TechSpot

Vundo need help logs attached

By juggodish
Jan 7, 2009
  1. I just went through the 8 step virus removal guide. Can anyone help me interpret the results and tell me what I need to do next. I think I have a Vundo trojan than is attached to the winlogon.exe as an application extension. It was named wvUkJbBs.dll. Prior to going through this 8 step process I had done a scan with Mcafee OAS and it could not delete that file.

    I dont seem to be having any major problems yet, just a few pop-up ads now and again. But I dont want it to get worse. So the help is much appreciated.
     
  2. juggodish

    juggodish TS Rookie Topic Starter

    ok, after all of the 8 steps I dont get any vundo trojans popping up after a scan using trend micro antivirus or McAfee OAS.

    However, I am now having redirection problems when I do google searches. After a search when I click on a link i will get a page that has nothing to do with what I clicked. If i go back to the google search results and click the link again I now go the the correct webpage.

    what is going on? am i still infected?

    Also, in Device manager under Non plug and play drivers I have something called VSCore mferkdk that has an exclamation point next to it. is that something to worry about?

    please help

    thanks
     
  3. juggodish

    juggodish TS Rookie Topic Starter

    hello,

    am i not including something I need to get a response from anyone?

    thanks for any help.
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  5. juggodish

    juggodish TS Rookie Topic Starter

    ok so i did those steps. As I was running the Malwarebytes program my trend micro antivirus popped up and told me it had quarantined a number or files. They were labeled as vundo trojans. I deleted them from the quarantine. I then finished the Malwarebytes scan and it gave me zero infected files.

    Questions: Do some virus/spyware programs miss things that others catch? Probably right?
    How many times should I run malwarebytes before i can believe I dont have a virus/spyware?

    Problem: after all of this I went and did a google search and clicked on the first link it found and was redirected to another 2nd or 3rd rate search engine. I hit back and re-clicked the link and it worked fine. This doesnt happen on every search just once in a while. what is the problem?

    thanks
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I think you mean, your: Trend Micro Anti-Spyware program popped up
    I probably should have mentioned to un-install that, with the above, as well



    It's a sad truth that one Anti-Malware (Malware meaning Trojans\Spyware\Adware\Rootkits etc etc) Will not fully remove all Malwares
    But if you're speaking of AntiVirus software then I find Avira (quoted above) to be the best. Please note, you can only have one Antivirus software installed at a time



    Well, number 1 is to update it first (no use scanning with old definitions)
    Usually I state scan (and remove found malwares) and then repeat, until they are all gone, ie zero



    The problem is we haven't finished
    Confirming that you have followed all my recommendations in this thread
    You then should attach new logs
    1. latest Malwarebytes log (hopefully looking clean)
    2. (after restart) a new HijackThis log

    From there I will check what else is lurking inside, and possibly provide more specialized tools to download and run

    Good luck :grinthumb
     
  7. juggodish

    juggodish TS Rookie Topic Starter

    ok sorry it took so long to respond.

    I did another Avira, Malewarebytes, and Hijackthis scans. I attached the logs below.

    please let me know whats going on.


    Btw, I am now having problems when I start my pc. Upon first startup all my programs are very slow to respond. after a restart everything works just fine.
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You have Trend Micro Internet Security installed plus now Avira (as I advised to install Avira above)
    I also note that your original HJT log did not have Trend Micro Internet Security stated - did you install this, within the last few days :confused:

    As you cannot have two Antiviruses installed at the same time
    And because Trend's quarantine folder is still holding viruses, I advise that you use Add\Remove programs and fully un-install Trend, normally

    Once this is done, scan with HJT, and fix (remove) these two only:
    Restart, once the above is complete

    Then download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

    Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
    Log into your Administrator account
    Locate the previously downloaded Combofix
    Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

    Once Combofix has finished, save the log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log

    Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this ;)
     
  9. juggodish

    juggodish TS Rookie Topic Starter

    ok,

    i un-instulled trend micro, ran hijackthis, and combofix. here are the logs.
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Looking lots better
    You can uninstall SuperAntipyware now, or leave it starting with your Windows (I'll leave this choice with you)

    I only quickly checked the log as I need to keep moving
    So I'll end off with, please do the following:

    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...