Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLEASE HELP : Vundo and Vundo.H


  • Please log in to reply
1 reply to this topic

#1 escky

escky

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 23 April 2009 - 07:55 AM

hi guys. i know you've heard it all before, but i just joined in hopes of finding a way to finally get rid of this blasted virus (you know - popups claiming internet explorer when you're running firefox, fake reg-cleaners, slowed processing, lack of access to certain sites, etc).

i was skimming through the virus threads here and decided it was just best to ask, instead of trying to take from what i could of other's post.
i really believe my roommate's computer just died from this or something very similar.

i have avast!4 (which detected 2 virus, but could do nothing) and MBAM (just updated). I was very tempted to just hit "remove selected" but i really dont wanna mess up my poor lil laptop any further.
_______________________________________

Here's my log:

Malwarebytes' Anti-Malware 1.36
Database version: 2031
Windows 5.1.2600 Service Pack 3

4/23/2009 8:45:53 AM
mbam-log-2009-04-23 (08-45-47).txt

Scan type: Quick Scan
Objects scanned: 82772
Time elapsed: 13 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\rihenijo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kalagoji.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fepuyepe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bapugoki.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pafipovu.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a704487-2fa2-405b-b6d1-10da86e2b247} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6a704487-2fa2-405b-b6d1-10da86e2b247} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6a704487-2fa2-405b-b6d1-10da86e2b247} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5813926b (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5b20a1f7 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buwozefevu (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: ufctuik.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bapugoki.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\bapugoki.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pafipovu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\honahofu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ufohanoh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rihenijo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ojinehir.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\pafipovu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kalagoji.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fepuyepe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\ufctuik.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bapugoki.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kijayavo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\reripaga.exe (Trojan.Vundo.V) -> No action taken.

____________________________


NOTE : when i tried to go into system32 to rename and delete these dll files (like another tutorial said), these files weren't even visibly present in the folder.
any help would be much appreciated (and any advice as to avoid this in the future, because to be perfectly honest, i havent the foggiest of where this all came from!!)


[escky]

Edited by escky, 23 April 2009 - 07:56 AM.


BC AdBot (Login to Remove)

 


#2 escky

escky
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 23 April 2009 - 12:24 PM

anything, you guys? i tried "VundoFix" as well and nothing it didnt discover anything)
:C

(also : i'm really afraid to delete anything because one of the files that the anti-malware program is picking up as infected is connected to (or says its connected to) my processor. C:\WINDOWS\ufctuik.dll )

Edited by escky, 23 April 2009 - 12:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users