Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Virus


  • Please log in to reply
5 replies to this topic

#1 jayyysunnn

jayyysunnn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 November 2010 - 08:54 PM

Hello everyone!!

I would like to thank you guys for clicking this link and trying to help me with this situation I'm in. ^_^

Just to start off, I have no idea where I obtained this virus and was wondering if anyone can help me. A nice samaritan aided me a bit in containing this virus. He instructed me to download Malware Bytes and use DDS to scan and paste logs to identify the current issue I have now.

I cannot locate my reformatting disk because I think my dad threw it away. And also I cannot system restore because my computer is half-dead? It had a system32 corruption, but my cousin fixed it a bit. And I have no set dates for system restore.

I'll recap to the start on what happened.

First, I was on my computer strolling through a gaming forum, talking with friends with instant messaging, and listening to iTunes when my computer suddenly lagged a bit. Then on the lower right hand of my computer popped up a small bubble that said "Your computer is at risk". Then when I tried to open up Mozilla to google, it would not permit me to continue any further as "The file mozilla.exe cannot be executed due to a potentially harmful virus" [something like that]. It happened to everything else from something as complex as opening my internet to opening notepad; I could not open anything.

My friends from school then came over to check what's wrong with my computer. My internet would not turn on as some kind of virus was disabling me from going online. My friend told me my proxy settings just "vanished". But after going back and talking to my online friend, I fixed up the proxy and now I can go online.

I then downloaded Malware Bytes and ran a quick scan and then "removed" them. I don't have a full antivirus yet, but I remembered downloading Avast! 2 years ago, but when I un-installed, there was a ".dll" left. Not sure of the name, but it won't remove itself from my computer and this is preventing me from progressing any further by downloading any version of Avast!. I do not use AVG much because it blocks certain stuff and won't let me play my favorite online game.

One more thing, I had a past experience like this. I had a rogue virus that was persistent in asking me to buy "this specific brand of anti-virus" to eliminate the current one I had in my computer. I knew it was a scam and it locked everything on my computer. I used Rkill on that one, and it just went away so I forgot about it and returned to my usual ways. Going on computer to talk and play games and homework.

That's all I can remember. If it feels like I'm being to vague on any of this, please reply and tell me so I can clarify for you.

Thanks so much!!

Sincerly, Jason :)

Edited by jayyysunnn, 09 November 2010 - 08:55 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:42 AM

Posted 16 November 2010 - 02:32 PM

Hi Jason,

Sorry for the delay in response to your thread.
If you still require help let me know.

Many thanks.

BBPP6nz.png


#3 jayyysunnn

jayyysunnn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 17 November 2010 - 09:53 AM

How are you?
and I am still in need of help exterminating this virus :)

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:42 AM

Posted 17 November 2010 - 10:12 AM

Hi Jason,

Let's see if we can get to the bottom of this.

Step 1
Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

Posted Image

Click Check for Updates

Posted Image

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Posted Image
  • Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
    .
  • Click the Run Scan button.

    Posted Image
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
MBAM scan report
and both reports from OTL


Thanks.

BBPP6nz.png


#5 jayyysunnn

jayyysunnn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 19 November 2010 - 07:38 PM

I decided to post it in paste bin to lessen the massive texts that I'm sending you.
Thought ti would be helpful :)!

http://pastebin.com/rnzWiCMB

http://pastebin.com/bPi0eWZh

I placed both as private and they have a 1 month expiration date!

As for the MBAM, the nice person I met through the gaming forum told me to eliminate it. When he reached to a point where his expertise didn't excel at, he referred me to this site.
And when I scan using MBAM, it states that there is no malicious software or etc after the scan was finished. I can show you a previous log of details and information about it if you wish too =]

Thankies ^^

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:42 AM

Posted 22 November 2010 - 11:28 AM

Hi jayyysunnn,

Those reports are a bit of a mess.
Let's tidy up the AV entries .... you have leftovers for AVG and Avast.
Then we'll deal with the rest.

But please post all reports back in this thread and not in the paste bin.

Step 1
Please go to:
http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

download to your desktop.
then double click to start the uninstaller.

------------------

Please go to:
http://www.avast.com/eng/avast-uninstall-utility.html

and follow the instructions there to remove Avast

Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image

This is an example, you may rename ComboFix to anything you want.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 3
Please install and new AV program:

Note*:
Upon installation MS Security Essentials will check that your OS is a legal copy.

Only install one AntiVirus program

In your next reply, please submit:
Combofix.txt


Thanks.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users