Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help to remove Vumundo


  • Please log in to reply
1 reply to this topic

#1 catchharish

catchharish

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 25 February 2009 - 10:10 PM

My computer for the last few months seems to have been infected by Vumundo. I have been getting weird popups and many a times my IE crashes or tooo many IE windows keep opening automatically. I have been getting a lotttttttt of ad pop-ups. Seems like my IE has been hijacked. I ran webroot's spysweeper which detected the Adware and inspite of "removing it", it has not helped. it keep coming back again and again

Here is the DDS.txt file

LSA: Authentication Packages = msv1_0 setuid
LSA: Notification Packages = scecli c:\windows\system32\behubaza.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\qxtu9pbl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {3E90F929-9AAA-4C00-982A-B9E165AE8B3A} - c:\documents and settings\administrator\local settings\application data\{3E90F929-9AAA-4C00-982A-B9E165AE8B3A}

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-23 42376]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-23 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-23 81288]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007-10-5 8576]
R2 CVSControl;CVSNT Control Panel;c:\programs\cvsnt\cvscontrol.exe [2006-7-3 36864]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-3 835208]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-23 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-23 1073544]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-7-17 3572592]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-2-15 9433]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2007-10-28 25088]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-2-15 115744]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\nortel networks\Extranet_serv.exe [2008-2-15 643072]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-2 33752]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2007-9-27 91392]

=============== Created Last 30 ================

2009-02-25 07:21 129,024 a--sh--- c:\windows\system32\iyzwbu.dll
2009-02-24 19:26 129,024 a------- c:\windows\system32\pgnaus.dll
2009-02-24 19:20 129,024 a------- c:\windows\system32\vuverisa.dll
2009-02-23 22:53 129,024 a--sh--- c:\windows\system32\boitka.dll
2009-02-23 22:50 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-23 22:50 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-23 22:50 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-23 22:50 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-23 22:50 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-23 22:50 <DIR> --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-02-23 22:48 <DIR> --d----- c:\docume~1\admini~1\applic~1\GetRightToGo
2009-02-23 10:53 129,024 a--sh--- c:\windows\system32\lnwjsi.dll
2009-02-22 22:52 129,024 a--sh--- c:\windows\system32\qckzrm.dll
2009-02-22 18:25 <DIR> a-dshr-- C:\cmdcons
2009-02-22 18:23 161,792 a------- c:\windows\SWREG.exe
2009-02-22 18:23 98,816 a------- c:\windows\sed.exe
2009-02-08 18:38 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-02-25 07:21 129,024 a--sh--- c:\windows\system32\gapedalu.dll
2009-02-25 07:21 84,992 a--sh--- c:\windows\system32\rurirovi.dll
2009-02-25 07:21 79,872 a--sh--- c:\windows\system32\pologodi.dll
2009-02-24 19:21 79,872 -------- c:\windows\system32\vowowono.dll
2009-02-23 22:53 84,992 a--sh--- c:\windows\system32\sitizeme.dll
2009-02-23 22:53 129,024 a--sh--- c:\windows\system32\yifunaga.dll
2009-02-23 22:53 79,872 a--sh--- c:\windows\system32\beyugazo.dll
2009-02-23 10:53 129,024 a--sh--- c:\windows\system32\jugusaja.dll
2009-02-23 10:53 79,872 a--sh--- c:\windows\system32\wiyeziwu.dll
2009-02-22 22:52 129,024 a--sh--- c:\windows\system32\lisepeyo.dll
2009-02-22 22:52 79,872 a--sh--- c:\windows\system32\hahohetu.dll
2009-02-22 22:52 84,992 a--sh--- c:\windows\system32\gesiwoha.dll
2009-01-03 23:19 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-20 21:31 130,560 a------- c:\windows\urebatidedugugek.dll
2008-12-20 21:19 40,960 a------- c:\windows\Rxoyoqaxuw.dll
2008-12-12 09:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2007-09-27 22:09 88 ---shr-- c:\windows\system32\D09C2EC223.sys
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\danuzihi.dll
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\hezubuti.dll
2007-09-27 22:09 3,296 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:01:29.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:39 AM

Posted 03 March 2009 - 04:46 PM

Hello Catchharish and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users