TechSpot

Vundo Virus Problem w/log

By gubhenheim
Jan 1, 2009
  1. Hey,
    What a great way to start off the new year huh?
    I've had this thing before but just got it again.
    I was gonna do a virus scan but came here instead to see if i could fix it with my log

    THANKS A BUNCH IN ADVANCE!

    if anything else is need please let me know




    Imma follow the very thorough instructions first
     
  2. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    Right Click on MyComputer icon and go to properties
    Turn Off system restore
    open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
    do a disk cleanup in your Start/accessories/system tools/ Menu
    download malwarebytes and install
    run hijackthis and malwarebytes at the same time
    select any files and or keys I posted in hijackthis but on both maiwarebytes and hijackthis click fix at the same time.
    then reboot immediatly.
    if you forget to turn off system restore it will return no matter

    reboot once complete, run hijack this and post your log here again
     
  3. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    Beggining of the End

    Ok,
    Did what was suggested...
    I scanned with SuperAnti, cleaned with CC and
    did the thing with Malwarebytes and HiJack
    here are my logs

    thanks for the help
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"

    By the way, you will need to then restart, and run (and attach) a new HJT log
     
  5. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    Hello,

    I've noticed that my Malwarebytes is running on outdated definitions but i wont update,
    something about a firewall. However, I changed my firewall settings to allow the program and tried all three mirrors.
    Any Suggestions?
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  7. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    He will need the winsock fix i believe get winsockfix and run it then follow the instruction prior for mawarebytes and hijackthis
     
  8. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    yeah,
    i tried running the fixit cmd, my computer restarted but Malwarebytes wont update
    i was thinking of just reinstalling it, however i cannot access the webpage.

    im wondering what my options are, im downloading winsockfix right now, hoping that it will help
    thanks

    OK- GOT AN UPDATED COPY,
    as of now, i am running malwarebytes
    will restart and then run hijack.

    also, i got a pop up with a url containing the word sagipsul, should i worry or does this come with my problem?

    thanks
     
  9. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    i know it is frustrating but we will work through it
     
  10. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    So here are the logs hopefully they are correct:

    thanks again for the patience and aid
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    A little better :)
    Please update Malwarebytes one more time (again?) Yes again ! Sadly Malwares hide other Malwares, running multiple scans, will find and remove them all (but update it first)

    Also try a free AntiVirus like => Avira
     
  12. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    ok, will do
    have a quick question, i've got SAS and im open to downloading avira
    is it fine to have both programs running at the same time along with Malwarebytes?

    and just checked, malwarebytes says i have the latest database version
    sooo....
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes actually I saw that it looked updated, but that's my standard advice - update first

    Regarding SAS; you can un-install it now :)
    And make sure to use one Antivirus, which will be the free Avira

    Then with Avira all updated and working
    Run Malwarebytes full scan (update first ;) )
     
  14. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    very well then,
    SAS is dead and gone, Avira is my weapon of choice.
    i'll start my scan soon and be back after i get some shut eye.

    THANK YOU VERY MUCH!
    I OWE THIS SITE MY something

    ok scanning is done here are my logs, and i think my system is clean, can you do a once over?

    im going restart and update with my hijackthis log

    here is my hijack this log and scan log

    thanks again

    is it fine to turn my system restore back one?
     
  15. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    NO
    Right Click on MyComputer icon and go to properties
    Turn Off system restore
    open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
    do a disk cleanup in your Start/accessories/system tools/ Menu

    After the reboot
    download malwarebytes www.malwarebytes.org and install
    run hijackthis and malwarebytes at the same time
    select any files and or keys I posted in hijackthis but on both maiwarebytes and hijackthis click fix at the same time.
    then reboot immediatly.
    if you forget to turn off system restore it will return no matter

    reboot once complete, run hijack this and post your log here again


    O20 - AppInit_DLLs: jwapfx.dll
    O20 - Winlogon Notify: xxyaxVlM - xxyaxVlM.dll (file missing)
     
  16. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    Latest Scan and Hijackthis

    Hopefully these will be the keys that will solve my dilemma
     
  17. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You have a number of bad issues

    Please run a new scan with HJT and tick and fix the following entries (confirming your Internet browser is first closed)

    Before restarting, download the following 4 tools, and print these instructions

    1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
    2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
    3. Restart computer and press F8 to run Windows in Safe Mode
    4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
    5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
    6. Run VirtumondoBeGone. Click Continue and wait for the report.
    7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
    8. Restart computer and run Windows normally.
    9. Attach the report
     
  18. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    SCANS FOR VUNDO w/REPORTS

    Here are my scans and vundo program reports
     
  19. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Still exists:
    KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.

    Download KillBox: http://www.killbox.net/downloads/KillBox.exe
    Run it, and copy and paste this line into the path: C:\Program Files\Vongo\Tray.exe
    Click the Red X (delete button)

    Restart back to SafeMode
    Locate: C:\Program Files\Vongo folder and delete it

    Startup HJT scan still in Safe Mode
    Tick and fix the following entry:
    Restart back to Normal mode
    Provide another HJT scan log (I want to see if it's now removed ;) )
     
  20. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    im racing against the clock to do all of this before i have to reboot to regain an internet connection,
    but KILLBOX states that "C:\Program Files\Vongo\Tray.exe" seems to not exist. So right now im gonna reboot in safe mode and be offline running hijack this after deleting the folder

    thanks

    UPDATE- ok, will this resolve my problems?
     
  21. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hooray :grinthumb its gone :approve:

    Clear & Reset System Restore's Cache
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    :)
     
  22. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    Did and done.
    Should this solve, my internet connection problems.
    I guess i'll find out soon, but if it doesn't.
    Will that mean that my system is infected with something else?

    AND THANK YOU!
    GRAND SLAM APPRECIATION

    It didn't =( , and i don't know what could be the problem . Is this another topic?
     
  23. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  24. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    rush to beat the internet baddies!

    I've tried the commands, but they don't seem to work.
    I have winsock, tried that and still the same problem

    Also ran Spybot SD in safemode and found some stuff earlier but, that didn't do anything.
    I'll see if running the routine again will prove to be better.

    Thanks

    would uninstalling then reinstalling firefox work?
     
  25. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hmm.

    Please create a new thread here -> Storage & Networking
    Explaining the issue clearly, and referencing all Malware removed already ;)

    Actually probably a good idea to supply another HJT log (in the new thread)
    And this:
    Start --> Run--> cmd /c ipconfig /all >Desktop\ipconfig.txt < ok>

    And post the ipconfig.txt (on your Desktop) as an attachment (in the new thread)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...