Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo, but not Vundo


  • This topic is locked This topic is locked
3 replies to this topic

#1 PJ the Barbarian

PJ the Barbarian

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 10 February 2009 - 02:09 PM

Hi everyone. Found this site when I got a virus a few weeks ago, and the directions here helped me get rid of it- or so I thought. Since I'm still having trouble I decided to register and ask for help

Background:

Windows XP service pack 2, I surf with firefox, and I'm beginner/intermediate experienced with taking care of my own computer issues. (Hell, I'm theoretically certified to help other people with theirs, but this one's got me stumped)

Here's the deal:

I had a virus that was redirecting search results. No big deal, pretty common. Right? I followed directions I found online and I thought it was gone: my search results were going where they were supposed to. (it also killed TeaTimer and pretended that a whole lot of websites that could help me, like trend.com, spybot, and adaware "couldn't be found" when I tried to go to them. This interesting problem has not recurred.)

Then the problem recurred, in a strange way: In one session, only links that I chose to "open in new tab" were redirected, and regular clicks went through. Now it seems a bit random, with about 1/2 of searches going where they belong, and 1/2 not.

This morning, Anti-Malware would find a Vundo infection, try to clean it, clean everything but one file (labeled "Rootkit Agent" IIRC) in system32/drivers folder, and then say that this file had to be deleted on restart. I'd restart, run A-M, and it would find the whole infection, back and good as new. But now it can't find it anymore, even though the symptoms persist. (I'm still getting search redirects)

Here are the things that I've run today that cannot fix my problem or no longer recognize that I have one:

Malwarebytes' Anti-Malware

Combofix (edit: I guess I wasn't supposed to attempt to use combofix on my own, all willy-nilly. My bad. Could really still use some help here)

Vundofix

Trend House Call.

I can't make heads or tails of my HJT log either, but the rules for this forum say not to post that so I'll hold off for now. Anyone have any ideas or need any more information from me? I'd appreciate the help.

Edited by PJ the Barbarian, 10 February 2009 - 02:24 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:20 PM

Posted 10 February 2009 - 02:58 PM

The best approach now is to make anew topic in the HJT forum.
HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 PJ the Barbarian

PJ the Barbarian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 10 February 2009 - 03:16 PM

thank you

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:20 PM

Posted 10 February 2009 - 04:46 PM

You're welcome. I am going to edit the second reply in your HJT topic into the first, explained below.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Post in this thread when you haven't received an answer in five days.".

To avoid confusion, I am closing this topic.

Edited by boopme, 10 February 2009 - 04:46 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users