Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with vundo and prunnet


  • This topic is locked This topic is locked
2 replies to this topic

#1 cywings

cywings

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 05 January 2009 - 01:43 PM

Hi I've been recently infected with prunnet and vundo trojan.
Previously the trojan has blocked all access to security websites; (Kaspersky, trendmicro).

My friend helped me to download malwarebytes and it says that it already been removed. Two days later vundo comes back again and finally today it comes back again.

I need to clean it once and for all. And also my symantec icon seems to have disappeared from the taskbar.. and from msconfig symantec is listed as unknown. Is this even normal?

this is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:38:13 PM, on 1/5/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\IAM\bin\asghost.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\WINDOWS\system32\ifxspmgt.exeC:\WINDOWS\system32\ifxtcs.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\PDF Complete\pdfsvc.exeC:\WINDOWS\system32\IfxPsdSv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Symantec AntiVirus\SavRoam.exec:\SvcTools\6.8\bin\lnchr.exec:\SvcTools\pkg\swmeter\swmeter.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.hp.com/"]http://www.hp.com/[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Axon Solutions Ltd.R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 172.31.120.31 loaner TXUROMPAPPSO1 - Hosts: 130.175.92.68 USAHSEDS001O1 - Hosts: 130.175.92.69 USAHSEDS002O1 - Hosts: 130.175.92.70 USAHSEDS003O1 - Hosts: 130.175.92.71 USAHSEDS004O1 - Hosts: 130.175.92.72 USAHSEDS005O1 - Hosts: 130.175.92.73 USAHSEDS006O1 - Hosts: 130.175.92.74 USAHSEDS007O1 - Hosts: 130.175.92.75 USAHSEDS008O1 - Hosts: 130.175.92.76 USAHSEDS009O1 - Hosts: 130.175.92.77 USAHSEDSSMDDB smddbm on_USAHSTXU001O1 - Hosts: 130.175.92.78 USAHSEDSSMD01 smd01m on_USAHSTXU009O1 - Hosts: 172.27.244.40 USAHSTXU003O1 - Hosts: 172.27.245.55 USAHSTXUISD01 isd01.tu.comO1 - Hosts: 172.27.245.56 USAHSTXUISQ01 isq01.tu.comO1 - Hosts: 172.27.244.43 USAHSTXU004O1 - Hosts: 172.27.245.60 USAHSTXUBID01 bid01O1 - Hosts: 172.27.245.61 USAHSTXUBIQ01 biq01O1 - Hosts: 172.27.245.62 USAHSTXUISS01 iss01O1 - Hosts: 172.27.244.46 USAHSTXU005O1 - Hosts: 172.27.245.66 USAHSTXUEPD01 epd01O1 - Hosts: 172.27.245.67 USAHSTXUEID01 eid01O1 - Hosts: 172.27.245.68 USAHSTXUEPQ01 epq01O1 - Hosts: 172.27.245.69 USAHSTXUCMS01 cms01O1 - Hosts: 172.27.244.49 USAHSTXU006O1 - Hosts: 172.27.245.72 USAHSTXUCMD01 cmd01.tu.comO1 - Hosts: 172.27.245.73 USAHSTXUCMQ01 cmq01.tu.comO1 - Hosts: 172.27.244.52 USAHSTXU007O1 - Hosts: 172.27.245.76 USAHSTXUXID01 xid01O1 - Hosts: 172.27.245.77 USAHSTXUXIQ01 xiq01O1 - Hosts: 172.27.245.78 USPLSTXUDCMP2O1 - Hosts: 172.27.245.79 USPLSTXUDXIP2O1 - Hosts: 172.27.244.55 USAHSTXU008O1 - Hosts: 172.27.245.80 USAHSTXUIST01 ist01O1 - Hosts: 172.27.245.81 USAHSTXUCMT01 cmt01.tu.comO1 - Hosts: 172.27.245.82 USAHSTXUEPT01 ept01O1 - Hosts: 172.27.244.58 USAHSTXU009O1 - Hosts: 172.27.245.85 USAHSTXUSMD01 smd01O1 - Hosts: 172.27.245.86 USAHSTXUTXD01 txd01O1 - Hosts: 172.27.245.87 USAHSTXUTXQ01 txq01O1 - Hosts: 172.27.245.20 USAHSTXUAPP03 usahstxuapp03O1 - Hosts: 172.16.6.29 smddb-dataO1 - Hosts: 148.94.173.132 USPLSEDS001O1 - Hosts: 148.94.173.133 USPLSEDS002O1 - Hosts: 148.94.173.134 USPLSEDS003O1 - Hosts: 148.94.173.135 USPLSEDS004O1 - Hosts: 148.94.173.136 USPLSEDS005O1 - Hosts: 148.94.173.137 USPLSEDS006O1 - Hosts: 148.94.173.138 USPLSEDS007O1 - Hosts: 148.94.173.139 USPLSEDS008O1 - Hosts: 148.94.173.140 USPLSEDS009O1 - Hosts: 148.94.173.141 USPLSEDS010O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.hp.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url]O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab[/url]O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) - [url="http://usahstxuapp03:8080/qcbin/Spider91.cab"]http://usahstxuapp03:8080/qcbin/Spider91.cab[/url]O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url="https://axon.webex.com/client/T26L/webex/ieatgpc.cab"]https://axon.webex.com/client/T26L/webex/ieatgpc.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = axongroup.co.ukO17 - HKLM\Software\..\Telephony: DomainName = axongroup.co.ukO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = axongroup.co.ukO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = axongroup.co.ukO20 - AppInit_DLLs: APSHook.dll ohsmhn.dll cwyawd.dllO20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exeO23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exeO23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Software Management Agent 6.8 (SMA6.8) - Everdream - c:\SvcTools\6.8\bin\lnchr.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeO23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 12667 bytes

