Jump to content

Vundo / Agent.ck


Recommended Posts

Hello,

I have tried to clear a couple of trojans from my laptop using Malwarebytes which removed a vundo tjojan and an agent.ck trojan, and rescan using Malwarebytes shows no more infections.

However my laptop still appears to be infected!! Please help!!! - DDS.txt below and attach.zip attached Attach.zip

DDS (Ver_10-11-01.01) - NTFSx86 NETWORK

Run by George at 15:02:47.90 on 02/11/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22

Microsoft

Link to post
Share on other sites

Hello Jeremy Tinsley

Welcome to Malwarebytes.

=====================

Please explain why you think you are infected?

Do you have redirects etc...?

Hello Kahdah - thanks for getting back to me so quickly!

The laptop is taking a long time to start up close on 5 minutes before all icons are loaded up, and is generally running much much more slowly than before.

wldlog.dll is now missing - however im not sure if that is virus related.

In safemode internet explorer works normally directing to my normal google homepage, but in normal mode it sends me to seachqu.com then promptly crashes.

The control panel crashes when i access it

When i did the first malwarebytes scan it found lots of adware and two trojans - vundo and agent.ck which it removed, but now nothing is found.

Link to post
Share on other sites

You are welcome :welcome:

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

You are welcome :welcome:

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Hi Kahdah,

I had to run the scan in safe mode with networking as internet explorer will not work in normal mode.

here are the results:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=2ca01f51e7254942a23725556eb3e5c2

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-11-03 12:36:27

# local_time=2010-11-03 12:36:27 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5121 16777214 100 75 1122168 17462902 0 0

# compatibility_mode=5892 16776573 100 100 94844 126316740 0 0

# compatibility_mode=8192 67108863 100 0 3745 3745 0 0

# scanned=179175

# found=2

# cleaned=2

# scan_time=3774

C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\George\Downloads\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Ok does that happen in Safe mode as well the long startup?

Hi Kahdah,

I can only run the scan in safemode as if i start it up in normal mode internet explorer will not work due to a redirect to searchqu.com which causes internet explorer to crash.

So the above results are from a safemode scan. If the EST scan can be run in safari then I can run it in normal mode.

Jeremy

Link to post
Share on other sites

Ok Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Ok Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Hi Kahdah,

Here's the combofix.txt log:

ComboFix 10-11-03.03 - George 04/11/2010 11:31:49.1.2 - x86

Microsoft

Link to post
Share on other sites

Great that was basically what I though the issue was.

Please run DDS once more and post the logs please also let me know of any remaining issues please run this in normal mode and make sure everything works as it should.

Hi Kahdah,

Here is the DDS log:

DDS (Ver_10-11-01.01) - NTFSx86

Run by George at 13:52:31.34 on 04/11/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22

Microsoft

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.