Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN Vundo Removal....help tried various methods!!!


  • This topic is locked This topic is locked
5 replies to this topic

#1 rohiniro

rohiniro

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 05 July 2009 - 03:20 AM

Hi,
i recently scanned with my computer with my AVG (internet security 3 pack...has been there for quite some time now) & got this result: "C:\WINDOWS\system32\qyjtkotf.dll";"Trojan horse Vundo.GW";"Moved to Virus Vault".then i was prompted to restart my system but the file was not deleted.after searhing on the net;i did the following:

1.downloaded the vundo fix from symantec;booted into safe mode & ran the tool but to no avail.
2.Tried superantispyware & Malware bytes anti malware..both detected the 2 main dlls & several reigstry entries & tried to delete them on reboot but in vain.
3.Then i manually located the 2 Dlls:yjtkotf & lplelrx.dll & tried deleting them & their registry entries but failed.I tried to dele them with Killbox,fileassassin,regassassin & by unregistering them but cud not delete even though they became unregistered.

Here is my dds log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by RAHUL at 13:22:09.06 on 05/07/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.1892 [GMT 5.5:30]

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\windows\system32\nvsvc32.exe
D:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\system32\wscntfy.exe
svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\RAHUL\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: {fa496e71-74f3-4c7e-a862-841e37237473} - c:\windows\system32\lplelrx.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rahul\applic~1\mozilla\firefox\profiles\h19e34y5.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-3-1 12552]
R0 gtyddyke;gtyddyke;c:\windows\system32\drivers\gtyddyke.sys [2004-8-7 23424]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-3-1 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-11-8 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-3-1 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-30 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-9 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-4-30 1368952]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-9-30 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-9-30 29208]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\rohit\locals~1\temp\dmskssrh.sys --> c:\docume~1\rohit\locals~1\temp\DMSKSSRh.sys [?]
S3 max128k;max128k;c:\windows\system32\drivers\max128k.sys [2004-7-3 3840]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 USB_RNDIS_51; USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2004-8-4 12672]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
S4 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
S4 SymSnapService;SymSnapService;"d:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> d:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]
S4 TwonkyMedia;TwonkyMedia;d:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> d:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]

=============== Created Last 30 ================

2009-07-05 12:57 <DIR> --d----- c:\program files\Trend Micro
2009-07-05 12:44 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-05 12:24 161,792 a------- c:\windows\SWREG.exe
2009-07-05 12:24 155,136 a------- c:\windows\PEV.exe
2009-07-05 12:24 98,816 a------- c:\windows\sed.exe
2009-07-05 11:14 <DIR> --d----- C:\VundoFix Backups
2009-07-05 10:18 <DIR> --d----- c:\program files\FileASSASSIN
2009-07-04 21:13 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-07-04 15:29 <DIR> --d----- C:\!KillBox
2009-07-03 20:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-03 20:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-03 20:45 <DIR> --d----- c:\docume~1\rahul\applic~1\SUPERAntiSpyware.com
2009-07-03 18:39 <DIR> --d----- c:\program files\Enigma Software Group
2009-07-03 13:37 <DIR> --d----- c:\docume~1\rahul\applic~1\Malwarebytes
2009-07-03 13:37 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 13:37 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-03 13:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 13:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-01 17:10 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-07-01 14:15 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-01 13:50 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-07-01 13:50 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-07-01 13:50 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-06-18 00:13 246 a------- c:\documents and settings\rahul\appleipod.bat
2009-06-14 15:03 <DIR> --d----- c:\program files\PhotoELF
2009-06-12 16:17 <DIR> --d----- c:\windows\system32\Mozilla Shared
2009-06-10 22:09 <DIR> --d----- c:\program files\iPod
2009-06-10 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 22:09 <DIR> --d----- c:\program files\Bonjour
2009-06-10 22:06 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-10 01:14 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-10 01:14 1,409 a------- c:\windows\QTFont.for
2009-06-05 16:42 119 a------- c:\windows\NNS.INI
2009-06-05 16:42 446,464 a------- c:\windows\system32\HHActiveX.dll
2009-06-05 16:37 5,067,899 a------- c:\windows\system32\barbiedecSS.scr
2009-06-05 16:37 <DIR> --d----- c:\program files\Ambercakes.com
2009-06-05 14:33 <DIR> --d----- c:\windows\system32\mgs4_ss_1024_768_1 dir
2009-06-05 14:29 418,768 a------- c:\windows\Metal Gear Solid 2 - 2.exe
2009-06-05 14:29 132,040 a------- c:\windows\Metal Gear Solid 2 - 2.prv
2009-06-05 14:29 96,652 a------- c:\windows\Metal Gear Solid 2 - 2.scr
2009-06-05 14:29 28,672 a------- c:\windows\gscr.dll
2009-06-05 13:55 <DIR> --d----- c:\windows\Icons
2009-06-05 13:55 <DIR> --d----- c:\program files\FileSubmit
2009-06-05 13:50 5,003,590 a------- c:\windows\God of War Screen Saver.scr

