HurrHurr

Members

View Profile See their activity

Posts
4
Joined
November 29, 2008
Last visited
December 4, 2008

Reputation

0 Neutral

Trojan Agent and Vundo

HurrHurr replied to HurrHurr's topic in Resolved Malware Removal Logs

ComboFix 08-12-02.02 - Jiquori Roberson 2008-12-03 14:33:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1557 [GMT -5:00] Running from: c:\documents and settings\Jiquori Roberson\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\afyh.sys c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\edyselyt._sy c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\efihitijix.bat c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ekarevedut.pif c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\exasi.dll c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ezewaja.bin c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\feqokuri.inf c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ibaqata.sys c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ijodog.scr c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\lylizyhom.dat c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\nolibut.inf c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\nuxizyxu.vbs c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ocivezy.db c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\onoviver._sy c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\oporuw.lib c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\pekifup.lib c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\qalepi.vbs c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\qyjixilo.dll c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\uxafekykin.pif c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\xube.vbs c:\windows\IE4 Error Log.txt c:\windows\system32\onihisuk.ini c:\windows\system32\usubitaj.ini . ((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 ))))))))))))))))))))))))))))))) . 2008-12-03 14:12 . 2008-12-03 14:11 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll 2008-12-03 14:12 . 2008-12-03 14:11 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl 2008-12-01 16:14 . 2008-12-01 16:14 <DIR> d----c--- C:\rsit 2008-11-30 00:08 . 2008-11-30 00:08 <DIR> d-------- c:\program files\Trend Micro 2008-11-30 00:05 . 2008-11-30 00:05 <DIR> d-------- c:\program files\Panda Security 2008-11-30 00:05 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys 2008-11-29 23:57 . 2008-11-30 00:02 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-29 23:57 . 2008-11-30 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-12 00:25 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-11-12 00:24 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-03 19:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-03 19:18 --------- d-----w c:\program files\Real 2008-12-03 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-12-03 19:11 --------- d-----w c:\program files\Java 2008-12-02 21:03 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-02 16:53 --------- d-----w c:\program files\McAfee 2008-11-29 07:10 94,772 ------w c:\windows\SYSTEM32\dinizuha.dll 2008-11-23 17:39 --------- d-----w c:\program files\Dl_cats 2008-11-07 16:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-11-01 17:14 1,170 -c--a-w c:\documents and settings\Jiquori Roberson\Application Data\wklnhst.dat 2008-10-30 11:17 --------- d-----w c:\program files\SUPERAntiSpyware 2008-10-30 11:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-30 11:17 --------- d-----w c:\documents and settings\Jiquori Roberson\Application Data\SUPERAntiSpyware.com 2008-10-29 20:59 --------- d-----w c:\documents and settings\Jiquori Roberson\Application Data\DivX 2008-10-29 20:56 --------- d-----w c:\program files\DivX 2008-10-27 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 20:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 20:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-22 12:25 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll 2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll 2008-10-15 22:52 --------- d-----w c:\program files\World of Warcraft 2008-10-15 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard 2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll 2008-09-16 00:14 524,288 ----a-w c:\windows\SYSTEM32\DivXsm.exe 2008-09-16 00:14 3,596,288 -c--a-w c:\windows\SYSTEM32\qt-dx331.dll 2008-09-16 00:14 129,784 ------w c:\windows\SYSTEM32\pxafs.dll 2008-09-16 00:14 120,056 -c----w c:\windows\SYSTEM32\pxcpyi64.exe 2008-09-16 00:14 118,520 -c----w c:\windows\SYSTEM32\pxinsi64.exe 2008-09-16 00:12 81,920 -c--a-w c:\windows\SYSTEM32\dpl100.dll 2008-09-16 00:12 593,920 -c--a-w c:\windows\SYSTEM32\dpuGUI11.dll 2008-09-16 00:12 57,344 -c--a-w c:\windows\SYSTEM32\dpv11.dll 2008-09-16 00:12 53,248 -c--a-w c:\windows\SYSTEM32\dpuGUI10.dll 2008-09-16 00:12 344,064 -c--a-w c:\windows\SYSTEM32\dpus11.dll 2008-09-16 00:12 294,912 -c--a-w c:\windows\SYSTEM32\dpu11.dll 2008-09-16 00:12 294,912 -c--a-w c:\windows\SYSTEM32\dpu10.dll 2008-09-16 00:12 200,704 -c--a-w c:\windows\SYSTEM32\ssldivx.dll 2008-09-16 00:12 196,608 -c--a-w c:\windows\SYSTEM32\dtu100.dll 2008-09-16 00:12 1,044,480 -c--a-w c:\windows\SYSTEM32\libdivx.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\SYSTEM32\divx_xx0c.