in to reply
7 replies to this topic

#1 quadlatte

quadlatte

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 26 October 2008 - 12:10 AM

Hey all, this is my first post but it is with great need, I seem to have gotten a hold of a really nasty infection. I scan twice with zonealarm with ultra deep scans and found nothing scanned again with stopzilla and it found 66 infections. So I scanned with SB&D and it found only a few cookies. My system was showing all the signs of the Vundo Trojan/virus and stopzilla is telling me that I have VXGame.C, P432, VXGame Temp,Vundo, VundoP, Agent.HRO, ExecVariant.C and Devianf.D. I tried the Vundo fix and it tells me that it's not a valid system 32 file. any help would be much appreciated.

BC AdBot (Login to Remove)

 


#2 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 26 October 2008 - 02:08 AM

Please run a scan with MalwareBytes, which you can get here:
http://www.malwarebytes.org/mbam.php
. Download the program, update it and run a scan. This has a much faster scanner so you may wish to run a full scan. Please post this log aswell (it should popup in a little text file when finished scanning)

Edited by iisjman07, 26 October 2008 - 02:11 AM.


#3 quadlatte

quadlatte
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 26 October 2008 - 06:48 PM

thanks I will give that a try, I want to just clean up my files and then I am going to nuke My Windows install and start fresh (again) but this time I think I will try Vista out. I will keep you posted.

#4 quadlatte

quadlatte
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 26 October 2008 - 09:13 PM

OK I Scanned with malwarebyte and it removed some nasties, so I let it clean up and now it scans clean. I still have stuff found with stopzilla but I am not really familiar with that program and don't want tohave to pay for it. right now I am running ad-aware to see if it finds anything. I have run Spybot, virtumundobegone(it found and deleted some stuff and scan clean) and my zonealarm security suite and it does not find anything else now. here is the log from malwarebyte.



Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 3

10/26/2008 8:40:51 PM
mbam-log-2008-10-26 (20-40-51).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 122968
Time elapsed: 27 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tuvSMcCS.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb4fc407-f4ef-4bd0-a85d-32433d5688fc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fb4fc407-f4ef-4bd0-a85d-32433d5688fc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fb4fc407-f4ef-4bd0-a85d-32433d5688fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9349597-6e81-47f3-b05d-469763764fb7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e9349597-6e81-47f3-b05d-469763764fb7} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvsmccs -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvsmccs -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tuvSMcCS.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\SCcMSvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SCcMSvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qxjtrcoi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iocrtjxq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkkJBQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdBRHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUonnkK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDursp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDvtqQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvTljgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\joqrwyje.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

#5 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 27 October 2008 - 02:01 AM

Now please run a quick scan with SUPERantispyware from here:
http://www.superantispyware.com/superantispywarefreevspro.html
.Download the free version and Update before scanning. If you really feel like it then run a full scan but it has quite a slow scanner.

#6 quadlatte

quadlatte
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 27 October 2008 - 08:52 PM

Ok, I will try that. Out of town for work for 4 days so as soon as I get back I will give that a try.

On a side note do you know if Stopzilla is any good. The reviews I have seen have been mixed and when I uninstalled it it was a pain to remove. I just want to make sure all my personal files are clean since that darn crap copied it's self every where.

Edited by quadlatte, 27 October 2008 - 08:53 PM.


#7 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 28 October 2008 - 08:21 AM

I'm not sure whether or not StopZilla is legit... Most people say that is is because it says you're infected to get you to buy the product, although it doesn't apparently pose any threat to the computer...

#8 quadlatte

quadlatte
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 October 2008 - 10:43 PM

Yeah I was kinda Leary about buying any software that does not even give a trial of some sort.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users