Jump to content

Vundo trojan keeps returning

Recommended Posts

Hi! I'm having trouble with my computer running sluggish and pop-ups occuring in my browser. I'm also experiencing hijacked search results on Google. I recently fixed the "disappearing mbam.exe" problem by following instructions on this forum. I'm VERY thankful to have this excellent program working again! However the Vundo trojan keeps returning. And I also seem to have one bad registry key. Here are the results from my last MBAM scan:

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

10/29/2009 10:23:57 AM

mbam-log-2009-10-29 (10-23-48).txt

Scan type: Quick Scan

Objects scanned: 115813

Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gatesufib (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nuyajifun (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sozonolo.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sozonolo.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\hemenozu.dll (Trojan.Vundo) -> No action taken.

Thank you in advance for any assistance you can provide!

Link to post
Share on other sites

  • 2 weeks later...

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a New Hijackthis log. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Take a read in this thread on instructions on how to post a Hijackthis log and other further instructions:


Please note that the forum is very busy and if I don

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.