Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo/Virtumundo, Images not loading in IE7


  • Please log in to reply
14 replies to this topic

#1 rubyweapon8503

rubyweapon8503

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 20 December 2008 - 09:42 PM

I have some type of virus on my computer, I think that it is a vundo or vitrumondo based on scans. Not too long ago, I had some type of spyware or adware on my computer that was causing pop-ups and annoying voice ads (You've been selected to win . . . type of stuff.) I got rid of all that, and I thought I was successful. But now, for some reason, images have not been loading on websites opened in IE7; they work fine on Firefox. They do not show a broken image link; rather, the three shapes that indicate that an image is there and is loading. The images just never load. I have run AdAware, Spybot Search & Destroy, SUPERAntiSpyware, MalwareBytes Anti-Malware, House Call, Smitfraudfix, VundoFix, and VirtumondoBegone, all in safe mode (except for AdAware, which refuses to open in safe mode), all to no avail. I'm at my wit's end! I would really appreciate some help.

Thanks,

Clare

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 PM

Posted 21 December 2008 - 02:21 AM

MalwareBytes Anti-Malware is most effective in normal mode, especially at finding and stopping a rootkit, update it and post a normal mode scan please.
Chewy

No. Try not. Do... or do not. There is no try.

#3 rubyweapon8503

rubyweapon8503
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 21 December 2008 - 09:45 AM

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/21/2008 9:45:02 AM
mbam-log-2008-12-21 (09-45-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 110368
Time elapsed: 22 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsnrpjdf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{299BDDA0-A8ED-4958-892E-55AC971CF883}\RP231\A0033189.EXE (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{299BDDA0-A8ED-4958-892E-55AC971CF883}\RP235\A0035376.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 PM

Posted 21 December 2008 - 10:21 AM

We can ignore those files in system restore for now, but the TDSS one is rather nasty


http://www.bleepingcomputer.com/forums/ind...p;#entry1001339


http://www.bleepingcomputer.com/forums/ind...mp;#entry948894

Would you run ATFCleaner and SAS as specified in this link

Edited by DaChew, 21 December 2008 - 10:22 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#5 rubyweapon8503

rubyweapon8503
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 December 2008 - 12:33 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2008 at 03:32 PM

Application Version : 4.23.1006

Core Rules Database Version : 3680
Trace Rules Database Version: 1659

Scan type : Complete Scan
Total Scan Time : 01:34:08

Memory items scanned : 152
Memory threats detected : 0
Registry items scanned : 5507
Registry threats detected : 3
File items scanned : 58314
File threats detected : 2

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32

Adware.Tracking Cookie
.richmedia.yahoo.com [ C:\Documents and Settings\Clare Regina\Application Data\Mozilla\Firefox\Profiles\5c0shp0r.default\cookies.txt ]

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{299BDDA0-A8ED-4958-892E-55AC971CF883}\RP236\A0035419.DLL

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 PM

Posted 22 December 2008 - 08:16 AM

Let's run a quick scan of all drives with an updated MBAM
Chewy

No. Try not. Do... or do not. There is no try.

#7 rubyweapon8503

rubyweapon8503
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 December 2008 - 12:12 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1531
Windows 5.1.2600 Service Pack 3

12/22/2008 12:08:43 PM
mbam-log-2008-12-22 (12-08-43).txt

Scan type: Quick Scan
Objects scanned: 63610
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 PM

Posted 22 December 2008 - 12:29 PM

Are there any other symptoms of infection left besides the problem with IE7?
Chewy

No. Try not. Do... or do not. There is no try.

#9 rubyweapon8503

rubyweapon8503
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 December 2008 - 01:47 PM

No, just the images not showing up. I haven't had any adware popups for quite a while. Maybe I should just try a reinstall?

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 PM

Posted 22 December 2008 - 03:25 PM

If MBAM will give you a clean scan and all other symptoms are gone then IE7 is probably corrupted, we see this a lot with SP3

let's flush your restore points

http://www.bleepingcomputer.com/forums/ind...mp;#entry943994

you might try downloading IE7 and reinstalling

http://www.microsoft.com/downloads/details...;displaylang=en
Chewy

No. Try not. Do... or do not. There is no try.

#11 rubyweapon8503

rubyweapon8503
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 December 2008 - 07:32 PM

I did a reinstall and images are still not loading. :thumbsup:

#12 retinchet

retinchet

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 22 December 2008 - 07:36 PM

I had this problem too. To fix it, go to tools>internet options>advanced>and under multimedia, click show pictures.

Hope this helps.

Edited by retinchet, 22 December 2008 - 07:41 PM.


#13 rubyweapon8503

rubyweapon8503
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 December 2008 - 07:59 PM

That fixed it! Maybe the virus had changed the settings on me.

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 PM

Posted 22 December 2008 - 08:38 PM

There might be other changes you haven't noticed, if so I would reset defaults in the advanced tab

retinchet, thanks
Chewy

No. Try not. Do... or do not. There is no try.

#15 retinchet

retinchet

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 22 December 2008 - 10:40 PM

yea, that might be a good idea.

Edited by retinchet, 22 December 2008 - 10:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users