I've been reading the other threads from people who have been having troubles with the Vundo!grb nastiness, and it seems like I am having the same problems. My McAfee antivirus keeps detecting it and "deleting" it and then I get random popups on my internet explorer.
The McAfee says the thing is coming from C:\WINDOWS\system32\amikujoj.tmp or C:\WINDOWS\system32\itojuhin.tmp.
I'm not sure what kind of information you need, so just to be on the safe side I copy and pasted the log from the VirusScan On-Access that has been detecting the virus.
Here is today's log:
3/15/2009 9:28:26 AM Engine version = 5.3.00
3/15/2009 9:28:26 AM DAT version = 5514
3/15/2009 9:28:26 AM Number of virus signatures in EXTRA.DAT = None
3/15/2009 9:28:26 AM Names of viruses that EXTRA.DAT can detect = None
3/15/2009 9:29:04 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\amikujoj.tmp Vundo!grb (Trojan)
3/15/2009 9:29:56 AM Deleted JENNY\Jen explorer.exe Vundo!grb (Trojan)
3/15/2009 9:30:17 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
3/15/2009 9:33:27 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
3/15/2009 9:36:26 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
3/15/2009 9:39:27 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
3/15/2009 9:42:27 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
3/15/2009 9:45:37 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
3/15/2009 9:48:37 AM Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
3/15/2009 9:55:56 AM Statistics:
3/15/2009 9:55:56 AM Files scanned: 3236
3/15/2009 9:55:56 AM Files detected: 11
3/15/2009 9:55:56 AM Files cleaned: 0
3/15/2009 9:55:56 AM Files deleted: 11
3/15/2009 9:55:56 AM Files moved: 0
2009-03-15 09:57 Engine version = 5.3.00
2009-03-15 09:57 DAT version = 5514
2009-03-15 09:57 Number of virus signatures in EXTRA.DAT = None
2009-03-15 09:57 Names of viruses that EXTRA.DAT can detect = None
2009-03-15 09:58 Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.ini Vundo!grb (Trojan)
2009-03-15 09:58 Deleted JENNY\Jen explorer.exe C:\WINDOWS\system32\itojuhin.tmp Vundo!grb (Trojan)
Thank you so much. Hopefully this is enough starting information.
Jenny
Edited by icahicah, 15 March 2009 - 10:29 AM.