==================== Find3M ====================

2009-06-11 11:58 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-04-30 11:21 11,952 -------- c:\windows\system32\avgrsstx.dll
2009-04-30 11:21 50,968 -------- c:\windows\system32\avgfwdx.dll
2009-01-30 23:00 1,150,620 a------- c:\docume~1\rahul\applic~1\PowerISO_4.3.exe
2008-10-01 13:29 94,208 a------- c:\docume~1\rahul\applic~1\ezplay.sys
2008-09-22 17:41 47,360 a------- c:\docume~1\rahul\applic~1\pcouffin.sys
2008-04-08 21:43 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-12-18 14:49 81,920 a------- c:\docume~1\rahul\applic~1\ezpinst.exe

============= FINISH: 13:22:30.39 ===============
Here is my hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:40, on 05/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\windows\system32\nvsvc32.exe
D:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\windows\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {FA496E71-74F3-4C7E-A862-841E37237473} - c:\windows\system32\lplelrx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 3210 bytes
malware bytes log:
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

05/07/2009 10:15:49
mbam-log-2009-07-05 (10-15-46).txt

Scan type: Quick Scan
Objects scanned: 144779
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qyjtkotf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lplelrx.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa496e71-74f3-4c7e-a862-841e37237473} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vrbwjkvv (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fa496e71-74f3-4c7e-a862-841e37237473} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000067e5-8f48-47bb-923c-b2265e30f0fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000067e5-8f48-47bb-923c-b2265e30f0fc} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{000067e5-8f48-47bb-923c-b2265e30f0fc} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\urzfkhzm (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\urzfkhzm (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fa496e71-74f3-4c7e-a862-841e37237473} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\lplelrx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qyjtkotf.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\eijmnbm.dll (Trojan.Vundo.H) -> No action taken.


Finally the log from avg running in safe mode:
AVG 8.5 Anti-Virus command line scanner
Copyright © 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.375
Virus Database: Version 270.13.2/2215 2009-07-02

\WINDOWS\system32\config\default Locked file. Not tested.
\WINDOWS\system32\config\default.LOG Locked file. Not tested.
\WINDOWS\system32\config\SAM Locked file. Not tested.
\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
\WINDOWS\system32\config\SECURITY Locked file. Not tested.
\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
\WINDOWS\system32\config\software Locked file. Not tested.
\WINDOWS\system32\config\software.LOG Locked file. Not tested.
\WINDOWS\system32\config\system Locked file. Not tested.
\WINDOWS\system32\config\system.LOG Locked file. Not tested.
\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested.
\WINDOWS\system32\qyjtkotf.dll Trojan horse Vundo.GW

------------------------------------------------------------
Objects scanned : 315505
Found infections : 1
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
--------------------------------------------------------


Hope somebody can help me with this annoying malware.

Regards.

Attached Files



BC AdBot (Login to Remove)

 


#2 rohiniro

rohiniro
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 05 July 2009 - 05:54 AM

hi,
an update on the issue.
Now whenever i open my computer,my documents.. AVGresident shield alert pops up: threat detected
file name: c\windows\system32\lplelrx.dll
threat name: virus identified Win32/Crptor detected on open
process name: c\windows\explore.exe
it keeps on repeating even after healing it.

#3 rohiniro

rohiniro
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 08 July 2009 - 01:11 AM

hi,
still waiting for a reply.
urgent help required!!!!!

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 09 July 2009 - 12:21 AM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 09 July 2009 - 12:49 AM

Hello

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\urzfkhzm (Trojan.Vundo.H) -> No action taken.


Run Malwarebytes' again.. This time, delete everything that it found.. Then reboot your computer

After that, re-run DDS again and post the Malwarebytes' and a fresh DDS logs here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 rohiniro

rohiniro
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 10 July 2009 - 04:33 AM

hi,
thanks for the belated replies but i was really stuck up with my pc & was not being able to complete my online commitments.
So i posted on another forum explaining my situation to them & am currently troubleshooting my pc with their team.So i would kindly request you to lock my topic.
Thanks once again...will surely wait for the the replies the next time when i post.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 10 July 2009 - 04:34 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HJT Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users