Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo and MBAM help


  • This topic is locked This topic is locked
2 replies to this topic

#1 delong

delong

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 19 January 2009 - 11:06 AM

So I finally got MBAM to install and run using the keyboard workaround (you people are smart!). Anyway, I ran it, now what's the next step. Do I remove the files or is there something I need to do first? Here is the log (please help!):

Malwarebytes' Anti-Malware 1.33
Database version: 1666
Windows 5.1.2600 Service Pack 3

1/19/2009 10:10:02 AM
mbam-log-2009-01-19 (10-09-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 114153
Time elapsed: 25 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hlfadc.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{555b008b-d3f8-4064-b42c-e9d84b7d6f7c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{555b008b-d3f8-4064-b42c-e9d84b7d6f7c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqpqgx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{555b008b-d3f8-4064-b42c-e9d84b7d6f7c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rlafikumipobere (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vrupukali (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\hlfadc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awtqpQGx.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\diegolong\Local Settings\Temp\senekafb3e.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\diegolong\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0039637.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\cbXRKCVo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\efcATnlj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gdtupb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBqNeCv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBuTkKD.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ljJDTKDU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\tcrwga.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vtUlIbBU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dlycml.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\opnommmK.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ppmvpg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fvhbqh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xvzwmr.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\drivers\seneka.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\senekaeuyxobmc.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\dllcache\userinit.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\ohotuqicace.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekafohwuxrl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekahciuevds.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\qoMcyWQG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBtUlKD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRlkiiH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnmkKby.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXQjHwt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcCsrrS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcyAPFu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcyWPIC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iiffDWPj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mlJAtRIA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyyxvvs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyyxwvv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayvTNfd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yaywvwvv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUnkklK.dll (Trojan.vundo) -> No action taken.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\diegolong\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> No action taken.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:37 AM

Posted 19 January 2009 - 11:35 AM

Hi,

Do I remove the files or is there something I need to do first?

Yes, you have to remove them.
So rescan with MalwareBytes and When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then, After reboot (so this means after running malwarebytes and removing the malware + reboot), * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:37 AM

Posted 30 January 2009 - 05:08 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users