I can't delete Trojan.Vundo.H and winloggn. Please help.

Malwarebytes' Anti-Malware 1.31 says this in my MBAM log-

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac72c2b1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

in RunAlyzer it looks like this- ac72c2b1 rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll"b

Everytime I run Malwarebytes it is still there. How can I get rid of or fix this?

Also I have two entries that I believe that I should also destroy. Should I? (listed below)

the entries are xsjfn83jkemfofght C:\DOCUME~1PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe

and they are located at

HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.

I have tried the jump to the path option to delete all three of these through Malwarebytes and RunAlyzer with no success.

Please help.

I also just discovered that when Windows first load I get a box that says

RUNDLL
Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.



I would really appreciate any information/help.

Edited by blakeinkzoo, 13 December 2008 - 03:05 AM.

I ran Vundo fix and it stated that I had no infections. Then I ran malwarebytes and it found the Vundo. H. I then hit remove button. I confirmed that it was removed with runalyzer. Not sure why it worked this time. Hopefully it stays that way.

Turned on my cpu today (running windows XP) and got the same warning

RUNDLL
Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.

I scanned with Malwarebytes and it found the Trojan Vundo H again/still. I am really bleeping sick of this.

also what about the winloggn entries mentioned above.
I am new to this site, and I am quite computer illiterate Please Help. What can I do?

Hello blakeinkzoo and welcome to BC

I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/186657/trojan-vundo-h-maybe-winloggn/

We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.

This leaves you with a choice:

1) Have this thread reopened and the HiJack This log topic deleted

OR

2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.

Please send a Private Message indicating your choice.

Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom