Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VUNDO.H Infection


  • Please log in to reply
5 replies to this topic

#1 Sawasdee

Sawasdee

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 05 January 2009 - 06:50 PM

Hi Guys!

Been infected by VUNDO.H few times in the past days!
PC Technician came to fix it and saw the way he did!
I saw him using Malwarebytes, Hijackthis, ComboFix.
Now the problem is ok until I surf again my japanese websites for DVD's rental.
I know it's coming from there!
I know how to remove it but badly, my Antivir Premium Security Suite doesn't look to be smart enough to block it! It detects it but don't block it at 100%!

Now I have a something weird in the HJT log that I wanna know if it can be an infected .DLL that I should delete or repair.

I'm not gonna post the Log file guys to respect the rules here but just take a look at it and give me your opinion!
Thanks again in advance for your support guys!

O4 - HKUS\S-1-5-19\..\Run: [labezepini] Rundll32.exe "C:\WINDOWS\system32\namiviko.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [labezepini] Rundll32.exe "C:\WINDOWS\system32\namiviko.dll",s (User 'SERVICE RÉSEAU')

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 05 January 2009 - 07:07 PM

Hello.

If you are being reinfected with Vundo, you Java is probably outdated.

Update Java to Version 6 Update 11
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer for Windows.32, here. Follow the prompts to install and delete the install after use.
----
After, run a scan with MalwareBytes and post that log. We''ll go from there.

With Regards,
The Panda

#3 Sawasdee

Sawasdee
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 05 January 2009 - 07:15 PM

Hi Panda!

Thanks for the fast reply!
I already have Java updated!
If I look in the ADD/REMOVE section, here's what I have about JAVA

Java 6 Update 11
Java 6 Update 6
Java 6 Update 5
Java 6 Update 4

Should I uninstall all these?

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 06 January 2009 - 12:10 PM

Hello.

Just remove:
Java 6 Update 6
Java 6 Update 5
Java 6 Update 4
then.

Please take a MBAM scan.

With Regards,
The Panda

#5 Sawasdee

Sawasdee
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 06 January 2009 - 09:06 PM

Ok did what you said!

Here's the log file but still have the 2 lines mentioned in my first post!

Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 2

2009-01-06 21:03:04
mbam-log-2009-01-06 (21-03-04).txt

Scan type: Quick Scan
Objects scanned: 54496
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 07 January 2009 - 07:54 PM

Hello.

Looks like those are just leftover entries. You could remove them with HijackThis.

Running Malware Bytes on your other user accounts would do fine too.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users