System compromissed by vundo

By rastaman ยท 9 replies
Mar 23, 2009
  1. Hi, just a few days ago my system seems to have compromissed by vundo a few others, and basically the symptoms were just random and miscelaneous pop-up via IE through firefox or opera which are my main browsers.

    Any way i have completed the recommended 8 steps and have uploaded the logs for review, even though my HJT log seems pretty clean i need an experts review. Logs are attached

    PS What will be the recommended freeware out there, i currently use AVG, S&D, and Adaware. Iam a little skeptical if i was compromised with these installed is there anything better out there.........
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Good job!

    They both had many findings and could find more so UPDATE then run Quick scans with both MBAM and SAS post logs

    Then only after above is finished and logs posted..

    Download ComboFix

    Get it here:
    Or here:

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Download SDFix to Desktop.

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

  3. rastaman

    rastaman TS Rookie Topic Starter Posts: 21

    recommended steps listed above completed, SD-Fix, HJT, Combo, MWB and SAS logs are attached, please review and provide feedback

    oops!!!!!! would help if i uploaded the logs huh.......
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    After we get you clean we need to address multiple Virus scanners and your choices here.

    But now do the below.

    Uninstall ComboFix
    combofix /u
    Click OK

    Now download a new ComboFix and rename it from combofix.exe to 12cbf34.exe, run that and post log.

    Run SAS again and post log.


    Go here and download to Desktop:

    Double click it to run it.

    Then click OK to self extract.

    Once extracted dbl click to enter Fixer folder.

    To run it 1st double click Daft, then click scan and check any found items and click fix and then exit.

    Then just dbl click Fixit.cmd to run it.

    But boot to Safe mode and run it! When finished reboot.

  5. rastaman

    rastaman TS Rookie Topic Starter Posts: 21

    new logs attached for your review
  6. rastaman

    rastaman TS Rookie Topic Starter Posts: 21

    all recommended steps completed, please review logs and provide feedback, also what will be the recommended scanners and monitoring tools recommended, i no longer have faith in my current utilities......
  7. mflynn

    mflynn TS Rookie Posts: 2,655

    My closing answers most of these questions. But we have more work to do as there are bad files left in the ComboFix log.

    Hopefully this will do it!

    Go here Download DrWeb


    Boot to Safe Mode only! Not with Networking and run...

    DrWeb will fisrt do an Express Scan on its own when it completes then you should do a full scan.

    The first Virus it finds select Cure and it will use this as the default automatically for all the rest. What it can't fix will be Quarantined!

    This will take a while based on CPU and HD speed and size, but is worth it!

  8. rastaman

    rastaman TS Rookie Topic Starter Posts: 21

    Ok, i run DR-web in safe mode nothing found, went ahead and rerun SAS, HJT and CF, nothing found when SAS was run, i have attached the CF and HJT logs for review........!!!!!!!
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

  10. rastaman

    rastaman TS Rookie Topic Starter Posts: 21

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...