Attacked by Vundo

By CKHone
Mar 30, 2009
Topic Status:
Not open for further replies.
  1. Hi. My laptop was hit with vundo about a week ago. I thought my McAfee deleted it but, this past weekend, something wreaked havoc on my computer. As of this afternoon, I have gone through the steps listed in your forum. I am just trying to make sure there isn't anything else on here. Also, I had Norton, but I uninstalled it. Here are my logs. Thanks.
  2. touch

    touch Newcomer, in training Posts: 978

    Hello CKHone

    It looks like your HOSTS file are hijacked ->

    Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html
    Choose one of the servers at Majorgeeks....save the file on your desktop

    Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
    Run HostsXpert 4.2 - Hosts File Manager from its new home
    Click on "File Handling".
    Click on "Restore MS Hosts File".
    Click OK on the Confirmation box.
    Click on "Make Read Only?"
    Click the X to exit the program.

    Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



    Then please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.
    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.

    Attach the contents of that log in your next reply along with fresh hijackthis log
  3. CKHone

    CKHone Newcomer, in training Topic Starter

    Thanks for the reply

    Hi. thanks for getting back with me. I ended up doing a PC Restore on my Dell Inspiron laptop last night. I did reinstall all of the recommended software (malbytes, ccleaner, and superantivus). Do I still need to go through the process you just sent or before I do that, should I send the updated 3 logs.
  4. touch

    touch Newcomer, in training Posts: 978

    It´s not necessary to follow the above procedures, since you have restored the computer.

    Yes, please attach the updated 3 logs
  5. CKHone

    CKHone Newcomer, in training Topic Starter

    Here are the updated logs. Still came up with a couple of issues, but the software said it removed them. Let me know what's next. Thanks.
  6. touch

    touch Newcomer, in training Posts: 978

    The issues malwarebyte found are nothing serious ;)

    However, it looks like you have two antivirus programs running.

    Remove/uninstall from "add/remove" in controlpanel:
    One of Your antivirus programs

    Reboot, and please tell how things are running ?
  7. CKHone

    CKHone Newcomer, in training Topic Starter

    Ok. I thought I only had McAfee security. I do have Norton Ghost, but I thought that was specifically for backing up your computer. Also installed the SuperAntivirus program (as part of the 8 steps). Is that the one I should remove?
  8. touch

    touch Newcomer, in training Posts: 978

    Yes, I can see Norton Ghost. However, I´ll suggest you go to add/remove programs in controlpanel, and see if you have Symantec Internet Security or Norton Internet Security Suite installed. if you have -remove it.

    Reboot, attach new hijackthis log
  9. CKHone

    CKHone Newcomer, in training Topic Starter

    I still see LivReg (it says can't remove because needed by norton ghost). I removed the symantic LiveUpdate. Here is the updated log.

    Cortni
  10. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,269   +149

    if i might add a couple notes:

    Ckhone, i think you were a bit over aggressive in following Touch's advice
    => Touch suggested you check if Symantec Internet Security or Norton Internet Security
    => You said you uninstalled Symantec Live Update! I think you want to keep that to keep Norton Ghost up-to-date.
    => Also, I noticed ctfmon.exe is running on your computer. It's not harmful but usually not needed by most people. It assists to provide "alternate text services" for Microsoft Office. Unless you use alternate languages, handwriting recognition or voice-to-text you can turn it off and have one less process starting and running
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.