TechSpot

Vundo! Been fighting it for a week

By winter
Apr 15, 2009
  1. My computer has been infected with the Vundo trojan for the past few days. It's really annoying me... google works intermittently, there are sporadic pop-ups, and my system is running quite slow.

    I've been using Malwarebytes, Avast, and PC Tools Spyware Doctor, all in free versions. I've run scans so many times already and the programs always find infections and "clean" them out.

    But despite this, my computer is still infected! In fact, even when I run a scan right after finishing one, the program still comes up with, like 14 infections.

    I also used CCleaner to check the registry for errors and it always finds at least one issue, which it describes as ActiveX/COM Issue. It always involves some .dll with odd names like puteskepi or varayihe. These strange .dll files also show up in the startup menu listing in CCleaner. Despite deleting them from the list using CCleaner, they still restore themselves on reboot.

    After all that, I followed the "eight-step" instructions thing...I'm attaching the 3 logfiles from Malwarebytes, SuperAntiSpyware, and Hijackthis here.

    Btw, I've also used Symantec's "Vundo Remover" which apparently did not find any traces of vundo on my computer. But SuperAntiSpyware did find several traces of "vundo variants".

    Please help~! The semester is nearly over at my uni and I have papers to write~

    Thanks very much~!

    attached is the log from a combofix scan i just ran, if anyone is interested.

    thanks~
     
  2. touch

    touch TS Rookie Posts: 978

    Hello winter


    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...