TechSpot

Trojan.Vundo HijackThis file log

By drumworkshop
Oct 24, 2005
  1. I used Symantec's Trojan.Vundo removal tool. Everything seemed good except Trojan.Vundo keeps coming back if I run the removal tool a few hours later. Also. Recently I removed WinFixer 2005 with Spybot Search and Destroy 1.4. I am not sure if these are related somehow. Any help would be appreciated.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Follow the Read: How to... posts at the top of this forum.
    Trojans
    Begintosearch
    HJT-logs
     
  3. drumworkshop

    drumworkshop TS Rookie Topic Starter

    Sorry about that editor. Here is my HikackThis log as an attachment.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Read the post again!
    We do NOT accept .doc files!
     
  5. drumworkshop

    drumworkshop TS Rookie Topic Starter

    Third time is a charm.

    Here is my HijackThis.txt attachment.
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First Read: Only use these HJT-instructions when asked!
    /R/ unRegister the xxx.DLL in that line
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    /R/ O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\system32\urqro.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    Fix ALL your O16 - DPF: entries
    O20 - Winlogon Notify: urqro - C:\WINDOWS\system32\urqro.dll
    ...................................................................................................
     
  7. drumworkshop

    drumworkshop TS Rookie Topic Starter

    I followed the instructions " Read: Only use these HJT-instructions when asked!" step by step exactly as written. It has been 24 hours and no more "WinFixer 2005" or "Security Center" pop ups. I must admit it took me two different tries to complete the instructions but it was well worth it so far. I'm keeping my fingers crossed. Until now, I was unfamiliar with unregistering a .dll. Cool stuff! I will udate this post if pop ups come back. Thank you RBS. I'm now ready for a guinness.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...