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\SYSTEM32\divx_xx07.dll 2008-09-16 00:11 815,104 ----a-w c:\windows\SYSTEM32\divx_xx0a.dll 2008-09-16 00:11 802,816 ----a-w c:\windows\SYSTEM32\divx_xx11.dll 2008-09-16 00:11 683,520 ----a-w c:\windows\SYSTEM32\DivX.dll 2008-09-16 00:11 161,096 ----a-w c:\windows\SYSTEM32\DivXCodecVersionChecker.exe 2008-09-16 00:11 12,288 -c--a-w c:\windows\SYSTEM32\DivXWMPExtType.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys 2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll 2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll 2008-08-27 15:01 17,367 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\ozibydi.sys 2008-08-27 15:01 16,753 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\ydud.dat 2008-08-27 15:01 16,500 ----a-w c:\program files\Common Files\laxifif._dl 2008-08-27 15:01 15,754 ----a-w c:\program files\Common Files\imededa.inf 2008-08-27 15:01 13,300 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\oreve.bin 2008-08-27 15:01 11,366 ----a-w c:\program files\Common Files\olagym.scr 2008-08-27 14:40 19,319 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\nyhohaji.scr 2008-08-27 14:40 17,323 ----a-w c:\documents and settings\All Users\Application Data\dufokymaju.pif 2008-08-27 14:40 14,606 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\iqyzadom.scr 2008-08-27 14:40 14,148 ----a-w c:\program files\Common Files\fijosoqu.dll 2008-08-27 14:40 13,065 ----a-w c:\program files\Common Files\ebepub.inf 2008-08-27 14:40 12,088 ----a-w c:\documents and settings\All Users\Application Data\bevewanuji.exe 2008-08-27 14:40 10,028 ----a-w c:\program files\Common Files\asetewemo.reg 2008-08-27 00:31 19,771 ----a-w c:\documents and settings\All Users\Application Data\pamexime.sys 2008-08-27 00:31 19,547 ----a-w c:\documents and settings\All Users\Application Data\ximeguk.com 2008-08-27 00:31 17,672 ----a-w c:\documents and settings\All Users\Application Data\doha.bat 2008-08-27 00:31 16,877 ----a-w c:\documents and settings\All Users\Application Data\hygefyrec.dll 2008-08-27 00:31 15,543 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\ceqejus.pif 2008-08-27 00:31 13,731 ----a-w c:\documents and settings\All Users\Application Data\rojaz.dll 2008-08-27 00:31 10,072 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\hobyve.com 2008-08-27 00:26 19,447 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\usyse.bin 2008-08-27 00:26 19,234 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\tovyfe.reg 2008-08-27 00:26 16,177 ----a-w c:\documents and settings\All Users\Application Data\volef.sys 2008-08-27 00:26 15,833 ----a-w c:\program files\Common Files\tyqedete.pif 2008-08-27 00:26 13,522 ----a-w c:\documents and settings\All Users\Application Data\tipitudod.reg 2008-08-27 00:26 12,658 ----a-w c:\program files\Common Files\qynilubo.dll 2008-08-27 00:26 10,211 ----a-w c:\documents and settings\All Users\Application Data\izikadelo.sys 2008-08-26 19:36 19,540 ----a-w c:\program files\Common Files\ucocakow.reg 2008-08-26 19:36 16,879 ----a-w c:\program files\Common Files\ihevav.dl 2008-08-26 19:36 16,778 ----a-w c:\documents and settings\All Users\Application Data\amoged.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-16 68856] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "Desksite CMA"="c:\program files\desksite\bin\cma.exe" [2003-10-19 188416] "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-27 1107848] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-04-12 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalUserRun"= 0 (0x0) "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP54"= SP5X_32.DLL "VIDC.SP55"= SP5X_32.DLL "VIDC.SP56"= SP5X_32.DLL "VIDC.SP57"= SP5X_32.DLL "VIDC.SP58"= SP5X_32.DLL "VIDC.SP50"= SP5X_32.DLL "VIDC.SP51"= SP5X_32.DLL "VIDC.SP52"= SP5X_32.DLL "VIDC.SP53"= SP5X_32.DLL "VIDC.VDOM"= vdowave.drv "msacm.divxa32"= DivXa32.acm "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= *Newly Created Service* - JAVAQUICKSTARTERSERVICE *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2008-11-28 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JHUDSON-Jandra Hudson).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [] 2008-11-28 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JHUDSON-Jiquori Roberson).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [] 2008-11-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-12-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . - - - - ORPHANS REMOVED - - - - HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cox.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Search IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228" IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227" IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePoker\EmpirePoker.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePoker\EmpirePoker.exe - c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab3.cab c:\windows\Downloaded Program Files\SysReqLab3.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 14:37:49 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-03 14:40:34 ComboFix-quarantined-files.txt 2008-12-03 19:39:51 Pre-Run: 4,103,798,784 bytes free Post-Run: 4,864,114,688 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 271 --- E O F --- 2008-11-27 03:00:28
- December 3, 2008
- 5 replies
Trojan Agent and Vundo

