TechSpot

HJT Vundo...I cant kick it!

By redspot321
Dec 21, 2007
  1. Norton 08 tells me I have vundo trojan. Ive tried the fix without success.

    Im all updated with HJT, adware, and 15 other programs....lol

    Can someone check this log?
     
  2. Rik

    Rik Banned Posts: 3,814

    Well norton is absolute rubbish, no wonder it cant fix your problem. You need to follow the instructions below to the letter.

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
    We also need to know the result of Panda Antirootkit.


    This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. redspot321

    redspot321 TS Rookie Topic Starter

    Okay...


    No rootkits have been found!

    Here are the logs

    Thanks!
     
  4. Rik

    Rik Banned Posts: 3,814

    The instructions ask for hijackthis.exe to be renamed, you havent done so.
    You need to rename it and post a fresh HJT log.



    This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. redspot321

    redspot321 TS Rookie Topic Starter

    I think I have done it here. Sorry Im not real computer savy.....
     
  6. Rik

    Rik Banned Posts: 3,814

    You still haven't done it correctly.

    From your log.
    A correct log entry would look like this.
    You have re-named the directory, not the .exe file.



    This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. redspot321

    redspot321 TS Rookie Topic Starter

    Okay, maybe you can help me out...lol.

    Im having no success remaning this exe file.


    This is what Ive done....

    start > search for files> "search" program files> "open" program files >right click on HJT> and renamed to crusty.exe

    This does not change the exe file though....
     
  8. Rik

    Rik Banned Posts: 3,814

    With your "My computer" open, click on tools then folder options.
    Click on view and remove the tick by "Hide extensions for known file types" then ok it.
    HijackThis.exe should now show as HijackThis.exe complete with its extension.

    [edit] HijackThis.exe is what you need to search for, not HJT.


    This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. redspot321

    redspot321 TS Rookie Topic Starter

    Rik, Thanks for your help!

    I did what you said, then remaned the file name to crusty.exe.


    Heres the log.
     
  10. Rik

    Rik Banned Posts: 3,814

    Your log shows me that you have no firewall software or active antivirus software and that you have Norton rubbish on there. This needs to be remedied as soon as possible.

    Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

    Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

    Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.


    Run a full antivirus scan, post any problems and a fresh HJT log in your next reply.



    This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. redspot321

    redspot321 TS Rookie Topic Starter

    Rik, I have already downloaded these programs. I think the problem is that my wife logged in under her name and I ran HJT.

    Heres one under my login with avg, spybot, adware, and everything looks clean. except spybot says there is something trying to change file names, I denied that.

    Is this log any better? If not I will repeate all the original steps and get back with you. Thanks again.
     
  12. Rik

    Rik Banned Posts: 3,814

    Are you perhaps under the impression that Norton is protecting your pc? Because, it isn't.

    Norton is without a doubt the worst "protection" software out there.
    It's about as much use as a colander in a sinking ship or a chocolate ladder on a fire escape. You really should get rid of it and put some proper protection in place instead. Below is some instructions to help you do just that.

    Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

    Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

    Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.


    Once you have done that, post a new HJT log and we will deal with the remaining malware!!!!




    This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. redspot321

    redspot321 TS Rookie Topic Starter

    Norton Deleted! a waste of $50 I guess?


    Im now running AVG and Zone alarm.

    Heres my log
     
  14. Rik

    Rik Banned Posts: 3,814

    You need to have HJT fix the following entries by placing a tick in the box next to them and clicking on the fix checked button.

    O2 - BHO: {7537e222-de50-b5aa-2404-50acc471d9a2} - {2a9d174c-ca05-4042-aa5b-05ed222e7357} - C:\WINDOWS\system32\gsqyktop.dll (file missing)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: (no name) - {8564C4CE-72A3-4625-B4DB-D90740AC1387} - C:\WINDOWS\system32\jkhfc.dll (file missing)
    O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
    O2 - BHO: BndDrive2 BHO Class - {8C6D5A56-791E-4fe8-9D64-81781FA15D68} - C:\Program Files\ISM\BndDrive6.dll (file missing)
    O2 - BHO: (no name) - {FF418467-7279-4C1A-87BD-B875988A6CFC} - C:\WINDOWS\system32\sstqr.dll (file missing)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


    I still can't see any evidence of active virus protection and you also need to run the Norton removal tool as the next 3 entries show that it is not gone completely.

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


    Posta fresh HJT log when done.



    This thread is for the use of redspot321 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. redspot321

    redspot321 TS Rookie Topic Starter

    Hi, what do you reccomend for virus protection.

    I guess the AVG isnt it?
    HJT log attached.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...