Spyware help

[chookychook]

Hello. Had a load of spyware including vundo on my system most of which I seem to have got rid of running a variety of cleaners. I was getting pop ups and dialogue boxes which have now stopped but there seem to be some bits left on my computer and there is noticable slowdown. here's my logs, if you could help me it would be much appreciated.

 

[matav]

go to command prompt [cmd.exe]
and type "at"
if it doesn't display "There are no entries in the list."
then type "at /delete" and say yes [y]

now delete these files if they are still there:
C:\WINDOWS\system32\ezowyuhdohvrtfl.dll
C:\WINDOWS\system32\bodozanu.dll
C:\WINDOWS\system32\damorume.dll

if these files aren't being deleted then do this
go to hijackthis
click on "main menu"
click on "open misc tools section"
click on "delete a file on reboot"
now select those three files manually

--
after doing that
go to hijackthis main menu & do a scan and remove these entries

O2 - BHO: agadoo browser optimizer - {476af93f-8fd9-f957-ecc5-f83b8687bc87} - C:\WINDOWS\system32\xrvhzojaqjmuwqtwl.dll (file missing)
O2 - BHO: (no name) - {7df72896-a23b-4831-a355-c56eb8958cd3} - C:\WINDOWS\system32\siwelehu.dll (file missing)
O2 - BHO: (no name) - {E1B5E11C-A39B-47D5-A4C9-6E3F51C0D218} - C:\WINDOWS\system32\ssqQifeD.dll (file missing)
O4 - HKLM\..\Run: [qmnobfvzlc] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ezowyuhdohvrtfl.dll"
O4 - HKLM\..\Run: [hibuwidebe] Rundll32.exe "C:\WINDOWS\system32\bodozanu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [hibuwidebe] Rundll32.exe "C:\WINDOWS\system32\bodozanu.dll",s (User 'LOCAL SERVICE')

--
reboot pc
uninstall all spyware removing softwares u installed or just remove them from startup cauz those slowdown pc and since u've installed 2 different spyware softwares that start up together
&
get rid of mcafee cauz it makes the pc real slow especially after a virus infection
get hold of kaspersky instead

--
a word of advice: i haven't checked ur hijackthis thoroughly but these changes are good enough

 

[chookychook]

thanks very much, i'll try that later and getr back to you.

 

[rf6647]

Matav, thanks for the save! This is a team effort - all volunteer. Welcome aboard.

Chookychook, welcome to TS.

Please update MBAM & SAS. MBAM is definitely stale. It has been about 2 weeks since that much alpha-junk has shown up in HJT.

Post new logs.

[edit]
McAfee is presently your main protection. I am withholding an opinion about the blend of antispy & anti-malware applications.

MBAM is needed to address this:
O20 - AppInit_DLLs: vumuly.dll,C:\WINDOWS\system32\damorume.dll,

 

[chookychook]

Hello again.
I followed both your advice. MBAM after updating seemed to pick up a few more interesting things. Computer seems a bit cleaner and faster.
Here are the logs and thank you very much for your time. It's very much appreciated.

 

[rf6647]

Whoops. I think the instructions are weak describing the need to restart the computer.

Following restart, repeat MBAM until achieving no infection OR no reduction in the reported infections. System Restore volumes are don't care at this point.

Likewise, Redo / repeat SAS.

Post back 3 logs.

 

[chookychook]

did an MBAM quick scan and nothing found. Do you think I should do a deep scan, (a bit lengthy at over 2 hours...)

 

[matav]

from ur hjtlog delete these:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7df72896-a23b-4831-a355-c56eb8958cd3} - C:\WINDOWS\system32\siwelehu.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [hibuwidebe] Rundll32.exe "C:\WINDOWS\system32\bodozanu.dll",s (User 'LOCAL SERVICE')

make sure bodozanu.dll is no longer on ur pc.
C:\WINDOWS\system32\bodozanu.dll

--
btw... you still have 3 anti-spyware running at same time!!
> Lavasoft Ad-Aware
> a-squared Anti-Malware
> SUPERAntiSpyware

why would anyone want to torture their pc by having 3 anti-spyware apps installed & running together?
do you ever see three anti-virus programs running together?
do you know how much load will come on the computer? [answer: alot!]

just keep any 1 and ur system will be definitely faster.
decide which you want to keep.
or instead if you want to install a few more anti-spyware softwares, i can recommend some good ones.
you'll see the pc work even slower then.
ur choice

--
other than all that, everything seems fine.

 

[rf6647]

I am following mflynn for leads on this. It appears SuperAntiSpyware is used to remove malware that is protecting the major infection.

Accordingly we will first concentrate on SAS removing malware.

Once SAS detects no infection OR can not progress further,
then we concentrate running MBAM.

Restart the computer.

Configure & run SAS (repeatedly until no new progress is reported) as follows

After loading but before clicking Scan perform SuperAntispyware config (one time)

Click the Preferences button > Scanning Control.

In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.

Since MBAM reports no infections in safe mode, we will perform a deep scan to seek out infected files/folders:

In MalwareBytes after update but before running
Click settings and confirm all are Checked

Updates to MBAM & SAS are appropriate when we achieve breakthrough or stall with infections that cannot be removed.

Read logs. Restart appropriate when so indicated that reboot is needed for removal.

 

[mflynn]

Hello Guys

Rich has it right!

Based on what you had that I see, and what I see you still have.

I highly Advise a MBAM Full Scan, fully updated with the advanced configs here.

And do it again if it is not clean. Post logs on each run!

Mike

 

[chookychook]

thanks, i'll post some new logs later on.