Vundo!grb issues

Status
Not open for further replies.

sila

Posts: 15   +0
hi - in the last couple of days my machine seems to have caught the vundo!grb virus. my virus scan software supposedly removes it, but performance has been very weird, with pop ups, very slow connectivity, and also some common websites won't even load.

i have completed the 8 step virus/spyware/malware prelims and have attached the logs here.

any help would be greatly appreciated! thanks in advance
 
Hello sila


You have (had) a large number of infections. I´ll therefore suggest you post a combolog -

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Please connect all your external hard drive/flash drive before running Combofix, if you have any


Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Attach the contents of that log in your next reply.
 
hi touch,

i have run the combofix.exe per your instructions, and attached is the log.

thanks again!! :)

-s
 
Your Malwarebytes revision is now old (it updated to a new version yesterday)

Please start up your current version and select the update tab, and then update it
A new version will download and overwrite the old version automatically
Run a full scan (highly likely there are still infections present)

Then save the Malwarebytes log for a new reply attachment
Then Restart (this must be done)
Then run another HJT Scan and log and supply that as an attachment too
 
Open notepad and copy/paste the text in the quotebox below into it:

Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

File::
c:\windows\system32\hijhoz.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report, along with new hijackthis log
 
hi touch,

i did the CFScript and have attached the combolog and hijackthis log here. FYI while combofix was running, it told me there was an updated version which i did install.

thanks much! :)

-s
 
Unfortunately behaved combofix not as expected :rolleyes:

Therefore, we´ll have avenger to do the job -

Please download http://swandog46.geekstogo.com/avenger2/download.php
by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop

Start Avenger

Files to delete:
c:\windows\system32\hijhoz.dll

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Copy/Paste all the text in the above quote box into the main window
Click Execute

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.

This log file will be located at C:\avenger.txt

Attach C:\avenger.txt in next reply, along with fresh hijackthis log
 
Looks like it :)

And hijackthis log are clean.

Please tell how the computer are running now ?
 
yayyyyyy!!

computer is running great now! i am very very grateful for all your help. you guys are the best!

-s
 
That´s good news :grinthumb


You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

Please download OTCleanIt
http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.


I also suggest you read Tony Klein´s article :

http://www.spywareinfoforum.com/index.php?showtopic=60955
 
Status
Not open for further replies.
Back