TechSpot

Help with Pop Ads and Vundo

By pennydavis
Nov 18, 2008
  1. Please help remove pop up ads and Vundo.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Penny, please run all of the programs here: http://www.techspot.com/vb/topic58138.html

    When through, attach all three logs, including new HijackThis log from the run AFTER Malwarebytes and SuperAntispyware.

    Checking the HijackThis log without the benefit of the other programs is useless.
     
  3. pennydavis

    pennydavis TS Rookie Topic Starter

    Completed steps, see attached logs.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay. Hopefully you viewed the Mbam log to get some idea of the infections. Most were quarantined and deleted, but some required a reboot to complete. Did you do that?

    The malware is in your System Restore points. DO NOT do a System Restore while we are cleaning. We will remove the old restore point at the end.

    Please reopen SuperAntispyware and do a Quick Scan. Have SAS remove everything found. See the lower image on the left (click to enlarge) to see what to check:
    http://screenshots.en.softonic.com/en/scrn/50000/50803/3_antispy4.jpg

    It appears you may have used the Symantec/Norton AV program. But the uninstall wasn't complete and processes for it are still running. If you want to finish the uninstall, please download this removal tool and Save to the desktop> don't run it yet:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:

    Start> Run> msconfig> enter> Selective Startup> Start up tab> UNCHECK ALL processes for Symantec/Norton> Apply> OK>

    Double-click on the Norton Uninstaller and run. If it won't run in Safe Mode, go ahead and reboot into Normal Mode. You will get a nag message that you can ignore after checking 'don't show this message again'. Stay in Selective Startup.

    You were so badly infected, that I'd like you to run the Vundo Fix:
    AFTER, VundoFix, update and run Mbam again. Then follow with HijackThis. Attach all three logs when done.
     
  5. pennydavis

    pennydavis TS Rookie Topic Starter

    THanks, I completed the your instructions. See attached logs. Please note the following:
    - I went into safemode to uncheck all processed for Symantec/Norton but there were none listed.
    - Ran VundoFix but no vundo was found.
    - The clock on my taskbar is in military time which is unual. It wasnt like this until I got attacked by Vundo.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    That is looking much better! Running the Vundo Fix was overkill, but better that than not enough.

    The logs are fine with two exceptions:
    The other is removing the old restore points which are infected.We'll do that if the next log is okay.

    We'll run one more HijackThis and check log. And I'd also like you to run a full scan with the AV program- let me know results. Are you noticing any difference in your system's performance?

    To change the way your computer displays the time:
    Source: Geekstogo.com
     
  7. pennydavis

    pennydavis TS Rookie Topic Starter

    System is running much bettter. ;o). See attached log. I ran the AV program, it said it could not remve a file on my desktop PrcViewer - Smtihfraudfix.exe.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry Penny. I didn't get notice of your reply.

    PrcViewer Potentially Unwanted Program *Cannot be completely removed
    Filename -=> C:\RECYCLER\S-1-5-21-181055147-4036027980-950489811-500\Dc4.exe, C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip

    Prcviewer is part of smitfraudfix tool(which you used to remove malwarewipe),have you deleted the tools from your desktop?

    Also click start>search>all files and folders>type prcviewer>delete if found.

    PRCViewer can be a genuine application or not depending on where it originated.

    There's an interesting read here: http://www.bleepingcomputer.com/forums/topic44790.html

    If 1911's instructions do not work, Click on lik HERE on the page> http://www.kellys-korner-xp.com/xp_tweaks.htm to open a Kelly's Korner vbs script .
    The files will be xp_system32opens.vbs
    Download a small .vbs file to your desktop.
    Once it's downloaded, run it according to the directions at the top of the Kelly's Korner page.

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot.

    Advise system status. If running okay and original problems are resolved, we can remove the cleaning programs:
    Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
    Clear your existing system restore points and establish a new clean restore point
    Let us know if you need more help.
     
  9. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    vundo is a very vicious and extremely difficult to remove virus. Also this is not the correct forum.
    i suggest reformatting and reinstalling the OS and posting in the correct forum next time as well.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Tedster, where have you been for the past two weeks? Why are you not telling the user to reformat and reinstall. You are assuming Vundo has not been removed. I do not think that is the case.

    And while security issues are better handled in that forum, telling a user they should post somewhere else when the cleaning is over seems a bit on the rude side.
     
  11. xavier100

    xavier100 TS Rookie

    need help with vundo

    BobBye, My PC is infected with Vundo!grb and I would appreciate your assistance. My Mcaffee software kills it when it detects it, but does not remove it. Can you please help me out.

    Thanks
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    My name is Bobbye. If you have a problem again, please begin a new thread in the Virus and Malware Forum. This thread is 6 months old.

    Follow the Steps set here: http://www.techspot.com/vb/topic58138.html

    Attach all three new logs. IF you still have the original cleaning programs on the PC, you must UPDATE each of them for new definitions.

    Please remember> move to the malware forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.