TechSpot

Vundo virus

By ascot54
Nov 22, 2008
Topic Status:
Not open for further replies.
  1. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    my latest log from HJT...

    i have ran all the norton removal tools,

    Ran regsweeper etc..

    i found invalid entries for Nokia software that is no longer used, so deleted all entries for that too..

    (i will be slow in replying to work) so apologies guys for that in advance..

    Rgds
    Paul
  2. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Mike, Bobbye,

    have you sighted my latest logs ?

    any recommendations now ?

    Thanks
  3. mflynn

    mflynn TS Rookie Posts: 2,793

    Yeah I guess I did..

    It is clean now you are clean.

    I enjoyed helping you. You did a fabulous job following the many instructions.

    I hope you expected me to be thorough. And I don't give up! I noticed in another thread you referred to me as a Whiz Kid well at 64 I and hardly a Kid but thanks. I just volunteer here but I do this professionally for a living and have for 30 years. And even with (CRS) and as slow as I am you are bound to pickup on a few things.

    This thread will be here a long time, refer to it every so often let us know how things are doing.

    I will close in the next post but here is one final performance tweak you might consider.

    Clean and tweak services

    In services stop and disable all of the below.

    Nothing is un-installed or deleted, only disabled from running!

    They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.

    Disabled uses no memory (RAM) and no CPU cycles.
    Manual uses the RAM but a small amount of CPU.
    Auto and not started they use even more RAM and CPU.
    Auto and started even more RAM and CPU ..

    Leave off until it is noticed that you need one (not likely for 99%) then it can be enabled.

    Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles!

    Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is!

    So if you need most of them (or just think you do because you don't) then just as well enable them all)!

    Distributed Link Tracking Client
    Distributed Transaction Coordinator
    DNS Client
    Fast User switching
    Health Key and Certificate Management Service
    Indexing service
    Messenger
    Net logon (only needed to log into a Domain Server)
    Net.TCP Port Sharing
    NetMeeting Remote Desktop Sharing
    IPsec services
    QoS RSVP
    Remote Registry (also a security risk)
    Uninterruptable power supply
    Universal Plug and play
    Web Client
    Windows media player Network Sharing

    IF you are using a wired network card and "NOT" using wireless on this computer then you can also disable ....

    Wireless Zero configuration

    Wireless Zero configuration is only used on computers with a wireless NIC like a Laptop.

    Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.

    In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.

    This is not to be confused with Wired Auto Config do not disable that!

    Mike
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Paul, please give me your system status: This has gone on for a long time and you've run a lot of programs, maybe it's time to just regroup and see where we are:

    What were the original problems?
    Have they been resolved?
    What problems-if any-exist now?

    I may have you run Malwarebytes and SuperAntispyware once more- but the HijackThis log is clean.

    Well, Mike and I were posting at the same time- so I don't know where this will go.
    Edit2: Regarding changing the Startup type for Services, I am leaving two references sites to assist in this. he most important thing to remember when changing Services is to always check the Dependency tab. And it's best the work with the Services in Safe Mode:
    http://www.blackviper.com/WinXP/servicecfg.htm
    http://www.ss64.com/ntsyntax/services.html
  5. mflynn

    mflynn TS Rookie Posts: 2,793

    Thread closing-------------------------------------------------------------------
    Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Save to desktop.

    This will remove all the tools we used to clean your computer.
    These tools update so often they require downloading again later if needed.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall, Widows Defender or other guards or security programs about OTCleanIt attempting access to the Internet, allow all.

    If prompted to Reboot click Yes.
    OTCleanit will delete itself when finished, if not delete it by yourself.

    -------------------------------------------------------------------------------------
    Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Clean...---------------------------------------------
    The issues found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    -------------------------------------------------------------------------------------

    Every 2 weeks or so run mbam and sas until clean They take a while so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be schedules not to interfere with computer time.

    If they find something they can not clean then get back to us.

    Additionally run CCleaner.

    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to co-exist with other Virus scanners.

    Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. It's like looking at it with 2 sets of eyes and from a different angle.

    You must read the documentation on the website as it learn what you run and after approval will not prompt on that item. So there is a small learning curve for you.

    http://www.threatfire.com/Download/
    -------------------------------------------------------------------------------------
    Look at http://www.javacoolsoftware.com/spywareblaster.html

    Run SpyBot ocassionally and use the Immunize function.
    http://www.safer-networking.org/en/download/

    Install Hostman and allow it to disable DNS Client and select all 4 Host files and the Update
    Hostman http://www.abelhadigital.com/2008/07...-released.html

    A Disk scan and Defrag are in order.

    Mike
  6. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Guys,
    just in from work and sighted your postings...

    sincere thanks for the help you have both given to me..

    only area i need to look at is my system resore seems to have turned off and disapeared from the tabs !

    but that will wait for another time..

    best wishes to you in the USA ..

    Paul in UK...

    ps.
    Mike the pitcher will be on ice !

    cheers...
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    For System Restore:

    All Programs> Accessories> system Tools> System Restore> UNCHECK 'turn off System Restore'> Apply> OK> Reboot. Set a new restore point.

    A Tip: create a shortcut for System Restore and put it in the Quick Launch Toolbar. Very handy and a good reminder to set your won restore points.
  8. mflynn

    mflynn TS Rookie Posts: 2,793

    Great Paul I love Beer can't wait to get there!:D

    If you find SR is still not available go back to DAF and Hammerhead (2nd page)

    Reinstall System Restore.

    Then create a SR Point.

    I don't know how many times in helping people that we have tried a SR and found none available, or find one to restore and it will not install.

    So I use this in addition.

    ERUNT
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    ERUNT http://www.larshederer.homepage.t-online.de/erunt/
    Yes! Even if you use system restore and other backups Registry and Images.

    Mike
  9. slgeebrr

    slgeebrr TS Rookie

    Re: Virtumondo Trojan infections.....
    I joined this forum because of a bad Vundo infection....and got lucky.

    As a shot in the dark I tried running lLavaSoft AdAware.....it gave the option of downloading the latest "Anniversary Edition" which I did. One pass and I was clean!!!! something that AVG and Spybot weren't able to do.....

    Might try this option before some of the more exotic things that I see posted on these forums...

    Let me know if this helps anyone else

    Thanks
    slgeebrr
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  11. slgeebrr

    slgeebrr TS Rookie

    Hey I'm not in a scanner beauty contest or anything......just wanted to say that the latest edition of Ad Aware did the job in this particular case in one pass, no less....

    ;)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.