Jump to content

Antivirus 2009 / Vundo RunDLL Comedy


Recommended Posts

So, I got Antivirus 2009. And while I'm using MalwareBytes to get it, I pick up Vundo. I spent some time slowly prying it off my system using a combination of programs (Kaspersky Antivirus, Avast Antivirus, MalwareBytes ((which I think did the most good.)), and CrapCleaner) after which the main .exe of the issue seems to have vanished. However, now I've got a new issue or two. The first, and most annoying, is that when I turn my computer on, immediately after startup I get a RunDLL error, stating that the bawawaza.dll (one of the Antivirus 2009 bits) specified module cannot be found. It's a simple enough thing to click and OK out of, but that's only part of it. The other part is that 3 bits of Vundo just will not go away, despite 5 or 6 attempts to remove them, 3 of those in Administrative Safe Mode. Here's the log file stating the 3 infected bits MalwareBytes 'says' are cleaned. If you guys can come up with any assistance, I'd appreciate it. I've tried all my virus/anti-malware/system cleaning programs, I've attempted to manually remove the program through cmd line editing and manual registry plinking, nothing. It's just not budging. Think you could give me a hand?

Malwarebytes' Anti-Malware 1.31

Database version: 1525

Windows 5.1.2600 Service Pack 3

12/20/2008 10:47:14 AM

mbam-log-2008-12-20 (10-47-14).txt

Scan type: Quick Scan

Objects scanned: 19136

Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c98bd79a-d8f5-4d99-9277-ca780f3d8a5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c98bd79a-d8f5-4d99-9277-ca780f3d8a5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\keyowufuyu (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Greetings and welcome to the forum.

To get you fixed up please read the instructions here:

http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post your logs in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.