Unable to remove Vundo Virus

[Sidz]

Hello, I have recently picked up a few Virus's. The first was one called Antivirus XP 2008, and the other Vundo something. I am not sure, but I think I removed the first one, because I scanned, saw it and Vundo, clicked "Fix" and then I scanned again, the first one was gone but vundo was still there. However, I also see that the first one(Antivirus XP 2008) still looks to be installed on my start menu. I did try and unstall it as well, but the icon stays.

Symptoms
----------

- Slower Computer
- Can't open certain sites(IE: Bitdefender for one)
- Links in google send me to unknown directories(I have to copy and paste URL in the Address bar)
- Firefox does not work(I click on it, see the hour glass, but it doesn't open), I now have to use IE
- Spybot does not work(I click on it, see the hour glass, but it doesn't open), but the rest of my anti-spyware does

FYI: Just thought I'd mention I have combofix already as the guy in the old thread I saw had it as well... I just don't know how to use it again, as I had to use it for a different problem quite some time ago... I remember just clicking on it and it running, but it doesn't seem to want to do that anymore. I also have Killbox, Superantispyware, Adaware, Spywareblaster, AVG, CCleaner, HJT, and LSPfix(which I got during my search for a fix). I've run most of this as well, but to no avail. I've gone through a different guide somewhere else that ended in me needing to get combofix. However, the virus disables me from being able to open any links of combofix so I can DL it.

I guess I should add my OS as well... XP SP3.

 

[xxdanielxx]

go to the link below and follow the guide then post the 3 logs here

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[computernerd17]

hello i am not really a computer genius but i would suggest getting mcafee after u fix the problem it could be maleware or smitfraud sorry i cant help more in i wqere in ur situation i would just reanstall fresh copy of XP or whipe my harddrive

 

[Sidz]

STEP 1 - Shut off all Monitoring programs

Was unable to view the Instructions link until step 6.

STEP 2 - Get AVG, Comodo

mmhmm

STEP 3 - Online Scan

Again, unable to access until step 6.

STEP 4 - get HJT

Check

STEP 5 - Rename HJT

Check

STEP 6 - Get and run Superantivirus or malwarebytes anti-malware

This is the program taht made the rest possible.

I already had the first program, it was the factor that helped me in my last nasty virus. This time, however, it was malwarebytes that I believe has been the factor for this virus. That is why I recommend downloading both.

After I scanned and removed the threats with malwarebytes, I was unable to access the net, but I played around repairing my winsock connection with Superantivirus(This is just one reason why it's handy) while in safe mode, and also repairing connection via IE diagnostic repair. It took me several times until I then tried unplugging my modem, rebooting in safe mode, and doing it again(after many times) then rebooted and net was back up again.

Now FF, spybot, and notepad work.

STEP 7 - Get SS&D

Check

STEP 8 - Get Adaware 2008

Check

STEP 9 - Get CCleaner

Check

STEP 10

Check and nothing found on any.

STEP 11 - Get Panda Antirootkit

Nothing found

STEP 12 - Combofix

Check

I thought I was in the clear after malwarebytes, but I'm pretty sure this thing picked up something extra.

STEP 13 - Run Antivirus

Check, I used AVG

this also picked up something extra. It found the exact file that it was I downloaded that gave me all this. Deleted.

STEP 14 - SS&D & Adaware

Nothing found.

STEP 15 - HJT

DONE.

--

Thanks to everyone, I think my computer is finally clean again. But just in case, I will attach the three logs. Nevermind, all my logs are too big to attach. So I'll copy + Paste then.

 

[Sidz]

STEP 1 - Shut off all Monitoring programs

Was unable to view the Instructions link until step 6.

STEP 2 - Get AVG, Comodo

mmhmm

STEP 3 - Online Scan

Again, unable to access until step 6.

STEP 4 - get HJT

Check

STEP 5 - Rename HJT

Check

STEP 6 - Get and run Superantivirus or malwarebytes anti-malware

This is the program taht made the rest possible.

I already had the first program, it was the factor that helped me in my last nasty virus. This time, however, it was malwarebytes that I believe has been the factor for this virus. That is why I recommend downloading both.

After I scanned and removed the threats with malwarebytes, I was unable to access the net, but I played around repairing my winsock connection with Superantivirus(This is just one reason why it's handy) while in safe mode, and also repairing connection via IE diagnostic repair. It took me several times until I then tried unplugging my modem, rebooting in safe mode, and doing it again(after many times) then rebooted and net was back up again.

Now FF, spybot, and notepad work.

STEP 7 - Get SS&D

Check

STEP 8 - Get Adaware 2008

Check

STEP 9 - Get CCleaner

Check

STEP 10

Check and nothing found on any.

STEP 11 - Get Panda Antirootkit

Nothing found

STEP 12 - Combofix

Check

I thought I was in the clear after malwarebytes, but I'm pretty sure this thing picked up something extra.

STEP 13 - Run Antivirus

Check, I used AVG

this also picked up something extra. It found the exact file that it was I downloaded that gave me all this. Deleted.

STEP 14 - SS&D & Adaware

Nothing found.

STEP 15 - HJT

DONE.

--

Thanks to everyone, I think my computer is finally clean again. But just in case, I will attach the three logs. Nevermind, all my logs are too big to attach. So I'll copy + Paste then.

 

[Sidz]

Sorry for double post.

Ok, so my combofix log is too big for both an attachment and a post, so I dunno what I will do bout that... "The text that you have entered is too long (758307 characters)."... lol

So here are the other two in their own posts.

 

[Sidz]

SAS LOG


SUPERAntiSpyware Scan Log
superantispyware.com

Generated 07/03/2008 at 02:54 AM

Application Version : 4.0.1154

Core Rules Database Version : 3477
Trace Rules Database Version: 1468

Scan type : Quick Scan
Total Scan Time : 00:38:14

Memory items scanned : 188
Memory threats detected : 0
Registry items scanned : 428
Registry threats detected : 0
File items scanned : 29760
File threats detected : 0

 

[Sidz]

HJT LOG


Logfile of HijackThis v1.99.1
Scan saved at 3:17:35 AM, on 7/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HijackThis\Crusty.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Kodak software updater.lnk.disabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe