Jump to content

trojan.agent and vundo.h


tab
 Share

Recommended Posts

Hello

My problems started when pop-ups started appearing on my wife's PC, trying to sell 'Antispwareexpert' so it seemed to have become infected. It also seemed that any useful web search was redirected so I couldn't access Windows Updates (which was out of date) or any anti-virus site.

By using another PC I managed to get Windows updated from CD, and loaded Malware antivirus, set firewalls etc. Malware found about 125 infections, and I removed them and restarted the PC as advised. But when I run Malware again it continues to find a Trojan.agent dll file and 7 abnormal registry values associated with Trojan.agent and Trojan.vundo which it fails to 'delete on restart'.

I have tried NortonAntivrus and Spybot and both seem to find that the PC is clean, btw.

The main difficulty apart from the annoying popup (to 'PC cleaner pro' or something) is that I still cannot access the internet - Google search results get redirected and so do other website connections, so I still can't use the internet on this PC, I have to copy everything on CD from another PC (hence I can't update Norton on-line for example).

Would these 2 trojans do this, or have I got another problem, and how do I get rid of them?

Help, please!!

Thanks,

Tab

Link to post
Share on other sites

Without a HijackThis log and MBAM scan log we have no ability to help you .

Please read Important Topics to get instructions .

http://www.malwarebytes.org/forums/index.php?showforum=7

Nosirrah,

I would have to cut/paste the log to my working PC (the one I'm currently using!) and I'm reluctant to copy anything from the infected PC, which has no working internet comms so the MBAM log below is copied by hand (hopefully no mistakes!)

Memory Processes Infected: 0

Memory Modules Infected:0

Registry Keys infected:3

Registry Vlues infected: 4

Registry Data Items infected:0

Folders infected: 0

Files infected:1

Memory Processes infected:

(No malicious items detected)

Memory Modules infected:

(No malicious items detected)

Registry keys infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c4665a4-4a10-46e5-a644-8d03f25f405b} Trojan.Vundo.H) -> Delet on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lcpidqa (Trojan.Vundo.H) ->Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{2c4665a4-4a10-46e5a644-8d03f25f405b} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items infected)

Folders Infected:

(No malicious items infected)

Files Infected:

C:\WINDOWS\system32\chjklqv.dll (Trojan.Vundo.H) -> Delete on reboot.

Hope this helps you to suggest a solution; do you need the JJT log (which I know will be lengthy to type in!)

Thanks,

Tab

Link to post
Share on other sites

I would have to cut/paste the log to my working PC (the one I'm currently using!) and I'm reluctant to copy anything from the infected PC, which has no working internet comms so the MBAM log below is copied by hand (hopefully no mistakes!)

You have nothing to worry about using copy/paste with text. Please show us what we need to HiJack This!

Link to post
Share on other sites

Update MBAM, run a quick scan post that log and a HJT log.

Jean,

I appreciate your response, but after runnning spybot, MBM, Norton (and several other I've forgotten) I've given up and reloaded the OS trying to make sure I get firewalls and virus checking (NAV 2009) in place to prevent future problems. Any comments on 'best practice' would be welcomed!

Thanks again Jean

Link to post
Share on other sites

Norton would be among my last choices for anything.

All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

MBAM

Avira Antivir

Spybot Search & Destroy Be sure to use the immunize feature.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price For life in my signature.

You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.