assault606

Hi! I'm having trouble with my computer running sluggish and pop-ups occuring in my browser. I'm also experiencing hijacked search results on Google. I recently fixed the "disappearing mbam.exe" problem by following instructions on this forum. I'm VERY thankful to have this excellent program working again! However the Vundo trojan keeps returning. And I also seem to have one bad registry key. Here are the results from my last MBAM scan: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 10/29/2009 10:23:57 AM mbam-log-2009-10-29 (10-23-48).txt Scan type: Quick Scan Objects scanned: 115813 Time elapsed: 14 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gatesufib (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nuyajifun (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sozonolo.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sozonolo.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\hemenozu.dll (Trojan.Vundo) -> No action taken. Thank you in advance for any assistance you can provide!

Hi! I'm having trouble with my computer running sluggish and pop-ups occuring in my browser. I'm also experiencing hijacked search results on Google. I recently fixed the "disappearing mbam.exe" problem by following instructions on this forum. I'm VERY thankful to have this excellent program working again! However the Vundo trojan keeps returning. And I also seem to have one bad registry key. Here are the results from my last MBAM scan: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 10/29/2009 10:23:57 AM mbam-log-2009-10-29 (10-23-48).txt Scan type: Quick Scan Objects scanned: 115813 Time elapsed: 14 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gatesufib (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nuyajifun (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sozonolo.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sozonolo.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\hemenozu.dll (Trojan.Vundo) -> No action taken. Thank you in advance for any assistance you can provide!

no..i am using the free version. The free version provides as thourough a scan as the paid version and removes the items in question. The paid version also acts to PREVENT such infections from occuring (something I wish my paid McAfee subs. would do!!!!). Along with that there are also other ameneties such as scheduled scans and auto updates. But as far as scanning and removing they are the same.

little bit of an update....MBAM ran through it's scan and there were several Vundo - related issues...got rid of them and rebooted...ran MBAM again and the only thing that showed up was a registry issue : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. I don't know exactly what the effect this will have on my computer's performance but I'm not having issues with pop-ups, slow downs, or hijacked search results so far. (crossing fingers!!). Anybody have a clue as to what this registry error means?

I've been having the same problem as you guys have about the mbam.exe file being deleted upon completion of the install. So I needed a clean .exe file and since I don't have another computer in my house I thought I was screwed. I had read on the forums yesterday that there was a way to copy the file during the install process before it becomes corrupted/erased. (funny cause everyone says the file simply vanishes but in my case the file renames to MBAMGUI, which is essentially a ghost file). However this process of copying the file was not explained very well until I read isnadd's post this morning. I just want to say thank you isnadd! MBAM is working now and currently scanning. I'm sure I'm going to run into the same problem of malicious files not being erased upon reboot, but at least the program is working and step 1 is complete. I'll continue to follow this thread to see if these issues can be resolved.

My computer cannot locate the MBAM .exe file and I'm suffering from most of the symptoms related to a CLB driver infection so I went ahead and used ROOTREPEAL and ran the scan. However this was the only .sys file that showed up and doesn't seem to fit the description of the malignant file that seems to be wreaking havok on my computer. So I chose NOT to wipe this file and was instructed to post the log if I needed further help. So here it is: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/26 15:12 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! ==EOF== any help in this matter would be greatly appreciated!! Thank you