Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo/IS2010 Malware


  • Please log in to reply
1 reply to this topic

#1 saraturtle

saraturtle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 27 December 2009 - 06:01 PM

Hi,

About a week ago my boyfriend's computer was invaded by the vundo virus. Shortly thereafter it was also invaded by the IS2010 fake program. Symptoms were the logon/logoff loop problem, the IS2010 fake antivirus popups, MBAM.exe was being deleted so we couldnt run Malwarebytes.

Using the steps provided in other posts on this site Ive deleted registry entries, system 32 files and ran malwarebytes etc. 2 days ago all seemed well. We ran SuperAntiSpyware, Malwarebytes, checked the registry and system 32 folder and nothing was found. No pop ups, no logon/logoff loops, no IS2010 and his computer was faster.

Yesterday though Malwarebytes indicated that vundo was back. My boyfriend hasn't been to any sites at all since the original scans came back clean. He was only running Malwarebytes one last time before going onto a website to assure ourselves the threat was gone (Although he hasnt visited any websites we are contantly connected to the internet through direct connection not wireless so this may have something to do with it). The only thing I can think of is that there is a file we keep missing that allows Vundo to re-spawn or something. Today we removed vundo using the same steps we previously used and it seems to be gone again (so the scans say).

The only trouble (right now) is a lingering file that only shows up on the task manager (karezabu.dll). Research shows this to be a bad file and we are unable to get rid of it. Occasionally other files with different names have popped up as well but we have been able to remove those. I believe these files are related to the Vundo virus that keeps popping back up on my boyfriend's computer. I have a hijakthis log I can post that was ran today if requested. Any help on making sure that Vundo is really and truly gone from the system and that any other malware/spyware that is causing us grief is gone as well is appreciated. Reformatting his computer is an absolute last ditch effort that we do not want to resort to unless there is nothing left for us to do.

Troublesome Files That Keep Reappearing Despite Deleting Them and Cleaning The Computer With Malwarebytes (These can be deleted at any time and cause no problem except that they keep reappearing):

fabipibu.dll
tekopopu.dll
diwihure.dll
msaouahn.dll
fastnetsrv.exe
btwsrv.dll
winlogon.exe
logon.exe

The only exception to this rule is karezabu.dll which I have already stated we are unable to get rid of.

I work with computers and this is the only time Ive been stumped. HELP!

Thanks,
Desperate girlfriend who spends her days off repairing her boyfriend's computer

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:36 AM

Posted 27 December 2009 - 09:25 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users