HurrHurr replied to HurrHurr's topic in Resolved Malware Removal Logs

INFO info.txt logfile of random's system information tool 1.04 2008-12-01 16:14:43 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acoustica Effects Pack-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37} Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel® PRO Network Adapters and Drivers-->Prounstl.exe Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91} Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Encarta Encyclopedia Standard 2005-->MsiExec.exe /I{05410044-64A6-4248-A026-9745C1E9E159} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft Picture It! Premium 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Streets and Trips 2005-->MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works 2005 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\ Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5} Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Musicmatch
- December 1, 2008
- 5 replies
Trojan Agent and Vundo

HurrHurr posted a topic in Resolved Malware Removal Logs

Here are the logs from my computer, Im having problems with those pesky trojans MBAM Scan Malwarebytes' Anti-Malware 1.30 Database version: 1437 Windows 5.1.2600 Service Pack 3 11/30/2008 7:32:50 PM mbam-log-2008-11-30 (19-32-50).txt Scan type: Full Scan (C:\|) Objects scanned: 196901 Time elapsed: 7 hour(s), 3 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 3 Registry Values Infected: 13 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\SYSTEM32\vodademo.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\SYSTEM32\tusihivi.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb5558 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd1934 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3756 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc2357 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb1803 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd8805 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga5008 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc6937 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1ba91cee (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dupunizome (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\189a2f72 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\vodademo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\vodademo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\vodademo.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\magiduko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\okudigam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\tohazite.dll_old (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\etizahot.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\vodademo.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\SYSTEM32\tusihivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\SYSTEM32\serodaba.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1435\A1009673.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436\A1009973.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436\A1009975.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\vipepili.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\yinonude.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\SYSTEM32\kusihino.dll (Trojan.Agent) -> Delete on reboot. Panda Active Scan ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-01 03:06:35 PROTECTIONS: 3 MALWARE: 27 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.3903.0 No Yes McAfee Internet Security Suite 2007 8.1 No No McAfee VirusScan Plus 12.1 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia.zip 00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm 00032745 adware/sahagent Adware No 0 Yes No c:\windows\system32\ritsacnk.dat 00032745 adware/sahagent Adware No 0 Yes No c:\windows\system32\bqrufs5f.dat 00040538 adware/zango Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287} 00040538 adware/zango Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jahmard hudson@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jiquori roberson@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@doubleclick[1].txt 00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@centrport[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@clickbank[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@clickbank[2].txt 00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@findwhat[2].txt 00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@findwhat[1].txt 00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@findwhat[2].txt 00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@ehg.hitbox[1].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@toplist[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mimi\Cookies\mimi@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Mimi\Local Settings\Temp\Cookies\mimi@www.burstbeacon[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@weborama[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mimi\Cookies\mimi@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jiquori Roberson\Cookies\jiquori_roberson@advertising[1].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@adrevolver[3].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jiquori roberson@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jandra hudson@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jahmard hudson@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@statse.webtrendslive[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@adrevolver[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jiquori Roberson\Cookies\jiquori_roberson@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@go[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@searchportal.information[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@searchportal.information[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@target[2].txt 00273914 Adware/EMediaCodec Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436\A1009971.exe 00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@adserver.filefront[1].txt 00388689 Adware/AntiSpywareExpert Adware No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Local Settings\Temporary Internet Files\Content.IE5\PMK0L9Q2\params[1].js 00388804 Application/PCPrivacyCleaner HackTools No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Local Settings\Temporary Internet Files\Content.IE5\ITFJQT1U\index[1].js 00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Sandra Hudson\Local Settings\Temporary Internet Files\Content.IE5\IFRN5BLB\freescan[1].htm 00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Jiquori Roberson\Local Settings\Temporary Internet Files\Content.IE5\JYS3VGQH\freescan[1].htm 03587590 Adware/Yassist Adware No 0 No No C:\Documents and Settings\Jiquori Roberson\My Documents\My Videos\DivXInstaller.exe[
- December 1, 2008
- 5 replies
Trojan Agent and Vundo

HurrHurr posted a topic in Malwarebytes for Windows Support Forum

Hi everyone, Im having a problem with these two trojans. Malware deletes them, but when i reboot my comp I get this error about rundll, and everytime I start up explorer I get these annoying pop-ups. Now Im not very computer savy and I was wondering if anyone can give me any step by step removal help?
- November 29, 2008
- 1 reply

Sign In

HurrHurr

Posts

Joined

Last visited

Reputation

Trojan Agent and Vundo

Trojan Agent and Vundo

Trojan Agent and Vundo

Trojan Agent and Vundo

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information