Been having some computer trouble with slowness and when I open windows task manager and select a process it highlights on and off as if it was selecting and de-selecting without me clicking it.
Attached are my mbam and hijackthis log. I believe I have a Vundo H virus as detected by mbam.
Here is my MBAM log after selecting "Remove all detected objects":
Malwarebytes' Anti-Malware 1.36
Database version: 2051
Windows 5.1.2600 Service Pack 3
4/27/2009 5:56:42 PM
mbam-log-2009-04-27 (17-56-42).txt
Scan type: Quick Scan
Objects scanned: 68477
Time elapsed: 1 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\yopareza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lajitizo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ranatepo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\memotoga.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fed42c7-23d1-4516-92f0-dfc2129eca17} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2fed42c7-23d1-4516-92f0-dfc2129eca17} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2fed42c7-23d1-4516-92f0-dfc2129eca17} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6013450d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\loteyeduvu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm63207691 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yopareza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yopareza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\memotoga.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\lajitizo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ozitijal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\navijijo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\memotoga.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ranatepo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yopareza.dll (Trojan.Vundo.H) -> Delete on reboot.
Got a message that C:\WINDOWS\system32\lajitizo.dll
C:\WINDOWS\system32memotoga.dll
C:\WINDOWS\system32\ranatepo.dll
C:\WINDOWS\system32\yopareza.dll
could not be removed but would be added to the delete on reboot list.
I am going to reboot and look forward to any further instructions that need to be taken.
I'd very much appreciate help with this,
Thanks
- Belrum
I'd greatly appreciate help with this, thanks.
Attached are my mbam and hijackthis log. I believe I have a Vundo H virus as detected by mbam.
Here is my MBAM log after selecting "Remove all detected objects":
Malwarebytes' Anti-Malware 1.36
Database version: 2051
Windows 5.1.2600 Service Pack 3
4/27/2009 5:56:42 PM
mbam-log-2009-04-27 (17-56-42).txt
Scan type: Quick Scan
Objects scanned: 68477
Time elapsed: 1 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\yopareza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lajitizo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ranatepo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\memotoga.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fed42c7-23d1-4516-92f0-dfc2129eca17} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2fed42c7-23d1-4516-92f0-dfc2129eca17} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2fed42c7-23d1-4516-92f0-dfc2129eca17} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6013450d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\loteyeduvu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm63207691 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yopareza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yopareza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\memotoga.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\lajitizo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ozitijal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\navijijo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\memotoga.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ranatepo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yopareza.dll (Trojan.Vundo.H) -> Delete on reboot.
Got a message that C:\WINDOWS\system32\lajitizo.dll
C:\WINDOWS\system32memotoga.dll
C:\WINDOWS\system32\ranatepo.dll
C:\WINDOWS\system32\yopareza.dll
could not be removed but would be added to the delete on reboot list.
I am going to reboot and look forward to any further instructions that need to be taken.
I'd very much appreciate help with this,
Thanks
- Belrum
I'd greatly appreciate help with this, thanks.
