Using Malwarebytes A-M to remove Trojan.vundo.H and System Defender

[salvee]

Hello all. This is my first post, so if I am missing a step please let me know.

Working on a desktop with Windows XP home edition, SP3. Spybot and Adaware are my usual scan programs, as well as Malwarebytes Anti-Malware.

At about 3:30pm today, Jan. 6, I started getting pop ups regarding System Defender. I could not open Malwarebytes in normal mode, nor in safe mode. I then used my personal laptop to download Malwarebytes and Hijack This onto a thumbdrive, plugged this into my desktop and was then able to scan with Malwarebytes A-M (from the thumbdrive) and found I had been infected with the dreaded Trojan.vundo.H, among a few others. Then scanned with Hijackthis. The logs for these were apparently too long to include in the body of this post so they are attached.

You'll notice in the malwarebytes log, I haven't taken any actions, only because there are a load of registry keys listed (763!) as "security.hijack" and I'm not sure what would happen if I enabled malwarebytes to remove all of them (I'm not an expert on working with registry keys).

Any help would be much appreciated. I know, this looks to be quite an ugly infection.

thanks,

salvee

mbam_log_2010_01_06__17_46_29_.txt

[miekiemoes]

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.

Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Also, you are dealing with one of these Trojans/Bots that have the functionality to kill your OS.

Read this article for more info: When a Bot master goes mad - Kill the OS and here A Zeus botnet self-destructs

So backup your data first.

Then let malwarebytes remove what it found and post a new malwarebytes log in your next reply together with a new HijackThislog.

[miekiemoes]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!