Jump to content

Advanced Virus remover


Recommended Posts

My first post her so I want to say Hi to all and a giant THANK YOU

Through my own mistake I got this spyware on my computer.

I have spent litteraly days trying to remove it manually, only to have it come right back. :)

Found this site from another forum, don't know which one.

Downloaded your software and ran it and I thought it was gone.

Appreciated it so much I spent the money and bought the program.

Lo and behold the next time I got on the internet it came back :)

Disconnected the network and ran it again and it looks like it is gone. :)

After the second repair all my icons on the desktop are highlighted.

Does anyone here know what was changed, in the registry I would assume?

While not a big deal it just looks funny.

windows xp pro sp3

Log from the first and second repairs

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

11/29/2009 3:03:56 PM

mbam-log-2009-11-29 (15-03-56).txt

Scan type: Quick Scan

Objects scanned: 97745

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 2

Registry Keys Infected: 2

Registry Values Infected: 5

Registry Data Items Infected: 12

Folders Infected: 1

Files Infected: 12

Memory Processes Infected:

C:\Program Files\AdvancedVirusRemover\AVR.exe (Rogue.AdvancedVirusRemover) -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\barijatu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\vedilune.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{2bc39443-d781-427d-aeab-3411c24757fd} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jojumakag (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{2bc39443-d781-427d-aeab-3411c24757fd} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kuzenetil (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced virus remover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\barijatu.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\barijatu.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\system32\barijatu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Program Files\AdvancedVirusRemover\AVR.exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\GDJMPSZO\SetupAdvancedVirusRemover[1].exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Roger\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\buvoyaki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dowikabu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\korumore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lazogiya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vedilune.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\Temp\rdl30.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

second repair

Malwarebytes' Anti-Malware 1.41

Database version: 3258

Windows 5.1.2600 Service Pack 3

11/29/2009 3:43:26 PM

mbam-log-2009-11-29 (15-43-26).txt

Scan type: Quick Scan

Objects scanned: 108058

Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 2

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 12

Memory Processes Infected:

C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll (Spyware.Passwords) -> Delete on reboot.

C:\WINDOWS\system32\dufogawi.dll (Trojan.Vundo.N) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{009541a0-3b00-1f1c-00f3-040224001c01} (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\swupdate (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll (Spyware.Passwords) -> Delete on reboot.

C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Roger\Local Settings\Temp\n.exn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\XTXWYLPW\SetupAdvancedVirusRemover[1].exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dufogawi.dll (Trojan.Vundo.N) -> Delete on reboot.

C:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd (Malware.Trace) -> Quarantined and deleted successfully.

Thanks again

Roger

Link to post
Share on other sites

Hello rhays, and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.