Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't delete Trojan.Vundo.H and winloggn. Please help.


  • This topic is locked This topic is locked
3 replies to this topic

#1 blakeinkzoo

blakeinkzoo

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:21 PM

Posted 12 December 2008 - 10:58 PM

Malwarebytes' Anti-Malware 1.31 says this in my MBAM log-

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac72c2b1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

in RunAlyzer it looks like this- ac72c2b1 rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll"b

Everytime I run Malwarebytes it is still there. How can I get rid of or fix this?

Also I have two entries that I believe that I should also destroy. Should I? (listed below)

the entries are xsjfn83jkemfofght C:\DOCUME~1PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe

and they are located at

HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.

I have tried the jump to the path option to delete all three of these through Malwarebytes and RunAlyzer with no success.

Please help.

I also just discovered that when Windows first load I get a box that says

RUNDLL
Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.



I would really appreciate any information/help.

Edited by blakeinkzoo, 13 December 2008 - 03:05 AM.


BC AdBot (Login to Remove)

 


#2 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:21 PM

Posted 13 December 2008 - 03:09 AM

I ran Vundo fix and it stated that I had no infections. Then I ran malwarebytes and it found the Vundo. H. I then hit remove button. I confirmed that it was removed with runalyzer. Not sure why it worked this time. Hopefully it stays that way. :thumbsup:

#3 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:03:21 PM

Posted 14 December 2008 - 03:50 AM

Turned on my cpu today (running windows XP) and got the same warning

RUNDLL
Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.

I scanned with Malwarebytes and it found the Trojan Vundo H again/still. I am really bleeping sick of this. :thumbsup:

also what about the winloggn entries mentioned above.
I am new to this site, and I am quite computer illiterate Please Help. What can I do?

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:21 PM

Posted 14 December 2008 - 11:29 PM

Hello blakeinkzoo and welcome to BC :thumbsup:

I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/186657/trojan-vundo-h-maybe-winloggn/

We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.

This leaves you with a choice:

1) Have this thread reopened and the HiJack This log topic deleted

OR

2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.

Please send a Private Message indicating your choice.

Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users