Vundo Trojan found, please help

By willydawg · 9 replies
May 5, 2009
  1. AVG found some Vundo trojans on this computer. I healed them, then I uninstalled AVG and installed Avira. Went through the 8 steps and here's the logs requested. Do I need to run other apps?

    Thanks in advance,

    Attached Files:

  2. touch

    touch TS Rookie Posts: 978

    Hello willydawg

    It looks like you have to run combofix -

    Please download Combofix:
    And save to the desktop.

    Close any open browsers.
    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  3. willydawg

    willydawg TS Rookie Topic Starter Posts: 26

    Just finished ComboFix

    Hi Touch...

    I ran ComboFix, attached it the log. One thing I noticed is that the Firefox homepage was changed and when opening the browser it asks to be the default browser. Also, the Internet Explorer shortcut keeps appearing on desktop even though I keep deleting it.

    Should I run Avira again?

  4. touch

    touch TS Rookie Posts: 978

    The log looks clean. It is combofix there create Internet Explorer shortcut. You should be able to delete it now.

    Yes, please run Avira, attach the log it produce, along with new hijackthis log and tell how things are running ?
  5. willydawg

    willydawg TS Rookie Topic Starter Posts: 26

    I ran Avira & HJT, but the avira log file is huge for a txt file. It's over 20mb and this forum is not letting me upload. I noticed that the avira quarantine folder has tens of thousands of files in it, and that's probably why it's taking so long to scan and why the file is so big.

    In avira, I'm going into the Quarantine section and deleting all the files. But it only shows 10,000 files at a time. Don't know how much more I have to go. Should I post just the hjt for now?

  6. touch

    touch TS Rookie Posts: 978

    Yes, please post fresh hijackthis log.

    If you haven´t emptied Quarantine folder, I´ll suggest you do.

    But first, create a New Restore Point ->

    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.
  7. willydawg

    willydawg TS Rookie Topic Starter Posts: 26

    Here are new logs...

    Hey Touch,

    Here's the new Avira & HJT logs. The computer is running smooth so far. Thanks much
    for your help!

  8. touch

    touch TS Rookie Posts: 978

    Sounds good, and clean log´s :)

    Now your computer problems are solved, it is time for the clean-up procedure
    Please download OTCleanIt
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
    When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    How did I get infected in the first place

    If you have any cooments or questions, feel free to post back.

    Otherwise, happy and safe surfing :wave:
  9. willydawg

    willydawg TS Rookie Topic Starter Posts: 26

    thanks very much Touch for your help. I have now become my family's virus killer! thanks to this board...

  10. touch

    touch TS Rookie Posts: 978

    Congratulations, it can easily become a full-time job :p
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...