Jump to content

azza14

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by azza14

  1. Hi, Yes, I am rebooting on completion of the scan but I did not run PandaScan or HJT. I will complete these two other steps and post the logs as required. Thanks
  2. Hi, Recently, my computer was discovered to have an Trojan.Vundo infestation. I ran the Malwarebyte's program and it found most of it (a later scan - detailed underneth found some remaining elements of the Trojan. However, after running the program my Version of windows (XP) is unstable and in some cases unusable. Upon login, the message userinit.exe failed to initialise properly appears and causes the system to hang. I manually have to open Task Manager and run "explorer.exe" to enable the computer to run. When opening any windows based program (System Restore for example), I get a message "Rundll32.exe failed to initialise". I believe the file may have been corupted or changed by the virus/malwarebyte program. I would welcome any assistance you can provide. If you need anymore information, please give me a call. SCAN 1: Malwarebytes' Anti-Malware 1.23 Database version: 985 Windows 5.1.2600 Service Pack 2 7:56:57 AM 29/07/2008 mbam-log-7-29-2008 (07-56-57).txt Scan type: Quick Scan Objects scanned: 53996 Time elapsed: 17 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 9 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hgGyYPgf.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\hixipbfk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\tuvVNHww.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{020e521a-9153-46ef-9d9b-842d66a07857} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{020e521a-9153-46ef-9d9b-842d66a07857} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a8c43087-ac23-4c6d-91e5-d49d744f6e02} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvvnhww (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a8c43087-ac23-4c6d-91e5-d49d744f6e02} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyypgf -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyypgf -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\hgGyYPgf.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fgPYyGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fgPYyGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hixipbfk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\kfbpixih.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Aaron 3\Local Settings\Temporary Internet Files\Content.IE5\O5DLNU3C\kb456456[1] (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wineij32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvVNHww.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\qoMgddAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully. SCAN 2: Malwarebytes' Anti-Malware 1.23 Database version: 1006 Windows 5.1.2600 Service Pack 2 9:08:53 PM 29/07/2008 mbam-log-7-29-2008 (21-08-53).txt Scan type: Quick Scan Objects scanned: 17804 Time elapsed: 4 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 5 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hgGyYPgf.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wnqugtrg.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\tuvVNHww.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4444f899-d67f-4150-b3ef-de86c6d2613d} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4444f899-d67f-4150-b3ef-de86c6d2613d} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a8c43087-ac23-4c6d-91e5-d49d744f6e02} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8c43087-ac23-4c6d-91e5-d49d744f6e02} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvvnhww (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b496013f (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a8c43087-ac23-4c6d-91e5-d49d744f6e02} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyypgf -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyypgf -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\hgGyYPgf.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fgPYyGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fgPYyGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wnqugtrg.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\grtguqnw.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvVNHww.dll (Trojan.Vundo) -> Delete on reboot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.