Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo.H


  • This topic is locked This topic is locked
3 replies to this topic

#1 Beagle1927

Beagle1927

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 02 May 2009 - 06:27 PM

Hello..I ran malware bytes and it said that I was infected with (Trojan.Vundo.H) . I fix the problem but it prompts me to restart (which I do)..I run malware bytes again and it says that I have (Trojan.Vundo.H) again. please help me break the cycle

Here is my hijack this log...Everyone else is posting theirs..so I thought thatI would post mine


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:15 PM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinZcfgSvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesMessengermsmsgs.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
C:Program FilesJavajre6binjqs.exe
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
C:WINDOWSwanmpsvc.exe
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32wscntfy.exe
C:PROGRA~1TRENDM~1INTERN~1PccGuide.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesAOL1169769463eeaolsoftware.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesAmerica Online 9.0waol.exe
C:Program FilesAmerica Online 9.0shellmon.exe
C:Program FilesCommon FilesAolaoltpspd.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMalwarebytes' Anti-Malwarembam.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe

O2 - BHO: (no name) - {13605F74-2E92-4C8B-BE17-1A0901BEDFA6} - c:windowssystem32gncxjww.dll
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:Program FilesMalwarebytes' Anti-Malwarembam.exe" /runcleanupscript
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O17 - HKLMSystemCCSServicesTcpip..{1E9AEC13-E80B-49A2-BCE1-9637C67A664C}: NameServer = 205.188.146.145
O20 - Winlogon Notify: ljsjippu - C:WINDOWSSYSTEM32gncxjww.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe

--
End of file - 3972 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 02 May 2009 - 08:10 PM.


BC AdBot (Login to Remove)

 


#2 Beagle1927

Beagle1927
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 06 May 2009 - 05:35 PM

Any Ideas...Ami not p;osting right?

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:01 AM

Posted 09 May 2009 - 05:43 PM

Hello Beagle1927.

Post your Malwarebytes log so I can see what it is finding.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:01 AM

Posted 15 May 2009 - 09:28 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users