Jump to content

az10

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. az10
    Anyone?
  2. az10
    Here's my ComboFix log: ComboFix 09-11-05.01 - Owner 11/05/2009 14:34.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.498 [GMT -5:00] Running from: c:\documents and settings\Owner.Andy\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-647344410-2365357573-1185470651-500 c:\windows\kb913800.exe c:\windows\system32\danirizi.dll c:\windows\system32\kewomavo.dll c:\windows\system32\laninejo.dll c:\windows\system32\loyuwisa.dll c:\windows\system32\nsprs.dll c:\windows\system32\nuyuviju.dll c:\windows\system32\wokiwiba.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))))) . 2009-11-03 19:37 . 2009-11-03 19:38 -------- d-----w- c:\documents and settings\Owner.Andy\Local Settings\Application Data\Temp 2009-11-03 03:12 . 2009-11-03 03:12 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla 2009-11-03 03:11 . 2009-11-03 03:11 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat 2009-11-03 03:00 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-03 03:00 . 2009-11-03 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-03 03:00 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-02 23:50 . 2009-11-02 23:50 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-01 16:15 . 2009-07-01 22:13 161816 ----a-w- c:\windows\RegGenieOnUninstall.exe 2009-11-01 16:15 . 2009-11-02 21:06 -------- d-----w- c:\program files\RegGenie 2009-10-27 16:18 . 2009-10-27 16:19 1407680 ----a-w- c:\documents and settings\Owner.Andy\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe 2009-10-23 16:00 . 2009-10-23 16:29 -------- d-----w- c:\program files\rbryat 2009-10-15 07:10 . 2009-10-15 07:10 -------- d-----w- C:\6b92a6c40859a0df2acabadb 2009-10-14 17:27 . 2009-10-14 19:39 -------- d-----w- c:\documents and settings\Owner.Andy\Application Data\ICAClient 2009-10-14 17:26 . 2009-10-14 17:26 -------- d-----w- c:\windows\system32\Resource 2009-10-14 17:26 . 2009-10-14 17:26 -------- d-----w- c:\program files\Citrix 2009-10-14 17:25 . 2009-10-14 17:25 -------- d-----w- c:\documents and settings\OWNER~1~AND\LOCALS~1 2009-10-14 17:25 . 2009-10-14 17:25 -------- d-----w- c:\documents and settings\OWNER~1~AND 2009-10-13 04:38 . 2009-10-13 04:38 -------- d-----w- c:\documents and settings\Owner.Andy\Local Settings\Application Data\AIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 07:03 . 2006-10-12 03:23 -------- d-----w- c:\program files\McAfee 2009-11-03 16:47 . 2007-05-07 21:15 -------- d-----w- c:\documents and settings\Owner.Andy\Application Data\U3 2009-11-03 03:11 . 2009-08-04 21:18 50376 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-11-03 03:04 . 2006-12-21 23:27 -------- d-----w- c:\program files\DivX 2009-11-02 22:11 . 2006-10-12 03:05 -------- d-----w- c:\program files\Google 2009-11-02 21:06 . 2006-12-21 23:18 -------- d-----w- c:\documents and settings\Owner.Andy\Application Data\Azureus 2009-11-01 17:48 . 2006-06-19 04:25 50376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-27 16:19 . 2007-01-17 03:45 -------- d--h--w- c:\documents and settings\Owner.Andy\Application Data\Move Networks 2009-10-27 16:19 . 2009-07-03 15:30 126970 ----a-w- c:\documents and settings\Owner.Andy\Application Data\Move Networks\uninstall.exe 2009-10-27 16:19 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Owner.Andy\Application Data\Move Networks\plugins\npqmp071505000010.dll 2009-10-25 21:42 . 2008-05-27 23:35 -------- d-----w- c:\program files\PokerStars 2009-10-15 07:05 . 2006-10-12 03:14 -------- d-----w- c:\program files\Microsoft Works 2009-09-28 23:34 . 2009-09-28 23:34 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-28 23:34 . 2006-10-12 03:08 -------- d-----w- c:\program files\Java 2009-09-28 23:33 . 2009-09-28 23:33 152576 ----a-w- c:\documents and settings\Owner.Andy\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-09-21 17:46 . 2009-09-21 17:46 -------- d-----w- c:\program files\TweetDeck 2009-09-19 03:06 . 2009-09-19 03:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2009-09-16 14:22 . 2007-02-07 02:35 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 14:22 . 2007-02-07 02:35 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 14:22 . 2007-02-07 02:35 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 14:22 . 2007-02-07 02:35 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 14:22 . 2007-02-07 02:35 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-14 20:07 . 2006-10-12 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-13 21:57 . 2008-10-04 20:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-09-11 14:03 . 2006-06-17 09:23 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 07:06 . 2009-03-13 20:21 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 20:45 . 2006-06-17 09:23 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2006-06-17 09:23 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2006-06-17 09:23 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:16 . 2006-06-17 09:24 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-04 21:24 . 2009-08-04 21:23 8050536 ----a-w- c:\program files\Firefox Setup 3.5.2.exe 2009-06-03 15:25 . 2009-06-03 15:25 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408] "Google Update"="c:\documents and settings\Owner.Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-03 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-03 30192] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-12 98304] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\bigz.exe.exe" [2009-09-10 1312080] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-12-27 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-10-11 2168360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= "c:\\Program Files\\BigFix\\bigfix.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2008 3:14 PM 92296] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/8/2007 3:10 AM 24652] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/11/2006 10:05 PM 30192] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [6/15/2007 2:58 PM 39048] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1929080933-648326475-2723996179-1006Core.job - c:\documents and settings\Owner.Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 19:36] 2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1929080933-648326475-2723996179-1006UA.job - c:\documents and settings\Owner.Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 19:36] 2006-11-05 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00] 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-07 16:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-07 16:22] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956 FF - ProfilePath - c:\documents and settings\Owner.Andy\Application Data\Mozilla\Firefox\Profiles\ubrju9g1.default\ FF - prefs.js: browser.startup.homepage - hxxp://fantasysports.yahoo.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\Owner.Andy\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Owner.Andy\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Owner.Andy\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - BHO-{b65be8f3-2e8c-42cd-bb6b-5948673348cc} - vonabuka.dll HKCU-Run-Aim6 - (no file) HKLM-Run-RegGenie Scheduler - c:\program files\RegGenie\RegGenieScheduler.exe HKLM-Run-dudebezoye - wokiwiba.dll SharedTaskScheduler-{43a80c43-0b98-40d8-8dcf-1125629a7f16} - c:\windows\system32\jiyigafa.dll SSODL-lukugusim-{43a80c43-0b98-40d8-8dcf-1125629a7f16} - c:\windows\system32\jiyigafa.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-05 14:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3464) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\McAfee\MSK\MskSrver.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\dllhost.exe c:\windows\eHome\ehmsas.exe c:\windows\system32\igfxsrvc.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Completion time: 2009-11-05 14:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-05 19:54 Pre-Run: 130,743,918,592 bytes free Post-Run: 130,899,738,624 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - CFE64398C2C5C4621E6FBDE0FC705C73
  3. az10
    I've acquired the Vundo and I ran Malwarebytes and it got rid of some and supposedly got rid of the others after a reboot. Unfortunately, later in the day, it keeps coming back. Also, even after the reboot I am still getting some symptoms from the virus. I run Malwarebytes but it doesn't detect anything until I run it again later on. Here are my log files. Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 2 11/5/2009 11:13:06 AM mbam-log-2009-11-05 (11-13-06).txt Scan type: Quick Scan Objects scanned: 123612 Time elapsed: 24 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\kalomawu.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{86165841-8419-423a-ba7f-6e8ec73c7eaf} (Trojan.Vundo.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wihububit (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{86165841-8419-423a-ba7f-6e8ec73c7eaf} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dijulawof (Trojan.Vundo.H) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kalomawu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kalomawu.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\kalomawu.dll (Trojan.Vundo.H) -> Delete on reboot.
  4. az10
    I've acquired the Vundo and I ran Malwarebytes and it got rid of some and supposedly got rid of the others after a reboot. Unfortunately, later in the day, it keeps coming back. Also, even after the reboot I am still getting some symptoms from the virus. I run Malwarebytes but it doesn't detect anything until I run it again later on. Here are my log files. Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 2 11/5/2009 11:13:06 AM mbam-log-2009-11-05 (11-13-06).txt Scan type: Quick Scan Objects scanned: 123612 Time elapsed: 24 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\kalomawu.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{86165841-8419-423a-ba7f-6e8ec73c7eaf} (Trojan.Vundo.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wihububit (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{86165841-8419-423a-ba7f-6e8ec73c7eaf} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dijulawof (Trojan.Vundo.H) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kalomawu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kalomawu.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\kalomawu.dll (Trojan.Vundo.H) -> Delete on reboot.
  5. az10
    Same problem with me. Appears Malwarebytes is the only program to fully remove Vundo, but the Vundo has blocked me from opening Malwarebytes. No idea what to do and getting incredibly frustrated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.