Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Figure This One Out


  • Please log in to reply
3 replies to this topic

#1 drnihili

drnihili

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 16 May 2007 - 06:02 PM

I picked up something nasty yesterday. McAffee showed two files, one with "Generic dropper.i" and the other with "zquest" but couldn't fix either. I manually deleted them, but they returned. Some snooping suggested the Vundo trojan. FixVundo didn't find it, but VirtumundoBeGone did. THe popups have died down, but the system is still sluggish and there's lots of disk access. Spybot, AdAware, and McAffee all say I'm clean. However, I note that my HJT log I have an 02 and an 020 both showing vbkey.dll, which I understand may be an indication of Vundo. Oddly, google hasn't heard of vbkey.dll or the othe rfile in my Windows/Config diretory, ntp2.ini.

I'd welcome any help in getting to the bottom of this. Here's the log:

-----

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:55:53 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

(Moderator edit: contents of logfile delete to save space. jgweed)

Edited by jgweed, 16 May 2007 - 06:10 PM.


BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:06 AM

Posted 16 May 2007 - 06:13 PM

At the present time, our HJT team does not accept the BETA version of HJT, and any log should be posted in the Team Forum. Please read the following directions for posting a log (there is a link to the "approved" HJT version in the Preparation Guide):

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

I am sure that our volunteer team of experts can help you once you submit a new log.

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 drnihili

drnihili
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 16 May 2007 - 06:25 PM

My apologies. I've been looking at too many different forums apparently. I'll post a non-beta log over there promptly.

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:06 AM

Posted 16 May 2007 - 06:29 PM

No problem. I see you wasted no time in posting your log. Just remember to make no changes to your computer that might invalidate its contents until a team member has a chance to work with you to resolve any problems the log finds.
Thanks again!
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users