Vundo Trojan found, please help

W

willydawg

Posts: 26   +0
AVG found some Vundo trojans on this computer. I healed them, then I uninstalled AVG and installed Avira. Went through the 8 steps and here's the logs requested. Do I need to run other apps?

Thanks in advance,
Will
 

Attachments

  • hijackthis.log
    7.6 KB · Views: 5
Hello willydawg

It looks like you have to run combofix -

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.


Close any open browsers.
Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
C:\WINDOWS\system32\kujuvata.dll
c:\windows\system32\nihuyuwe.dll
Click to expand...

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Just finished ComboFix

Hi Touch...

I ran ComboFix, attached it the log. One thing I noticed is that the Firefox homepage was changed and when opening the browser it asks to be the default browser. Also, the Internet Explorer shortcut keeps appearing on desktop even though I keep deleting it.

Should I run Avira again?

Thanks!
Will
 
The log looks clean. It is combofix there create Internet Explorer shortcut. You should be able to delete it now.

Yes, please run Avira, attach the log it produce, along with new hijackthis log and tell how things are running ?
 
I ran Avira & HJT, but the avira log file is huge for a txt file. It's over 20mb and this forum is not letting me upload. I noticed that the avira quarantine folder has tens of thousands of files in it, and that's probably why it's taking so long to scan and why the file is so big.

In avira, I'm going into the Quarantine section and deleting all the files. But it only shows 10,000 files at a time. Don't know how much more I have to go. Should I post just the hjt for now?

Thanks,
Will
 
Yes, please post fresh hijackthis log.

If you haven´t emptied Quarantine folder, I´ll suggest you do.

But first, create a New Restore Point ->

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
 
Here are new logs...

Hey Touch,

Here's the new Avira & HJT logs. The computer is running smooth so far. Thanks much
for your help!

Will
 
Sounds good, and clean log´s :)

Now your computer problems are solved, it is time for the clean-up procedure
Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place


If you have any cooments or questions, feel free to post back.

Otherwise, happy and safe surfing :wave:
 
thanks very much Touch for your help. I have now become my family's virus killer! thanks to this board...

Will
 

Similar threads

S
YouTube has quietly become the backbone of US classrooms
Replies
12
Views
120
Garysco
G
midian182
Avast Free Antivirus: Testing its features and learning about the six layers of protection
Replies
0
Views
1K
midian182
midian182
D
Three malicious VPN extensions on the Chrome Web Store infected 1.5 million devices before...
Replies
11
Views
1K
Nestea
N

Latest posts

Back