Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Vundo, "third hands", task manager disabled


  • Please log in to reply
2 replies to this topic

#1 hippita

hippita

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 24 March 2009 - 10:01 AM

Hello All,

Let me say first that I'm so impressed that there are people like yourselves out there helping out the not so computer savvy like myself...I really appreciate it!

So I've got a variety of issues, I don't know if they're all related or not so I'll do my best to describe them.

Main Symptoms

- Ctr + Alt + Del brings up "task manager has been disabled by your administrator"
- Flashing desktop background "Warning Dangerous spyware. Many viruses were found on your computer...etc"
- Box that pops up saying "server busy. this action cannot be complete because the other program is busy. choose 'switch to' to activate the busy program and correct the problem" I can't cancel or get rid of it.
- Pop ups galore

What I've tried

- I tried to run the DDS scan but I got a blue screen shut down.
- I tried to run Malwarebytes' scan. Scan was completed but system was shut down before it could save the log or delete the many issues it found (65+ infected :thumbsup: )

I've looked back into Malwarebytes and it seems to have quarantined Trojan.Vundo.H

This is bad...I know! Can anyone give me advice where to go from here?

Thanks a lot!!!

BC AdBot (Login to Remove)

 


#2 hippita

hippita
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 24 March 2009 - 11:21 AM

Ok, well I ran Malwarebytes again and was able to get the log and do the removal process. However, I get the feeling that I'm not out of the woods by a long shot...


On restart I got these messages:

userinit.exe - bad image
the application or DLL C: WINDOWS\system32\system32\vdscmn.dll is not a valid windows image. Please check against installation diskette

userinit.exe - bad image
the application or DLL C: WINDOWS\system32\system32\yuwehosu.dll is not a valid windows image. Please check against installation diskette

userinit.exe - bad image
the application or DLL C: WINDOWS\system32\system32\ziluyuda.dll is not a valid windows image. Please check against installation diskette

3x each.

After start up, the evil background is gone, but the file is still there in desktop properties.

Ctr+Alt+Del brings the task manager up.

I've got the following locked in Malwarebyte's quarantine:
Trojan.Agent
Trojan.Downloader
Trojan.Vundo.H
Trojan.Vundo
Trojan.FakeAlert
Trojan.BHO
Trojan.Dropper
Trojan.TDSS
Malware.Trace
Rootkit.Trace
Adware.SpeedMonitor

All of them are there several times.


I've been able to run the DDS scan now, do I post those results here? Or is that another section?

THanks!

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:45 AM

Posted 25 March 2009 - 09:52 PM

The DDS scan is used in preparation for submitting a HJT log if that is your intention
That log should be posted in our HJT forum, here:


http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users