Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo


  • Please log in to reply
1 reply to this topic

#1 gana

gana

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 08 December 2008 - 09:17 PM

Hey,

I was automatically infected by a website so I ran my antivirus program, superantispyware, and spybot.

I was hoping that would be enough to fix the problem but my antivirus program keeps on finding something called Trojan.Vundo so I was wondering if there's something else I can to do to get rid of it.

Here's the log for SuperAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2008 at 06:28 AM

Application Version : 4.22.1014

Core Rules Database Version : 3653
Trace Rules Database Version: 1635

Scan type : Complete Scan
Total Scan Time : 01:13:10

Memory items scanned : 450
Memory threats detected : 0
Registry items scanned : 6534
Registry threats detected : 19
File items scanned : 66700
File threats detected : 18

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NNNNNHWV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

Adware.Vundo Variant
HKU\S-1-5-21-2482130329-3708811035-2242376455-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42BFABD3-B070-4053-9485-30D7E000D3D3}

Trojan.Vundo-Variant/NextGen
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\nnnnNHwV

Adware.Tracking Cookie
C:\Documents and Settings\eli\Cookies\eli@atdmt[2].txt
C:\Documents and Settings\eli\Cookies\eli@adtrafficstats[1].txt
C:\Documents and Settings\eli\Cookies\eli@powerfulvirusremover2008[1].txt
C:\Documents and Settings\eli\Cookies\eli@advertising[2].txt
C:\Documents and Settings\eli\Cookies\eli@doubleclick[1].txt
C:\Documents and Settings\eli\Cookies\eli@gomyhit[3].txt
C:\Documents and Settings\eli\Cookies\eli@myroitracking[1].txt
C:\Documents and Settings\eli\Cookies\eli@partypoker[2].txt
C:\Documents and Settings\eli\Cookies\eli@wmvmedialease[1].txt
C:\Documents and Settings\eli\Cookies\eli@2o7[1].txt
C:\Documents and Settings\eli\Cookies\eli@gomyhit[2].txt
C:\Documents and Settings\eli\Cookies\eli@mediaplex[2].txt
C:\Documents and Settings\eli\Cookies\eli@adsrevenue[1].txt

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount

Trojan.Fake-Alert
C:\Documents and Settings\eli\Application Data\gadcom\gadcom.exedh
C:\Documents and Settings\eli\Application Data\gadcom

Rogue.Component/Trace
HKLM\Software\Microsoft\60419F87
HKLM\Software\Microsoft\60419F87#60419f87
HKLM\Software\Microsoft\60419F87#Version

Trojan.Fake-Alert/Trace
C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\fbk.sts

Adware.Prun
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#UninstallString
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#prunnet [ "C:\WINDOWS\system32\prunnet.exe" ]
HKU\S-1-5-21-2482130329-3708811035-2242376455-1006\Software\Microsoft\Windows\CurrentVersion\Run#prunnet [ "C:\WINDOWS\system32\prunnet.exe" ]

Adware.Adservs
C:\WINDOWS\SYSTEM32\VOS\MTK63G.EXE


Thanks, really appreciate the help!

BC AdBot (Login to Remove)

 


#2 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:01:19 PM

Posted 08 December 2008 - 09:48 PM

Vundo @ Wikipedia

Download, install, update, and run MalwareBytes AntiMalware (MBAM)

MBAM is particularly effective at killing Vundo/Virtumonde

edit: fyi SAS ans SpybotS+G are anti-spywares...pick up AVG or Avast or some other anti-virus to run in real time as MBAM free is manual scan

Edited by TSalarek, 08 December 2008 - 09:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users