System compromissed by vundo

Status
Not open for further replies.
R

rastaman

Posts: 21   +0
Hi, just a few days ago my system seems to have compromissed by vundo a few others, and basically the symptoms were just random and miscelaneous pop-up via IE through firefox or opera which are my main browsers.

Any way i have completed the recommended 8 steps and have uploaded the logs for review, even though my HJT log seems pretty clean i need an experts review. Logs are attached

PS What will be the recommended freeware out there, i currently use AVG, S&D, and Adaware. Iam a little skeptical if i was compromised with these installed is there anything better out there.........
 
Good job!

They both had many findings and could find more so UPDATE then run Quick scans with both MBAM and SAS post logs

Then only after above is finished and logs posted..

Download ComboFix

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.
=========================================

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike
 
recommended steps listed above completed, SD-Fix, HJT, Combo, MWB and SAS logs are attached, please review and provide feedback

oops!!!!!! would help if i uploaded the logs huh.......
 
After we get you clean we need to address multiple Virus scanners and your choices here.

But now do the below.

Uninstall ComboFix
Start-Run
type
combofix /u
Click OK

Now download a new ComboFix and rename it from combofix.exe to 12cbf34.exe, run that and post log.

Run SAS again and post log.

Then

Go here and download to Desktop: http://www.adrive.com/public/97c4357781f45c7e443061094b8cfaff3836f57446eb242ab2ee0b6cd68a0107.html

Double click it to run it.

Then click OK to self extract.

Once extracted dbl click to enter Fixer folder.

To run it 1st double click Daft, then click scan and check any found items and click fix and then exit.

Then just dbl click Fixit.cmd to run it.

But boot to Safe mode and run it! When finished reboot.

Mike
 
all recommended steps completed, please review logs and provide feedback, also what will be the recommended scanners and monitoring tools recommended, i no longer have faith in my current utilities......
 
My closing answers most of these questions. But we have more work to do as there are bad files left in the ComboFix log.

Hopefully this will do it!

Go here Download DrWeb https://www.techspot.com/vb/post724044-3.html

Then....

Boot to Safe Mode only! Not with Networking and run...

DrWeb will fisrt do an Express Scan on its own when it completes then you should do a full scan.

The first Virus it finds select Cure and it will use this as the default automatically for all the rest. What it can't fix will be Quarantined!

This will take a while based on CPU and HD speed and size, but is worth it!

Mike
 
Ok, i run DR-web in safe mode nothing found, went ahead and rerun SAS, HJT and CF, nothing found when SAS was run, i have attached the CF and HJT logs for review........!!!!!!!
 
Status
Not open for further replies.

Similar threads

A
More than 100,000 GitHub repositories found spreading malicious packages
Replies
2
Views
150
Uncle Al
Uncle Al
Cal Jeffrey
PS VR2 works "out of the box" on PC but only in cinema mode
Replies
5
Views
637
MakeMSGreatAgain
M
midian182
Google refuses to reinstate account after it flagged medical images as child abuse
Replies
23
Views
1K
ID10T
ID10T

Latest posts

Back