Vundo!grb issues

By sila · 11 replies
Mar 25, 2009
  1. hi - in the last couple of days my machine seems to have caught the vundo!grb virus. my virus scan software supposedly removes it, but performance has been very weird, with pop ups, very slow connectivity, and also some common websites won't even load.

    i have completed the 8 step virus/spyware/malware prelims and have attached the logs here.

    any help would be greatly appreciated! thanks in advance
  2. touch

    touch TS Rookie Posts: 978

    Hello sila

    You have (had) a large number of infections. I´ll therefore suggest you post a combolog -

    Please download Combofix:

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.

    Attach the contents of that log in your next reply.
  3. sila

    sila TS Rookie Topic Starter

    hi touch,

    i have run the combofix.exe per your instructions, and attached is the log.

    thanks again!! :)

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Your Malwarebytes revision is now old (it updated to a new version yesterday)

    Please start up your current version and select the update tab, and then update it
    A new version will download and overwrite the old version automatically
    Run a full scan (highly likely there are still infections present)

    Then save the Malwarebytes log for a new reply attachment
    Then Restart (this must be done)
    Then run another HJT Scan and log and supply that as an attachment too
  5. sila

    sila TS Rookie Topic Starter

    hi kimsland

    attached are the updated mbam and hjt logs. thanks again! :)

  6. touch

    touch TS Rookie Posts: 978

    Open notepad and copy/paste the text in the quotebox below into it:

    Name the file as CFScript
    and Save it on the desktop

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report, along with new hijackthis log
  7. sila

    sila TS Rookie Topic Starter

    hi touch,

    i did the CFScript and have attached the combolog and hijackthis log here. FYI while combofix was running, it told me there was an updated version which i did install.

    thanks much! :)

  8. touch

    touch TS Rookie Posts: 978

    Unfortunately behaved combofix not as expected :rolleyes:

    Therefore, we´ll have avenger to do the job -

    Please download
    by Swandog46 to your Desktop.
    Click on to open the file
    Extract avenger2.exe to your desktop

    Start Avenger

    Copy/Paste all the text in the above quote box into the main window
    Click Execute

    The Avenger will automatically do the following:
    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions.

    This log file will be located at C:\avenger.txt

    Attach C:\avenger.txt in next reply, along with fresh hijackthis log
  9. sila

    sila TS Rookie Topic Starter

    hi touch

    avenger to the rescue (hopefully)!

    logs attached. thanks! :)

  10. touch

    touch TS Rookie Posts: 978

    Looks like it :)

    And hijackthis log are clean.

    Please tell how the computer are running now ?
  11. sila

    sila TS Rookie Topic Starter


    computer is running great now! i am very very grateful for all your help. you guys are the best!

  12. touch

    touch TS Rookie Posts: 978

    That´s good news :grinthumb

    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    I also suggest you read Tony Klein´s article :
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...