TechSpot

My logs

By wookieecrisp
Feb 5, 2009
  1. Last week I started getting a bunch of pop-ups on every site I visited. So I tried the 8 steps and here are my logs!
    I also scanned using avast! antivirus and it found 6 infected items, all of which I just moved to the virus chest. 5 were Win32:Trojan-gen{other} and 1 was a Win32:Virtumonde-BN[adw]. If anyone needs more information, please ask me.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
    2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
    3. Restart computer and press F8 to run Windows in Safe Mode
    4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
    5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
    6. Run VirtumondoBeGone. Click Continue and wait for the report.
    * 7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
    8. Restart computer and run Windows normally.
    9. Attach the report

    * Note: You may need to change the program name Combofix to someting else, ie ComboF This is because many Malwares see that you are trying to use certain programs, and stop the install (or download) unless you change this name first ;) (ie in the original Save-As download box)
     
  3. wookieecrisp

    wookieecrisp TS Rookie Topic Starter Posts: 19

    Thank you! VundoFix found nothing, and here are the logs of what the other programs did!
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes certainly worth it.

    I also noticed an old McAfee entry trying to update in the background
    Please run the McAfee Removal Tool and hopefully this will then be gone.

    After restarting, startup HijackThis scan only
    Maximize the window to view all entries
    On each entry that ends with "file missing" place a tick in the box to that entry (possibly a few)
    Then, once all are found and selected, the click on Fix
    Then close HijackThis, and restart Windows (a restart must be done to confirm removed)

    Re-open HijackThis and select Scan and create a log
    Post the HijackThis scanlog as an attachment to a new reply

    Pretty sure we're about to finish off soon though ;)

    As there is a regretful delay in my replies. I would highly suggest to run, yet another Malwarebytes (updated) scan
    Just in case ;) Put it this way, I would do it if it were my system ;)
    If you do decide to do this, the HijackThis log would need to be posted after another restart
     
  5. wookieecrisp

    wookieecrisp TS Rookie Topic Starter Posts: 19

    I still have McAfee installed on my computer. Should I remove it?
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well you have Avast and McAfee installed
    My personal choice, is remove both (although Avast is good)
    And install the better Avira :grinthumb

    Oh and then run the McAfee Removal Tool
     
  7. wookieecrisp

    wookieecrisp TS Rookie Topic Starter Posts: 19

    I ended up not uninstalling McAfee. Here is the log:
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Or Avast it seems :suspiciou

    Well, maybe me saying "My personal choice" may have been not ideal wording for you
    Please swap the words for: Definitely do this
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...