HJT Vundo...I cant kick it!

[redspot321]

Norton 08 tells me I have vundo trojan. Ive tried the fix without success.

Im all updated with HJT, adware, and 15 other programs....lol

Can someone check this log?

 

[Rik]

Well norton is absolute rubbish, no wonder it cant fix your problem. You need to follow the instructions below to the letter.

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.


This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[redspot321]

Okay...


No rootkits have been found!

Here are the logs

Thanks!

 

[Rik]

The instructions ask for hijackthis.exe to be renamed, you havent done so.

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

You need to rename it and post a fresh HJT log.



This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[redspot321]

I think I have done it here. Sorry Im not real computer savy.....

 

[Rik]

[CENTER]STEP5:[/CENTER]

[CENTER]THIS IS VERY IMPORTANT.[/CENTER]


Open the C:\Program Files\TrendMicro\HijackThis folder in program files. Rename the Hijackthis.exe file to Crusty.exe. This is because some malware can hide from HijackThis.exe. Right click the HijackThis.exe file and choose rename. Click in the title box and press the delete key to clear what`s there, type Crusty.exe and press the enter key. Right click the Crusty.exe file and choose send to desktop(create shortcut).

You still haven't done it correctly.

From your log.

C:\Program Files\Crusty.exe\HijackThis.exe

A correct log entry would look like this.

C:\Program Files\HijackThis\Crusty.exe

You have re-named the directory, not the .exe file.



This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[redspot321]

Okay, maybe you can help me out...lol.

Im having no success remaning this exe file.


This is what Ive done....

start > search for files> "search" program files> "open" program files >right click on HJT> and renamed to crusty.exe

This does not change the exe file though....

 

[Rik]

With your "My computer" open, click on tools then folder options.
Click on view and remove the tick by "Hide extensions for known file types" then ok it.
HijackThis.exe should now show as HijackThis.exe complete with its extension.

[edit] HijackThis.exe is what you need to search for, not HJT.


This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[redspot321]

Rik, Thanks for your help!

I did what you said, then remaned the file name to crusty.exe.


Heres the log.

 

[Rik]

Your log shows me that you have no firewall software or active antivirus software and that you have Norton rubbish on there. This needs to be remedied as soon as possible.

Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html

Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.


Run a full antivirus scan, post any problems and a fresh HJT log in your next reply.



This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[redspot321]

Rik, I have already downloaded these programs. I think the problem is that my wife logged in under her name and I ran HJT.

Heres one under my login with avg, spybot, adware, and everything looks clean. except spybot says there is something trying to change file names, I denied that.

Is this log any better? If not I will repeate all the original steps and get back with you. Thanks again.

 

[Rik]

Are you perhaps under the impression that Norton is protecting your pc? Because, it isn't.

Norton is without a doubt the worst "protection" software out there.
It's about as much use as a colander in a sinking ship or a chocolate ladder on a fire escape. You really should get rid of it and put some proper protection in place instead. Below is some instructions to help you do just that.

Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html

Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.


Once you have done that, post a new HJT log and we will deal with the remaining malware!!!!




This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[redspot321]

Norton Deleted! a waste of $50 I guess?


Im now running AVG and Zone alarm.

Heres my log

 

[Rik]

You need to have HJT fix the following entries by placing a tick in the box next to them and clicking on the fix checked button.

O2 - BHO: {7537e222-de50-b5aa-2404-50acc471d9a2} - {2a9d174c-ca05-4042-aa5b-05ed222e7357} - C:\WINDOWS\system32\gsqyktop.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {8564C4CE-72A3-4625-B4DB-D90740AC1387} - C:\WINDOWS\system32\jkhfc.dll (file missing)
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8C6D5A56-791E-4fe8-9D64-81781FA15D68} - C:\Program Files\ISM\BndDrive6.dll (file missing)
O2 - BHO: (no name) - {FF418467-7279-4C1A-87BD-B875988A6CFC} - C:\WINDOWS\system32\sstqr.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

I still can't see any evidence of active virus protection and you also need to run the Norton removal tool as the next 3 entries show that it is not gone completely.

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


Posta fresh HJT log when done.



This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[redspot321]

Hi, what do you reccomend for virus protection.

I guess the AVG isnt it?
HJT log attached.