TechSpot

Bad Image Pop Up After Vundo Infection

By pretzel
May 5, 2009
  1. Hello,

    I know this topic had been discussed just previously but I was told to start a new thread for my case. I'm a newbie and at my wit's end on how to fix my computer which had been Vundoed recently. Actually, this is the second time I had this infection...the first one being a few months before. The first time it happened, I scanned my computer with AVG, ad-aware and Malwarebytes. I also turned off the system restore and this seems to work.

    Last week, my computer started slowing down again so I scanned using the AVG, ad-aware and Malwarebytes again and turned off the system restore. While it seems to take out the vundo infection, it now mutated to something else. Now, everytime I turn on my computer or start a program, a "bad image" pop up comes out and it seems to affect the .exe files. The actual message is "the application DLL C:\WINDOWS\system32\mgbswk.dll is not a valid windows image"

    I followed the 8 Steps Preliminary Removal Instructions and attaching the hijackthis, SuperAntiSpyware and Malwarebytes log file. I had a problem with the CCleaner though. The program has been running for half a day already and it's still 98% complete. I cancelled it two times and ran it again but it's the same thing. Is this normal? Is it okay if I didn't finish the clean up and proceeded to the next step? If not I'll do it again.

    I hope someone can help me with this. Please be patient if I need to clarify some of the suggestions because I'm not very adept in the tech language so it might take a few explanation before I get it. I'll try not to be annoying though.

    Tks
     
  2. touch

    touch TS Rookie Posts: 978

    Hello again :)

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe
    And save to the desktop.


    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    If in doubt, just ask ;)
     
  3. pretzel

    pretzel TS Rookie Topic Starter

    Hi Touch,

    Thanks for your reply. I did what you suggested and so far no annoying "bad image" pop up since the computer rebooted (yey). I'm attaching the log file as asked.

    So, what do you think happened there? what's that .dll file that wrecked havoc on my computer?

    Tks
     
  4. touch

    touch TS Rookie Posts: 978

    I´m not sure, as I can´t find any info about, but it looks like a vundo (infection) file, to me.

    Please attach fresh hijackthis log.
     
  5. pretzel

    pretzel TS Rookie Topic Starter

    I'm attaching the latest hijackthis log as asked. Tks.
     
  6. touch

    touch TS Rookie Posts: 978

    Looks clean :)

    Now your computer problems are solved, it is time for the clean-up procedure
    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please download OTCleanIt
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
    When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    How did I get infected in the first place
     
  7. pretzel

    pretzel TS Rookie Topic Starter

    Hey Touch, thanks a lot. I don't know how you do it but it you've been heaven sent. And I can see that you've been very very busy saving the day for a lot of people. :approve::grinthumb
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.