Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with three Trojan Horse Vundo.KA


  • Please log in to reply
1 reply to this topic

#1 Temporaryaccount

Temporaryaccount

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 17 February 2010 - 09:36 PM

I use Windows XP SP3, Media Center Edition 2005.

I've had this issue for about a month now. I got a virus that redirected me to different sites whenever I search, and opens up tabs and popups to sites, too. Luckily, it hasn't redirected me to pornography, but this is really bothering me.

When I first got it, it affected Chrome. So I uninstalled it. I also found it redirected in IE and Firefox as well, so I uninstalled Firefox but not IE, because it is such a hassle to re-install.

Then I got a notification from AVG, saying "Multiple Threat Detection" at the top. I have an Exploit Search engine hijack and an Exploit Rogue Scanner (type 1006). However, AVG didn't recognize the virus, as I scanned twice and it detected nothing. It says the process name was C:\Program Files\Mozilla Firefox\firefox.exe.

The infection files were from forums.khinsider.com and foryouscann.com.

Now to recent days.

AVG has recently detected Trojan Horse Vundo.KA viruses. Let me show you a recent log.

"Scan ""Scheduled scan"" was finished."
"Infections";"8";"8";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, February 12, 2010, 12:39:25 PM"
"Scan finished:";"Friday, February 12, 2010, 2:43:13 PM (2 hour(s) 3 minute(s) 47 second(s))"
"Total object scanned:";"527438"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\WINDOWS\system32\svchost.exe (1120):\memory_001a0000";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\WINDOWS\system32\svchost.exe (1120)";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\WINDOWS\system32\csrss.exe (888):\memory_00270000";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\WINDOWS\system32\csrss.exe (888)";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\WINDOWS\explorer.exe (3580):\memory_001a0000";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\WINDOWS\explorer.exe (3580)";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\Program Files\Mozilla Firefox\firefox.exe (1456):\memory_001a0000";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\Program Files\Mozilla Firefox\firefox.exe (1456)";"Trojan horse Vundo.KA";"Reboot is required to finish the action"


I rebooted (twice) and still they were never removed.

Here's an even more recent log.

"Scan ""Scan whole computer"" was finished."
"Infections";"6";"6";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Sunday, February 14, 2010, 5:34:30 PM"
"Scan finished:";"Sunday, February 14, 2010, 7:01:38 PM (1 hour(s) 27 minute(s) 8 second(s))"
"Total object scanned:";"525358"
"User who launched the scan:";"HP_Administrator"

"Infections"
"File";"Infection";"Result"
"C:\WINDOWS\system32\svchost.exe (1120):\memory_001a0000";"Trojan horse Vundo.KA";"Moved to Virus Vault"
"C:\WINDOWS\system32\svchost.exe (1120)";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\WINDOWS\explorer.exe (3248):\memory_001a0000";"Trojan horse Vundo.KA";"Moved to Virus Vault"
"C:\WINDOWS\explorer.exe (3248)";"Trojan horse Vundo.KA";"Reboot is required to finish the action"
"C:\Program Files\Mozilla Firefox\firefox.exe (3740):\memory_001a0000";"Trojan horse Vundo.KA";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\firefox.exe (3740)";"Trojan horse Vundo.KA";"Reboot is required to finish the action"


And then the latest scan...

"Scan ""Scan whole computer"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Monday, February 15, 2010, 11:51:29 AM"
"Scan finished:";"Monday, February 15, 2010, 1:20:04 PM (1 hour(s) 28 minute(s) 35 second(s))"
"Total object scanned:";"525476"
"User who launched the scan:";"HP_Administrator"


And yet, the virus remains. I still have internet redirects, sudden tab openings, and popups. I have tried Malwarebytes, and it detected nothing.

I need help. I have already backed up all the files I want on an SD Card. Please help me remove this virus once and for all.

EDIT:

When I first had the problem a month ago, an AVG Alert came up saying
Access file is infected
Threat was blocked!
File name: yomm.ws/index2.php
Threat name: Exploit Link to known exploit site (type 812)
Process name: C:\\WINDOWS/system32/svchost.exe
Process ID: 1124


And minutes after I posted this another AVG Alert came up saying
Access file is infected
Threat was blocked!
File name: cut-down.in/index.php
Threat name: exploit javascript obfuscation type 620
Process name: C:\\WINDOWS/system32/svchost.exe
Process ID: 1280


Just wanted to post some additional info in case needed.

Edited by Temporaryaccount, 17 February 2010 - 10:21 PM.


BC AdBot (Login to Remove)

 


#2 Temporaryaccount

Temporaryaccount
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 17 February 2010 - 10:27 PM

Did I not put enough info on here? I put as much as I could without posting a Hijackthis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users