Successfully removed ms juan

[Wolfheinrich]

I would just like to leave a short comment here regarding my successful attempt in cleaning out the Trojan.vundo and malware.trace that just seemed like they would keep coming back after Malwarebytes had apparently removed them. First of all, Malwarebytes was able to remove the bulk of the problems I was having, some 30ish infected items, multiple instances of Rundll32 etc. However, this MS Juan just won't go away. They typically looked like this:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo)

I have searched through many websites, mulitple forums and most of them suggested combofix and HJT, none of them seemed have the clear cut answer I was looking for and just when all hope was gone, my patience wearing thin and on the verge of formating my drive. I remembered reading about MS Juan may be related to BHO and there might be some strange dll being registered as Internet Explorer add-on. When I look into manage-on, sure enough there was the yxtovw.dll (they are never the same every time as I understand and was not detected by malwarebyte initially) being registered. I went through the FileASSASSIN and deleted that file once, reboot the PC, did the quick scan one more time, but they came back again! Only this time, the yxtovw.dll and a few other things related to BHO showed up as infected file instead of being undetected. That gave me hope that I was moving in the right direction. Sure enough, this time, they are all gone.

I hope this will help other people who just happened to run into the same situation

Regards

[exile360]

Excellent, I'm glad to hear that you got rid of it. Just to be safe though, you might want to post a log in the Malwarebytes HJT forum so one of the experts here can verify that you are clean. I also hope that your situation (and the solution you figured out) help Malwarebytes to nail this infection in the future.

[AdvancedSetup]

Hello and Welcome to Malwarebytes.org

Agreed, going through the steps below can help ensure your system is really clean.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

[Dicho123]

Hello Wolfheinrich,

Thanks for sharing your work. I think that my comp has the exact infection like yours, but I don't know how to get rid of them and they keep coming back. Below is my scanned results:

Trojan.Agent File C:\WINDOWS\system32\wins\services.exe

Trojan.Agent File C:\WINDOWS\system32\wins\wmsncs.exe

Rootkit.Rustok File C:\WINDOWS\repair\kasutio

Malware.Trace File C:\WINDOWS\system32\Drivers\etc\hosts.prev

Malware.Trace Reg Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan

Trojan.Vundo Reg Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System

I tried to use the Fileassin but the computer browsed the longest time and said my C drive needs to be format (lol). I'm new to this awesome Malwarebytes, but I need ur help to get rid off the recurrent files and keys above...Thanks

[AdvancedSetup]

Hello Dicho123 and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.