this is my latest malwarebytes log

Database version _linenums:1618'>Malwarebytes' Anti-Malware 1.32Database version: 1618Windows 5.1.2600 Service Pack 21/5/2009 11:22:56 AMmbam-log-2009-01-05 (11-22-56).txtScan type: Full Scan (C:\|)Objects scanned: 167898Time elapsed: 36 minute(s), 18 second(s)Memory Processes Infected: 0Memory Modules Infected: 3Registry Keys Infected: 19Registry Values Infected: 4Registry Data Items Infected: 2Folders Infected: 0Files Infected: 24Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\wvUoLDsP.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\cwyawd.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\ssqRKbcY.dll (Trojan.Vundo) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13e0fd51-1aeb-4208-9b80-f8aef1755a28} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{13e0fd51-1aeb-4208-9b80-f8aef1755a28} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b3f727c-a73e-49ee-b06a-eaea5be3c813} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{3b3f727c-a73e-49ee-b06a-eaea5be3c813} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{13e0fd51-1aeb-4208-9b80-f8aef1755a28} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqrkbcy (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fltmgrr (Rootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fltmgrr (Rootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38f8ec89 (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvuoldsp -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvuoldsp  -> Delete on reboot.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\cwyawd.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\wvUoLDsP.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\PsDLoUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\PsDLoUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\thoykhmr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\rmhkyoht.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\fltmgrr.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ssqRKbcY.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\ywchen\Local Settings\Temp\esowamxncr.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\ywchen\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\ywchen\Local Settings\Temp\sancrxmweo.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\ywchen\Local Settings\Temp\stf2E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\ywchen\Local Settings\Temp\sxancemorw.tmp (Rogue.Installer) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ljJCspoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\rqsvagyb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yaywXRJa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\p2\EV21AIP.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\senekawtxumlmk.dll (Trojan.Agent) -> Delete on reboot.C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\senekaoenqtcfk.sys (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.

please help..... thanks.. i need to make sure that it's cleaned completely and it doesn't return.

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 19 January 2009 - 12:42 PM

Hello cywings,

I apologise for the delay, the forum is extremely busy.

If you still need help post a new HijackThis log, following my instructions below:
----------------------------------------------
RENAME HIJACKTHIS

There is some infection hiding in your log.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.

Please do not Code your replies.

Also let me know if you added the sites, which shows in 01 lines in your Hosts files.

axongroup.co.uk
What is this site?
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 24 January 2009 - 11:29 AM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users