Attacked by Vundo

Status
Not open for further replies.
Hi. My laptop was hit with vundo about a week ago. I thought my McAfee deleted it but, this past weekend, something wreaked havoc on my computer. As of this afternoon, I have gone through the steps listed in your forum. I am just trying to make sure there isn't anything else on here. Also, I had Norton, but I uninstalled it. Here are my logs. Thanks.
 
Hello CKHone

It looks like your HOSTS file are hijacked ->

Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html
Choose one of the servers at Majorgeeks....save the file on your desktop

Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



Then please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.
Close all other browser windows.

Please connect all your external hard drive/flash drive before running Combofix, if you have any

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Attach the contents of that log in your next reply along with fresh hijackthis log
 
Thanks for the reply

Hi. thanks for getting back with me. I ended up doing a PC Restore on my Dell Inspiron laptop last night. I did reinstall all of the recommended software (malbytes, ccleaner, and superantivus). Do I still need to go through the process you just sent or before I do that, should I send the updated 3 logs.
 
It´s not necessary to follow the above procedures, since you have restored the computer.

Yes, please attach the updated 3 logs
 
Here are the updated logs. Still came up with a couple of issues, but the software said it removed them. Let me know what's next. Thanks.
 
The issues malwarebyte found are nothing serious ;)

However, it looks like you have two antivirus programs running.

"Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
Not more."

Remove/uninstall from "add/remove" in controlpanel:
One of Your antivirus programs

Reboot, and please tell how things are running ?
 
Ok. I thought I only had McAfee security. I do have Norton Ghost, but I thought that was specifically for backing up your computer. Also installed the SuperAntivirus program (as part of the 8 steps). Is that the one I should remove?
 
Yes, I can see Norton Ghost. However, I´ll suggest you go to add/remove programs in controlpanel, and see if you have Symantec Internet Security or Norton Internet Security Suite installed. if you have -remove it.

Reboot, attach new hijackthis log
 
I still see LivReg (it says can't remove because needed by norton ghost). I removed the symantic LiveUpdate. Here is the updated log.

Cortni
 
if i might add a couple notes:

Ckhone, i think you were a bit over aggressive in following Touch's advice
=> Touch suggested you check if Symantec Internet Security or Norton Internet Security
=> You said you uninstalled Symantec Live Update! I think you want to keep that to keep Norton Ghost up-to-date.
=> Also, I noticed ctfmon.exe is running on your computer. It's not harmful but usually not needed by most people. It assists to provide "alternate text services" for Microsoft Office. Unless you use alternate languages, handwriting recognition or voice-to-text you can turn it off and have one less process starting and running
 
Status
Not open for further replies.
Back