Bad image pop ups (8 steps completed)

Status
Not open for further replies.

derx4

Posts: 6   +0
as i've found this is most likely related to the vundo trojan. i found a similar problem someone else had on your forums here:

techspot.com/vb/showthread.php?t=115821


i've completed all of the 8 steps and my logs are included. I appreciate any help you can offer.

the second log included is a scan of only registry files and the C:\windows files as that is where the infections were found

i'm currently running the SDfix i'll post it's log when i'm done
 
i ran both mbam and sas again.

mbam is clean and sas had only one infected file logs are included
 
the computer has remained off since that last log was posted... i'm not immediately able to access the computer
 
There is a(re) file(s) I do not recognize, please carry out the following:

  • Please visit Jotti Online Malware Scan
  • Copy the following line into the white text box:
  • Code:
    C:\WINDOWS\system32\bibejira.dll
  • Click Submit.
  • Please post the results of this scan to this thread.

Note: If the server is busy at the above site, try this alternative site:

  • Go to Virus Total-Upload A File.
  • Copy the following line into the white text box:
  • Code:
    C:\WINDOWS\system32\bibejira.dll
  • Click Send.
  • Please post the results of this scan to this thread.

Fix entries using HiJackThis

  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {aaccb9c2-c6c1-456e-aede-230e5a7177a7} - (no file)
O2 - BHO: (no name) - {e70e6057-b6f0-46ea-8894-71bb513a12c4} - (no file)
O2 - BHO: (no name) - {f319a7f5-dc80-447d-9c65-7ca03c827e29} - (no file)
O2 - BHO: (no name) - {f53de821-2e40-4b55-93dd-cf740993b5d4} - (no file)
O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing)
O8 - Extra context menu item: &Search - ?p=ZK
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab


  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis


    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please attach the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Please Download VirtumundoBeGone by secured2k
    • Save the file to your desktop
    • Close all running programs (including your Internet Browser)
    • Double-click VirtumundoBeGone.exe on the desktop
    • Read the introductory information, and then click Continue
    • Click Start
    • When asked if you want to continue, click Yes to run the fix
    • Click "Save Log"

    Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

    The log created by VirtumundoBeGone called VBG.TXT will be on located on your desktop. Please retain VBG.TXT.

    Empty Recycle Bin.

    Reboot and attach the VBG.TXT into this thread.
    Also please describe how your computer behaves at the moment.

  • Reboot HijackThis if necessary
 
Status
Not open for further replies.
Back