Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo / frmwrk32.exe Infection, system tray alert, persistent browser popups/ Moved


  • Please log in to reply
7 replies to this topic

#1 WINDOWS_PC DUMMY

WINDOWS_PC DUMMY

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 04 March 2009 - 10:53 PM

Hello all! Im a pc dummy, but I am smart enough to know when something is wrong with my pc. I have McAfee Internet Security 09 installed on my HP Laptop.

Prior to 09 I was running a generic Virus protection program that was outdated. Before I scanned with McAfee, all seemed well on my laptop, but after my first

viruscan was completed. It brought back about 30 detections, all but a few were quarantined or deleted. One file that just keeps reappearing along with several

other files with similar names is VUNDO. I mean this thing wont go away. I have scanned my system with McAfee at least 4 times, but certain files keep

reappearing and since my intitial scan my desktop is now black with a flashing warning sign, saying dangerous spyware found, my task manager is disabled

except for the admin account, when I try to go to sites about removing spyware, malware, etc.. My browser rederects me to stuff I wasnt even searching for.

And to make matters worse McAfee's real time scanning has been disabled along with systemguards, and spyware detection and removal. The only thing up is

my firewall. Everytime I try to fix the issue I get an error saying that I cant fix it. As of late a red circle with an "X"(white) in the middle has appeared in my

task

bar and constantly tells me I need to clean my system with spycleaner tool??? Im dumb, but that just doesnt sound right. Example of files that keep re

appearing are as follows: BB021908.exe (refpron.gen trojan), first179.exe (generic dropper), and the infamous SenekagrmbebQ.DLL (Vundo.Vundo.Vundo.)

and also Vundo!grd & Vundo.gen.y, zha[1].exe (generic!artemis). These files wont go away or will be deleted and come back as something named slightly

different. Someone please help, I seen a few case like mine posted that seemed to be cured with the help of the LEGENDARY "Thunder". Thunder if your out

there could you please help. Freaking Geek Squad wants $300.00 and I am just a broke pc bum. Maybe if I get this problem fixed I will search for a job

online instead of ........ Please Help!! Thanks in advance WINdows_Pc Dummy.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:50 PM

Posted 04 March 2009 - 11:10 PM

Hello WINDOWS_PC DUMMY and welcome to BC :thumbsup:

As no logs are posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum. PLEASE DO NOT NOW POST LOGS unless someone asks to to, and then only post the ones they request.

Please tell us what your operating system is: Windows XP, Vista, etc.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 WINDOWS_PC DUMMY

WINDOWS_PC DUMMY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 05 March 2009 - 12:26 AM

Thanks alot for your swifty response orange blossom. Hopefully with your knowledge and help I can rid my system of this pestilence. It 12:am here so I will do what most pc bums do and go to sleep late and but Instead of sleeping til mid day I will be up early. My operating system is Microsoft XP.

Edited by WINDOWS_PC DUMMY, 05 March 2009 - 12:28 AM.


#4 WINDOWS_PC DUMMY

WINDOWS_PC DUMMY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 05 March 2009 - 08:50 AM

Up early like I said. This morning I get online and I am having the same symptoms, but now something new has come up. When trying to reach this page I was redirected to a bootleg antivirus site more than 10 times before finally ended up were I initially wanted to be. Anyway I ready for any suggestions that might help. Thanks in advance!

#5 WINDOWS_PC DUMMY

WINDOWS_PC DUMMY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 05 March 2009 - 10:13 AM

O and every time my desktop loads, the system32 and my documents folders all appear all of a sudden.

#6 WINDOWS_PC DUMMY

WINDOWS_PC DUMMY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 06 March 2009 - 04:11 PM

Hello any one out there???? Help........ Please :flowers: :thumbsup:

#7 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:50 PM

Posted 06 March 2009 - 05:49 PM

my task manager is disabled except for the admin account

Using that account, Right-click on the bottom of the screen and Open Task Manager
Click on the applications tab and end the process
Open task Manager again and click on the New Task button
Type in - explorer.exe - and click OK
You should now be able to download and run mbam
-----------------------------------------

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

---------------------------------

If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
--------------------------------

If you are still unable to download it you can try Safemode w/networking or using another computer, download to a flash drive or burn to a CD

Edited by garmanma, 06 March 2009 - 05:51 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 WINDOWS_PC DUMMY

WINDOWS_PC DUMMY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 09 March 2009 - 09:00 PM

Thanx for the info garmanma! Sorry for the delay time, while waiting for a response I sent the pc to a friend that so called knows how to remove VUNDO, but get this he charged me $30, some friend. Im a pc bum, I have no money. I kidnapped this pc just so I can still surf and checkout my topic here. I will be getting the pc back later this week and once I do I will follow the instructions you have listed and reply back. Thanx once again, I got desperate and gave up hope...so I sent it off.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users