Vundo removed, yet still bad image popups

By sleepyjones
Jan 1, 2009
  1. Hi,
    I believe I had the vundo trojan and I think most of it was removed. I was able to run Malwarebytes which located most of the files and removed them. I then ran AVG and things looked clean. I've run both multiple times and have had clean results (other than some cookies). I'm still getting "Bad Image" popups everytime I reboot and everytime I try to open any applications or files. The messaging says "The application or DLL C:\WINDOWS\system32\dobafigi.dll is not a valid Windows image. Please check this against your installation diskette." The title bar always names the file I'm trying to open .exe - Bad Image."

    I think I've completed all of the steps in your 8 step process (I believe it said that I could substitute AVG for the other anti virus).

    I've attached my MBAM log, AVG results log, and hijackthis results. Can you please help?


    I've been reading some other threads that seem to have similar problems. I'm going to try running combofix and then re-run the other programs. I'll repost my files when I'm done (hopefully running combofix will clean things up even further.

    wow...combofix seemed to fix the more of those modal popups. My system is currently scanning with malwarebytes, etc, so I'll report back and let everyone know if this looks like it worked.
  2. sleepyjones

    sleepyjones TS Rookie Topic Starter

    Please review my logs

    So i ran everything again, and there didn't seem to be anything coming up. There is a lot of stuff in the Hackthis log, though, so could someone please take a look and let me know if there is anything else I should remove?

  3. rf6647

    rf6647 TS Maniac Posts: 829

    You have handled the infection well. Inclusion of combofix log informs me that there was residue from the TDSS threat that MBAM ignored (still).

    HJT scan. Tick & fix. Restart the computer.
    O15 - Trusted Zone: *
    rated questionable >> user choice to handle.
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\hpdj.exe (file missing)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...