Vundo need help logs attached

[juggodish]

I just went through the 8 step virus removal guide. Can anyone help me interpret the results and tell me what I need to do next. I think I have a Vundo trojan than is attached to the winlogon.exe as an application extension. It was named wvUkJbBs.dll. Prior to going through this 8 step process I had done a scan with Mcafee OAS and it could not delete that file.

I dont seem to be having any major problems yet, just a few pop-up ads now and again. But I dont want it to get worse. So the help is much appreciated.

 

[juggodish]

ok, after all of the 8 steps I dont get any vundo trojans popping up after a scan using trend micro antivirus or McAfee OAS.

However, I am now having redirection problems when I do google searches. After a search when I click on a link i will get a page that has nothing to do with what I clicked. If i go back to the google search results and click the link again I now go the the correct webpage.

what is going on? am i still infected?

Also, in Device manager under Non plug and play drivers I have something called VSCore mferkdk that has an exclamation point next to it. is that something to worry about?

please help

thanks

 

[juggodish]

hello,

am i not including something I need to get a response from anyone?

thanks for any help.

 

[kimsland]

Uninstall your McAfee Antivirus
Then run the McAfee Removal Tool

Un-install: Viewpoint (Removal Tool: http://prm753.bchea.org/viewpointkiller.zip)

Run the Norton Removal tool

Run Startup Control Panel and remove any not required startups: (should be most!)

Install Avira free AntiVirus

Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed

There you go

 

[juggodish]

ok so i did those steps. As I was running the Malwarebytes program my trend micro antivirus popped up and told me it had quarantined a number or files. They were labeled as vundo trojans. I deleted them from the quarantine. I then finished the Malwarebytes scan and it gave me zero infected files.

Questions: Do some virus/spyware programs miss things that others catch? Probably right?
How many times should I run malwarebytes before i can believe I dont have a virus/spyware?

Problem: after all of this I went and did a google search and clicked on the first link it found and was redirected to another 2nd or 3rd rate search engine. I hit back and re-clicked the link and it worked fine. This doesnt happen on every search just once in a while. what is the problem?

thanks

 

[kimsland]

As I was running the Malwarebytes program my trend micro antivirus popped up and told me it had quarantined a number or files.

I think you mean, your: Trend Micro Anti-Spyware program popped up
I probably should have mentioned to un-install that, with the above, as well

Do some virus/spyware programs miss things that others catch? Probably right?

It's a sad truth that one Anti-Malware (Malware meaning Trojans\Spyware\Adware\Rootkits etc etc) Will not fully remove all Malwares
But if you're speaking of AntiVirus software then I find Avira (quoted above) to be the best. Please note, you can only have one Antivirus software installed at a time

How many times should I run malwarebytes before i can believe I dont have a virus/spyware?

Well, number 1 is to update it first (no use scanning with old definitions)
Usually I state scan (and remove found malwares) and then repeat, until they are all gone, ie zero

after all of this I went and did a google search and clicked on the first link it found and was redirected to another 2nd or 3rd rate search engine. ... what is the problem?

The problem is we haven't finished
Confirming that you have followed all my recommendations in this thread
You then should attach new logs
1. latest Malwarebytes log (hopefully looking clean)
2. (after restart) a new HijackThis log

From there I will check what else is lurking inside, and possibly provide more specialized tools to download and run

Good luck :grinthumb

 

[juggodish]

ok sorry it took so long to respond.

I did another Avira, Malewarebytes, and Hijackthis scans. I attached the logs below.

please let me know whats going on.


Btw, I am now having problems when I start my pc. Upon first startup all my programs are very slow to respond. after a restart everything works just fine.

 

[kimsland]

You have Trend Micro Internet Security installed plus now Avira (as I advised to install Avira above)
I also note that your original HJT log did not have Trend Micro Internet Security stated - did you install this, within the last few days

As you cannot have two Antiviruses installed at the same time
And because Trend's quarantine folder is still holding viruses, I advise that you use Add\Remove programs and fully un-install Trend, normally

Once this is done, scan with HJT, and fix (remove) these two only:

R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

Restart, once the above is complete

Then download Combofix
Lots of info on its use h e r e
Direct download h e r e

Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
Log into your Administrator account
Locate the previously downloaded Combofix
Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

Once Combofix has finished, save the log file to be attached to a new reply
Restart back to Normal mode, and attach the Combofix log

Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this

 

[juggodish]

ok,

i un-instulled trend micro, ran hijackthis, and combofix. here are the logs.

 

[kimsland]

Looking lots better
You can uninstall SuperAntipyware now, or leave it starting with your Windows (I'll leave this choice with you)

I only quickly checked the log as I need to keep moving
So I'll end off with, please do the following:

Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK