Inactive Google redirect - Trojan.Vundo .log/.txt attatched

Status
Not open for further replies.
I'd rather like to see, if you can copy it to your desktop and run it from there.
 
Maybe I should start just moving files from this laptop on the drive to the desktop then run them...

Because it's running fine...
 
Use the good computer to download programs put them on flash drive move from flash drive to desktop of bad computer then run program...

it's done! uploading file in a min..
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Auto | Stopped] --  -- (winbackupdumper-id1906Xv2Ej1zt)
SRV - File not found [Auto | Stopped] --  -- (acrosysbackup_ex06Xv2Ej1zt)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Toolbar Helper]  File not found
O4 - HKLM..\Run: [vtuvstsys]  File not found
O4 - HKCU..\Run: [ddbbyasys]  File not found
O4 - HKCU..\Run: [Desktop Cleanup Wizard]  File not found
O4 - HKCU..\Run: [P2kAutostart]  File not found
O4 - HKCU..\Run: [winjwws92] C:\Users\Administrator\AppData\Roaming\winjwws92\winjwws93.exe File not found
O4 - HKLM..\RunOnce: []  File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla\5.0 ( File not found
O30 - LSA: Authentication Packages - (bywuut.dll) -  File not found
O33 - MountPoints2\{56614c7d-5f00-11df-88cb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\{56614c7d-5f00-11df-88cb-806e6f6e6963}\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe -- File not found
[2010/05/06 17:39:16 | 000,037,888 | ---- | M] () -- C:\Windows\System32\b_syspol32.dll
[2010/05/05 16:39:03 | 000,000,002 | ---- | M] () -- C:\Users\Administrator\tenmy.ini
[2010/05/05 16:38:58 | 000,372,061 | ---- | M] () -- C:\Users\Administrator\winjwws93.exe
[2010/05/05 16:38:56 | 000,145,920 | ---- | M] () -- C:\Users\Administrator\pod932.exe
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services
winbackupdumper-id1906Xv2Ej1zt
acrosysbackup_ex06Xv2Ej1zt


:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
It looks much better :)

Now, delete broni.com, download fresh copy of Combofix, rename it again to broni.com and see, if it'll run.
 
Stats... I click yes... it prepares to run the bars cross disapear... then it sits... for up to 30 minutes I;'ve let it sit
 
Just ran malwarebytes in normal mode, it's showing the vundo in 2 registry entries as opposed to the normal three, do you want the log from this?

EDIT: and should I remove it?
 
Run those fixes through MBAM. Post the log.

Download RootRepeal.zip (Mirror1, Mirror2) and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:

    • [*]Drivers
      [*]Files
      [*]Processes
      [*]SSDT
      [*]Stealth Objects
      [*]Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
    Note: The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
Open RootRepeal.txt file with Notepad, copy, and paste all content into your next reply.

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

==================================================================

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.
 
I'm re installing windows.

I have my drive backed up on an external as an image, so if I mess things up, I might be back.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
479
eriksnyman1
E
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
637
Feng Lengshun
F
A
Google enters custom CPU arena with Arm-based Axion processor
Replies
5
Views
112
daffy duck
D

Latest posts

Back