Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus 2009


  • Please log in to reply
8 replies to this topic

#1 khmerxnuttyxb

khmerxnuttyxb

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 03 December 2008 - 08:43 PM

hey i got the antivirus 2009 on my wifes laptop. did the malwarebytes run and heres my mbam log

Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 3

12/3/2008 8:41:38 PM
mbam-log-2008-12-03 (20-41-38).txt

Scan type: Quick Scan
Objects scanned: 45441
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\suwuwari.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hodisuto.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\481ea3ac (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4b2d9030 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\motunujitu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\hodisuto.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\hodisuto.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\suwuwari.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\irawuwus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hodisuto.dll (Trojan.BHO) -> Delete on reboot.



is there anything else i should do to make sure its gone, because i did it yeserday and this is the 2nd time i did this.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 03 December 2008 - 08:47 PM

Ok so far so good. Please open MBAM again. Reboot the PC if you haven't already to complete that scans malware removal session.
Next:Click the Update button,there's a newer version. Rescan and post that new log,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 khmerxnuttyxb

khmerxnuttyxb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 03 December 2008 - 09:15 PM

i updated.. heres the new log it found 5 more but heres the mbam log:

Malwarebytes' Anti-Malware 1.30
Database version: 1455
Windows 5.1.2600 Service Pack 3

12/3/2008 9:14:01 PM
mbam-log-2008-12-03 (21-14-01).txt

Scan type: Quick Scan
Objects scanned: 47891
Time elapsed: 14 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\juzutase.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\motunujitu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\juzutase.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\juzutase.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\juzutase.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\juzutase.dll (Trojan.Vundo) -> Delete on reboot.

Edited by khmerxnuttyxb, 03 December 2008 - 09:16 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 03 December 2008 - 09:26 PM

OK these vundo are a tad stubborn .Please reboot and run again.. Another log please.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 khmerxnuttyxb

khmerxnuttyxb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 03 December 2008 - 10:14 PM

just rebooted and ran it again heres the new log, found two of them damn vundo again

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/3/2008 10:12:45 PM
mbam-log-2008-12-03 (22-12-45).txt

Scan type: Quick Scan
Objects scanned: 48895
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e5ffb71-7cf7-4828-bb9c-c4220e31fcd5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e5ffb71-7cf7-4828-bb9c-c4220e31fcd5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Melonbutt

Melonbutt

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 03 December 2008 - 10:17 PM

sorry to butt in, but i had this problem too a while back, i think i still have it but try running MBAM from safe mode.
if that doesnt work try SAS
if all else fails, try Drweb's Curit

Edited by Melonbutt, 03 December 2008 - 10:17 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 03 December 2008 - 10:34 PM

Now run Mbams Full scan.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 khmerxnuttyxb

khmerxnuttyxb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 04 December 2008 - 05:32 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/4/2008 5:29:43 PM
mbam-log-2008-12-04 (17-29-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 91987
Time elapsed: 55 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 05 December 2008 - 12:01 AM

How is the PC now?

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users