Jump to content

Please help remove vundo.h


knasky

Recommended Posts

I've tried numerous software, but it keeps coming back! Malwarebytes is the only scan that even picks it up. But like others have posted, after quarantine/deletion/reboot, it's back again (and again...) Any help would be greatly appreciated. Thanks so much. (Panda results soon to follow.)

Malwarebytes' Anti-Malware 1.29

Database version: 1286

Windows 5.1.2600 Service Pack 3

11/2/2008 8:56:01 PM

mbam-log-2008-11-02 (20-55-53).txt

Scan type: Quick Scan

Objects scanned: 56692

Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: g:\windows\system32\urqohapj -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: g:\windows\system32\urqohapj -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> No action taken.

G:\WINDOWS\system32\jPAHOqru.ini (Trojan.Vundo.H) -> No action taken.

G:\WINDOWS\system32\jPAHOqru.ini2 (Trojan.Vundo.H) -> No action taken.

G:\WINDOWS\system32\tcpyjmwd.dll (Trojan.Vundo.H) -> No action taken.

G:\WINDOWS\system32\dwmjypct.ini (Trojan.Vundo.H) -> No action taken.

G:\WINDOWS\system32\hmvsquss.dll (Trojan.Vundo.H) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:26:53 PM, on 11/2/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Windows Defender\MsMpEng.exe

G:\WINDOWS\System32\svchost.exe

G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

G:\Program Files\Alwil Software\Avast4\ashServ.exe

G:\WINDOWS\Explorer.EXE

G:\WINDOWS\system32\spoolsv.exe

G:\Program Files\Bonjour\mDNSResponder.exe

G:\WINDOWS\eHome\ehRecvr.exe

G:\WINDOWS\eHome\ehSched.exe

G:\Program Files\MozyHome\mozybackup.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

G:\WINDOWS\ehome\ehtray.exe

G:\Program Files\Windows Defender\MSASCui.exe

G:\WINDOWS\stsystra.exe

G:\WINDOWS\system32\hphmon04.exe

G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

G:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

G:\Documents and Settings\Kevin\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe

G:\WINDOWS\system32\ctfmon.exe

G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

G:\Program Files\MozyHome\mozystat.exe

G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

G:\Program Files\Alwil Software\Avast4\ashWebSv.exe

G:\WINDOWS\system32\dllhost.exe

G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

G:\Documents and Settings\Kevin\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe

G:\Documents and Settings\Kevin\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe

G:\Program Files\Webroot\Spy Sweeper\SSU.EXE

G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -

G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program

files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] "G:\WINDOWS\ehome\ehtray.exe"

O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows

Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [HPHmon04] G:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSUSPM Startup] "G:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spySweeper] "G:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "G:\Documents and Settings\Kevin\Local

Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] "G:\WINDOWS\system32\ctfmon.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "G:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe"

O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] "G:\Program

Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" -s

O4 - Global Startup: MozyHome Status.lnk = G:\Program

Files\MozyHome\mozystat.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://G:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://G:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF -

res://G:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Send to Mindjet MindManager -

{531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - G:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

G:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

G:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search &

Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

G:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program

Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: g:\windows\system32\nwprovau.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

G:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupd...n/x86/client/wu

web_site.cab?1216838510671

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553545000} -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: jnmvpw.dll g:\progra~1\google\google~1\goec62~1.dll

yrwycw.dll labkne.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated -

G:\Program Files\Common Files\Adobe\Adobe Version Cue

CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) -

Unknown owner - G:\Program Files\Adobe\Photoshop Elements

6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil

Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil

Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - G:\Program

Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

G:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.8.809.8522

(GoogleDesktopManager-090808-172447) - Google - G:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision

- G:\Program Files\Common

Files\InstallShield Shared\Service\InstallShield Licensing Service.exe

O23 - Service: iPod Service - Apple Inc. - G:\Program

Files\iPod\bin\iPodService.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner -

G:\Program Files\MozyHome\mozybackup.exe

O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPH11 - HP - G:\WINDOWS\system32\HPHipm11.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. -

G:\WINDOWS\system32\STacSV.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -

Webroot Software, Inc. (www.webroot.com) - G:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe

--

End of file - 10653 bytes

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

NOTE: You're running an OLD version of Malwarebytes. Following the instructions in the above post asks you to UPDATE the program.

When ready please post your logs back here again.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-03 07:48:48

PROTECTIONS: 1

MALWARE: 2

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4005.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00519333 Application/Processor HackTools No 0 Yes No G:\Documents and Settings\Kevin\My Documents\Downloads\VirtumundoBeGone.exe

03991908 Generic Backdoor Virus/Trojan No 0 Yes No G:\Documents and Settings\Kevin\Local Settings\Temp\is-LPCVQ.tmp\askBarSetup.exe

03991908 Generic Backdoor Virus/Trojan No 0 Yes No G:\Documents and Settings\Kevin\Local Settings\Temp\is-74LAH.tmp\askBarSetup.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location Q

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description Q

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

NOTE: You're running an OLD version of Malwarebytes. Following the instructions in the above post asks you to UPDATE the program.

When ready please post your logs back here again.

During this scan and cleanup process you should not install any other software unless requested to do so.

Malwarebytes' Anti-Malware 1.30

Database version: 1358

Windows 5.1.2600 Service Pack 3

11/3/2008 8:05:47 AM

mbam-log-2008-11-03 (08-05-47).txt

Scan type: Quick Scan

Objects scanned: 58210

Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 4

Registry Keys Infected: 12

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> Delete on reboot.

G:\WINDOWS\system32\jnmvpw.dll (Trojan.Vundo) -> Delete on reboot.

G:\WINDOWS\system32\yrwycw.dll (Trojan.Vundo) -> Delete on reboot.

G:\WINDOWS\system32\labkne.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c8c403a8-87c6-4317-afca-56d53e702ea8} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9902602e-e817-4835-9231-150d86331284} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hxgzeiw (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hxgzeiw (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fda4433b-1394-4708-a941-50e658121bc7} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: g:\windows\system32\urqohapj -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: g:\windows\system32\urqohapj -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

G:\WINDOWS\system32\urqOHAPj.dll (Trojan.Vundo.H) -> Delete on reboot.

G:\WINDOWS\system32\jPAHOqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\jPAHOqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\jnmvpw.dll (Trojan.Vundo) -> Delete on reboot.

G:\WINDOWS\system32\yrwycw.dll (Trojan.Vundo) -> Delete on reboot.

G:\WINDOWS\system32\labkne.dll (Trojan.Vundo) -> Delete on reboot.

G:\WINDOWS\system32\bbwjpsjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\csndunxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\ctdjhz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\lploxast.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\mlJYpqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\nnnkHyay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\opnommlk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\rsgihpbc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\sxjicgoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\trxcwr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\drivers\pabe.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Root Admin

Since there has been no response for 5 days I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.