DS7477

No, is this part of the free version

Below is the log it seems to have worked below is the log, should I run anti malware again to make sure? Also can you advice on the best way to prevent it happening again. In my experience AV software dont seemt o stop malware of spyware. Malwarebytes' Anti-Malware 1.33 Database version: 1659 Windows 5.1.2600 Service Pack 3 17/01/2009 20:45:11 mbam-log-2009-01-17 (20-45-11).txt Scan type: Quick Scan Objects scanned: 57164 Time elapsed: 3 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\funufozupa (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8b245b0 (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I'm using kaspersky the message I'm getting is 17/01/2009 18:59:36 C:\WINDOWS\system32\rundll32.exe Process is trying to inject module C:\WINDOWS\system32\mepavuhi.dll into all processes. This behavior is typical of some malicious programs. It seems to be trying to add itself to any/all of the start up programs. I've also just ran anti malware again and with 8 seconds it found the following Malwarebytes' Anti-Malware 1.33 Database version: 1659 Windows 5.1.2600 Service Pack 3 17/01/2009 19:58:12 mbam-log-2009-01-17 (19-58-07).txt Scan type: Quick Scan Objects scanned: 2064 Time elapsed: 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\funufozupa (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8b245b0 (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

OK I did and then rebooted as requested. When it loaded up I got a message saying that C:\WINDOWS\system32\ketedoti.dll could not be found. I think it was one of the malware files. Also MBAM picked up more after closing team timer. Below is the new log THere is definelty still and issue though I the virus software reacted the same when the PC started up. Thanks for your help on this. Malwarebytes' Anti-Malware 1.33 Database version: 1659 Windows 5.1.2600 Service Pack 3 17/01/2009 18:55:24 mbam-log-2009-01-17 (18-55-24).txt Scan type: Quick Scan Objects scanned: 56741 Time elapsed: 4 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\ketedoti.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8b245b0 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\funufozupa (Trojan.Vundo.H) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ketedoti.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\itodetek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

I've run ant malware again and there are values that it cant delete. These relate to vundo.h and funufozupa, not sure if this helps

I've got a sudden infestation of malware. I;ve managed to get rid of most of it using spybot and Anti-Malware. However I have on last peice I cant remove. It keepcoming up on my virus software as mepavuhi.dll or mivububu.dll. This is the most recent log, can you help. Malwarebytes' Anti-Malware 1.33 Database version: 1659 Windows 5.1.2600 Service Pack 3 17/01/2009 15:27:33 mbam-log-2009-01-17 (15-27-33).txt Scan type: Full Scan (C:\|) Objects scanned: 170616 Time elapsed: 1 hour(s), 47 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f8adcbfa-b58c-4666-be2e-97edf7228790} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\funufozupa (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP225\A0036709.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP225\A0036710.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP225\A0036711.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP233\A0040844.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP233\A0040845.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP233\A0040846.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP233\A0040853.dll (Trojan.Vundo) -> Quarantined and deleted successfully.