Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log/Virtumonde or Vundo Infection/


  • This topic is locked This topic is locked
6 replies to this topic

#1 FrankL90

FrankL90

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 18 January 2010 - 04:36 PM

I believe my computer is infected with the malware specified. I am not having severe issues such as BSOD's or unable to run security software so far. But I keep getting redirected to spam sites and such, I have run Malwarebytes and Super Anti-Spyware and although they found infections for Vundo Trojan and deleted them I still get redirected. My Browser is Firefox 3.5.7, this problem also seems to happen to me on IE and Google Chrome. I've tried using other search engines such as Bing and Yahoo and I still have the same spam redirects. If you need any more information let me know and i'll be happy to provide it.

Here is a log from HijackThis

Attached File  Attach.log   7.78KB   14 downloads

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:32 PM

Posted 25 January 2010 - 08:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 FrankL90

FrankL90
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 27 January 2010 - 04:19 PM

Thanks for your reply Sempai my problem has gotten worse actually and now my computer does not detect a connection to the internet despite my Gateway being connected and working for my Xbox 360 and the Mac Book I borrowed from my sister to type this. I'm really at the end of my rope here with this virus or whatever the hell it is. mad.gif

I first need to be able to restore my internet to the problem PC first so if you can assist in that i'll be grateful. smile.gif



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:32 PM

Posted 28 January 2010 - 02:29 PM

Hi FrankL90,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

  1. I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    To uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbar or Vuze toolbar

    Also remove the folder in bold (if present) only after uninstalling Ask Toolbar:
    C:\Program Files\AskBar
    c:\program files\askbardis

  2. Disable AVG LinkScanner:
    • Double click AVG system tray icon to open AVG.
    • In Overview section double click LinkScanner.
    • Uncheck the options to disable Linkscanner.
    • Press Save Changes.

  3. Open Internet Explorer. Under Tools menu select Internet Options.
    Under Programs select Mange add-ons.
    Select Toolbars and Extensions.
    Find AVG LinkScanner and select it. Click Disable and Close.

  4. To check if all devices are working properly:
    • Go to start > right-click My computer and select Properties.
    • Under Hardware tab select Device Manger.
    • Expand Network Adapters.
    • Note the device name or names listed.
    • Check if there is any ? or ! sign next to the listed devices. If yes tell me about that and:
      • Double-click on the listed device with ? or !
      • Under General tab note the writing in the Device Status section and post it to your reply.
    • If you expand Network Adapters and there is no ? or ! sign:
      • Double-click on the listed device(s).
      • Under General tab note the writing in the Device Status section and post it to your reply.
    • In case everything is working proceed with the next step.

  5. Make sure the following setting is set as it is supposed to be set:
    • Go to Start -> Control Panel -> Double click on Network Connections.
    • Right click on your default connection (usually Local Area Connection) and select Properties.
    • Select the General tab.
    • Double click on Internet Protocol (TCP/IP).
      Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".
    • Click OK twice to save the settings.
    • Reboot and check the connection if you had to change any setting.

  6. Go to Start > Run and type in cmd
    A command window pops up.Type in the command window the following lines and press Enter after each line (note the spaces):

    netsh int ip reset c:\reset.log

    Now reboot and see if you have connection. Only if you don't have connection proceed to the next step.

  7. Go to Start > Run and type in cmd
    A command window pops up.Type in the command window the following lines and press Enter after each line (note the spaces):

    netsh winsock reset

    Now reboot and see if you have connection.


#5 FrankL90

FrankL90
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 28 January 2010 - 10:07 PM

Thanks you for your reply farbar, I followed the steps you posted and removed Ask Toolbar, I also disabled AVG link scanner like you said. Now I checked my devices and all of them were working properly so I went to the next step. The writing for my device said "your device is working properly if you are having problems try troubleshooting this device". For TCP/IP Protocol that was unchanged and was on the settings you recommended I did not have to change that.

I did step number 6 and rebooted and my internet did not work, I finally did step 7 and rebooted but no dice and my internet is still not working. I'm getting more and more frustrated with this damn thing killcomp.gif I'll try to be as consistent with replying and updating my situation but I have a lot of stuff to take care of during the day so I might show up at random times.

Edited by FrankL90, 28 January 2010 - 10:09 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:32 PM

Posted 29 January 2010 - 05:31 AM

Thanks for the detailed feedback.

You need a flash drive to transfer the tools and transfer back the logs.
  1. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    CODE
    @echo off
    cd\
    (ipconfig /all
    nslookup google.com
    ping -n 2 google.com
    nslookup yahoo.com
    ping -n 2 yahoo.com
    ping -n 2 127.0.0.1
    route print) >Log1.txt
    start Log1.txt

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: test.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Transfer and double-click test.bat on the desktop of the infected computer.
    • A notepad opens, copy and paste the content of (c:\log.txt) to your reply.

  2. Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Under Output select "Standard Output" checkbox.
    • Set Services, Drivers and Standard Registry to All.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized




#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:32 PM

Posted 03 February 2010 - 03:37 AM

This thread will now be closed due to lack of activity.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users