Jump to content

Infected with Vundo?


jm81
 Share

Recommended Posts

Guys,

Looks like my computer (OS: Windows XP Pro) might be infected with Vundo or other malware (see below on why do I think so). I have McAfee Security Center running on my computer and it's not detecting anything. I also downloaded Malwarebytes' Anti-Malware and scanned all drives with it and results came out OK. On some suggestions, I am posting my HijackThis Log here. Any help is very much appreciated. I mainly use Google Chrome as my Internet Browser.

Thanks.

Issue:

I have a file (Peflib_Perfdata_xxx) created in my Local Settings --> Temp folder. I googled it and found that it could be related to Vundo. I have a McAfee Security Center running on my computer. I scanned all drives with McAfee and Malwarebytes' Anti-Malware and didn't find anything. I tried killing it with File Assassin and it returns every time after reboot with different last 3 digits/letters.

Now, I removed and downloaded my Java again and it created another such file on my Local settings --> Temp folder.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:48:40 PM, on 4/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\Apoint.exe

C:\Documents and Settings\Jay & Prem\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE

C:\Program Files\Apoint\Apntex.exe

C:\My Download\Ding\Ding\Ding.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Jay & Prem\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Documents and Settings\Jay & Prem\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jay & Prem\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jay & Prem\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jay & Prem\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\My Download\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--

End of file - 7763 bytes

Link to post
Share on other sites

Any Senior Members, could you please reply to this post? This might seem like a less important issue but I've been victim of Identity Theft recently (before I formatted my computer) and I have high hopes on this group to help me out with this issue.

Thanks a ton,

J

Link to post
Share on other sites

  • Staff

Hi,

Sorry for the late reply, but since you've replied in your own thread, we assumed that you were already receiving help from someone else since we always look at threads with 0 replies first.

I have a file (Peflib_Perfdata_xxx) created in my Local Settings --> Temp folder. I googled it and found that it could be related to Vundo.
This file is legitimate and will always be there, slightly renamed. It's a part of the System monitor for the Performance Logs and Alerts.

Not sure where you have read it's related with Vundo, because in that case everyone would have Vundo :)

Your HijackThislog looks clean by the way :)

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.