Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo trojan now can't edit registry


  • Please log in to reply
5 replies to this topic

#1 ritzy4runner

ritzy4runner

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 18 December 2008 - 11:55 AM

:thumbsup: Got a trojan and still a bit puzzled why it was able to get in but here is the deal; Tried to run my AVG antivirus and the system would not let me update the definitions. Rebooted computer and it would appear to boot normally, except that when you got to the select user screen after selecting the user (myself) it would load the desktop but the address bar at the bottom would never seem to finish loading, none of my start up programs would show their little icons in the lower right corner. Everything else appeared to be normal until you move the cursor into the lower task bar (START, etc) and you would get the waiting hourglass. After 2 hours ... I figured this was not going to work. Rebooted and escaped into SAFE mode and rebooted using SAFE mode w/networking. Ran my AVG antivirus and it showed several files that had the 'Vundo' trojan. Attempted to delete/quarantine the line items identified but ran into issues. Was able to delete one .dll which allowed me to boot to the desktop. HDD now seems to be in a cycle as it is accessing every 3-4 seconds for about 1/2 second so it is constantly making a grr noise when it accesses the HDD System will function normally but Google search is impeded, get constant notice about issue with Google tool bar, can search Google but it takes you to purchase sites of what ever you try to search for. AVG anti-virus will not update and attempts to access the home page lead you to purchase sites for other antivirus software.

Attempted to remove the trojan using some online tutorials. When I attempted to rename the .dll that had been identified as being with the Vundo trojan (based on search for files and date and time the new dll's are listed in Windows\sytem32 directory all but 3 files would let me rename them to delete them. Attempted to enter REGEDIT to remove registry line items but the system tells me that regedit has been locked by the Administrator. I entered in SAFE mode and logged on as Administrator and still received the same error message. I can not enter the regedit function.

I am about at my wits end on this, so last night I satrated to copy all personal data that I had on the C/D drives (split partition drive) looking at having to do a restore of my OS. Real issue here for me is I have several programs intalled that were online downloads so trying to get them restored will be a bit tough (all legit programs I paid for). any other suggestions I could try befor having to go to a complete wipe and restore of my Vaio recovery disks? I will be loading SP 1,2&3 again along with every conceivable patch, update ... its gonna take days! If that is my only real option, then I guess I just ahve to bite the bullet and do it. fortunately I was able to get into the system to at least be able to copy the files to an external HDD.

I keep seeing stuff about Hijack This Logs, and some other software logs etc. :flowers: I have no clue on these sorts of programs so I will need a little "hand-holding" if these need to be installed and run. Thanks again

Edited by Pandy, 18 December 2008 - 12:47 PM.
Moved From Win XP Home and Pro


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 December 2008 - 01:33 PM

Hi,

Welcome here. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 ritzy4runner

ritzy4runner
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 18 December 2008 - 08:35 PM

I'm really having problems. Tried to download your recommendation to both my network and put shortcut on my infected computer desktop and it would not run. Attempted to copy to a CD and it would not read the disk when placed into the infected machine. then copied the file to a thumb drive. Was able to show the file and attempted to run it as well . Started but then never loaded on the machine. I can't seem to get anything to run on this and accessing the internet is a waste as I can not even get any site that has software downloads to come up proerly. AVG is redirected so you can't get to them to download, goggle the swame way, I get routed to Qwest help pages. I guess my only option is to wipe it slick. Any last suggestions are appreciated

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2008 - 05:02 AM

Hi,

I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Good luck. :thumbsup:

#5 ritzy4runner

ritzy4runner
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 19 December 2008 - 09:27 AM

Thanks Superbird, I will submit the requested information as you have reocmmended. I hope that I didn't do anything too dramatic but I needed to recover and get online so I attempted a repair of my OS. Having a Sony Vaio, I attempted to recover using my restore CD's but ran into an issue with it. Said that there was a problem with the partitions and it could not do the recovery. I attempted to use another HDD but had issues with it as well. I then decided to attempt a reinstall of the OS but as I have all Vaio computers with only their recovery CD's, I do not have any stand alone copies of Windows XP but I did happen to locate a copy of Windows XP Professional (Upgrade) so decided to try to see if I could at least install/reinstall the OS.

I was sucessful in installing the OS over the Home version of XP but got a warning that I was loading a version of XP that was older then the one currently installed. I told it basically "I don't care, just load it" and continued. I was sucessful with the loading of the new OS but as I knew would be the case, everything on the C partition is now "gone" but it did nothing to the D partition. All of my information and files is still on the D partition. I can rebuild the C drive (hopefully). I installed SP 2 and 3, any updates via windows update, reinstalled my AVG anti-virus but had to install 7.5 along with all the updates to get it current. I will attempt to convert to 8.0 later.

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2008 - 09:30 AM

If you post your HijackThislog by following those instructiions I gave you, they will help you there with everything. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users