Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups - Vundo / Virtumonde???


  • This topic is locked This topic is locked
2 replies to this topic

#1 raellen89

raellen89

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 20 March 2010 - 03:08 PM

Hello! I most humbly come here asking for your knowledge and help. Three days ago my husband accepted an upgrade for Firefox from 3.58 to 3.6. After the upgrade, I noticed that programs requiring things such as java applets where not loading at all or slow to load. I uninstalled the upgrade and went back to Firefox 3.56. After that, we started getting Pop Ups, the commercial type. Our Pop UP blocker is enabled, but these Pop Ups are obvious, not the norm. At the time we had Malware Bytes on our computer and it had been scheduled to run everyday at 6pm for over the past year now and did so faithfully. I went to do a scan and noticed that it had disappeared from my System tray. I went into my Programs list to try and execute it from there only to get a "missing dll" file error message. So, I went on the net to download another copy of the installation for Malware Bytes, ran it and right at the end of the installation, received the same error. That evening, I downloaded a fresh copy of "Combo Fix", ran it, and got my report. But yet the Pop Ups still continued. The next day, I installed a purchased licensed copy of Kaspersky Internet Security 2010, ran a full scan, it found 1 virus, and 1 Trojan. Still Pop Ups, today Kaspersky is still picking up Trojans, we are up to 9 now, but still Pop Ups. Kaspersky has reported the following:

VirusRootKit.WIN32.TDSS.Y ( 1 Event) Disinfected
Trojan Program Trojan-Downloader.JS.Agent.fce (1 Event) Status not Know
Trojan Program Trojan.WIN32.Monder.DDMB (7 Events) Deleted
Trojan Progam Trojan.WIN32.StartPage.ehg (1 Event) Deleted

Ok, moving on. Kaspersky is not getting rid of it period. I think is is getting worse. I have turned off system Restore before running any thing to try and get rid of this.

Next, I installed Symantec Trojan Vundo Removal Tool 1.5, ran it was told I did not have Vundo.

I followed your instructions for getting started here before posting. I was unable to run the DDS application, it ran but I never saw the small black window, but notepad did come up and the text was not readable. I was able to run GMER. I have attached both reports.

I am running Windows XP Home Edition
Mozilla Firefox 3.56

Thank you for being here, I hope to hear back from the Forum soon. Hope you can help us.

Kind Regards,
Raelllen89

PS. I cannot upload the DDS text file/log, it is too large. I do not think you could read it anyways, as it is not normal readable text.

Attached Files

  • Attached File  ark.txt   15.21KB   7 downloads

Edited by raellen89, 20 March 2010 - 05:18 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:47 AM

Posted 22 March 2010 - 03:58 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif

***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Use the 'Add Reply' and add the new log to this thread.
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom scan's and fixes section paste in the below in bold

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    CREATERESTOREPOINT
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Blade

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:47 AM

Posted 27 March 2010 - 01:35 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users