I have the Vundo virus & I don't know what to do....I have been looking online for awhile (from my laptop since my desktop is useless). I noticed that several posts are specific to user so I thought I might need to try that. I am not computer savy so I may need alot of help...you may not want to attempt this! But please help anyway...I am good with instructions (usually!). Thanks so much!
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
[b]C:\WINDOWS\system32\__c006A1C8.dat[/b]
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click Yes
Once you click yes, your desktop will go blank as it starts removing the Vundo.
When completed, it will prompt that it will reboot your computer, click Ok
Please attach the C:\vundofix.txt & a new HijackThis log.
Note: it is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." When VundoFix appears at reboot.
======================================
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\SYSTEM32\__c006A1C8.dat (Trojan.Zlob) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00de624 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\44f0ed4d382 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\SYSTEM32\__c006A1C8.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
BitDefender log below(one infected file unable to remove)
BitDefender Log File
Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Full System Scan
Log date : 15:33:07 24/08/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1219609987_1_02.xml
My firefox has now shutdown. I do not know how to access the internet from my desktop computer. If I transfer files via a memory stick will this transfer the virus? Any other fix suggestions?