Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Trojan


  • Please log in to reply
1 reply to this topic

#1 Lisa17

Lisa17

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 January 2010 - 11:39 AM

Hello,

I am trying to remedy my daughter's laptop computer. I followed "boopme"'s instructions for another poster to remove this virus. I am up to the part after running the SuperAntiSpyware complete scan and rebooting the computer normally. Here is what the scan log read:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/09/2010 at 10:01 AM

Application Version : 4.33.1000

Core Rules Database Version : 4446
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 01:36:23

Memory items scanned : 223
Memory threats detected : 0
Registry items scanned : 6860
Registry threats detected : 11
File items scanned : 28360
File threats detected : 49

MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL

Trojan.Dropper/Gen-123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SysTray
HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}
HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}
HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32
HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\POUPEAXDO.DLL

Rogue.InternetSecurity2010
C:\Documents and Settings\Lis\Desktop\Internet Security 2010.lnk

Trojan.Agent/Gen-SVCHost[Fake/Alloy]
C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\APPLICATION DATA\UPD.EXE
C:\DOCUMENTS AND SETTINGS\LIS\APPLICATION DATA\UPD.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0057896.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0058904.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0062956.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064066.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064526.EXE

Adware.Tracking Cookie
C:\Documents and Settings\HelpAssistant\Cookies\lis@advertising[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@ad.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@adrevolver[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@ads.bridgetrack[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@ads.pointroll[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@doubleclick[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@at.atwola[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@atdmt[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@atwola[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@cdn.at.atwola[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@cdn.at.atwola[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@content.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@fastclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@media.adrevolver[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@tacoda[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@pointroll[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@tacoda[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\lis@tribalfusion[1].txt

Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\NAH_LOG.DAT
C:\DOCUMENTS AND SETTINGS\LIS\NAH_LOG.DAT

Trojan.Agent/Gen-Fakey
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0057739.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0058747.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0062746.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0063747.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0063909.EXE

Trojan.Agent/Gen-FakeAlert
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0057741.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0058749.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0062748.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0063749.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0063911.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064335.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064336.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064337.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064338.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064339.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064342.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064343.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0064344.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ABEEG.BAK1


What should I do next?? Also, every time we start up the computer I keep getting messages that Internet Explorer was unable to open. What is this about?

Any help you can offer would be greatly appreciated.

Thanks!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 AM

Posted 15 January 2010 - 10:33 AM

I followed "boopme"'s instructions for another poster to remove this virus.

boopme provides help to many members here and the instructions provided are not always the same for everyone. You need to be specific as to what actions you have taken so far.

No sense in me providing instructions for things you may have already done.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users