Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Viral Infection


  • Please log in to reply
2 replies to this topic

#1 Guest_N-SearchofAnswers_*

Guest_N-SearchofAnswers_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2008 - 10:08 AM

Hello everyone! I have a major issue with on of my client computers as work and I cannot resolve the issue no matter what I try. I know it's the Vundo virus from the log the Malware bytes print after it has scanned the system. I have done the following:

1. Downloaded Malwarebytes, renamed it at the local level and target path.

2. Scanned the system, removed the detected violations and rescanned. The second scan revealed about 4 registry violations(violaton were marked "remove on reboot", I the manually deleted them because each subsequent scan continued to reveal them).

4. although the violations continued to be indicated, the system performed well throughout the day. however each time the client returned to work, booted her computer and attempts to surf the web, this is when the pop-up go wild.

Here are the most recent malwarebytes logs:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm6f526dc2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rulumiluza

BC AdBot (Login to Remove)

 


#2 red_fox

red_fox

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 05 December 2008 - 11:33 AM

I have a user with the same issue, in your case you probably have to remove those 2 items from the startup.

I'm on my 3rd scanning tool now. First I used MalwareBytes Anti-Malware and that removed about 75 detections of Vundo and BHO trojans. Popups did return, I ran SuperAntiSpyware which detected about 50 more FakeAlert, Vundo, and BHO related files.

The popups did return again today, but they are a different popup and I'm trying adaware 2008. I am going to check my user's starup as well.

If/When I find a tool that'll provide a permanent fix I'll post it here.

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 05 December 2008 - 02:22 PM

@N-search of Answers
May I suggest you update the malwarebytes program, reboot the computer and run a scan in Normal mode and post the full report for someone to check for you to see where you are at now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users