Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac72c2b1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
in RunAlyzer it looks like this- ac72c2b1 rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll"b
Everytime I run Malwarebytes it is still there. How can I get rid of or fix this?
Also I have two entries that I believe that I should also destroy. Should I? (listed below)
the entries are xsjfn83jkemfofght C:\DOCUME~1PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
and they are located at
HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.
I have tried the jump to the path option to delete all three of these through Malwarebytes and RunAlyzer with no success.
Please help.
I also just discovered that when Windows first load I get a box that says
RUNDLL
Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.
I would really appreciate any information/help.
Edited by blakeinkzoo, 13 December 2008 - 03:05 AM.