Vundo troubles

[atown11]

I have been infected with Vundo and need some help making sure I have gotten rid of everything. I have attached the logs from the 8 steps. Thanks!

 

[kimsland]

Here's a further 8-Steps:

Download the following 4 tools

1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
3. Restart computer and press F8 to run Windows in Safe Mode
4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
6. Run VirtumondoBeGone. Click Continue and wait for the report.
7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
8. Restart computer and run Windows normally.

 

[atown11]

OK I did the other steps and re-did the original 8 steps. Here is what I have for logs.

 

[kimsland]

Please locate C:\Combofix folder and then locate the Combofix log and attach that as well
If you cannot find this log you can just as easily re-run ComboFix in Normal Mode again

Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

Restart

Install Avira free AntiVirus
Confirm Avira is updated by right clicking on the tray icon and selecting "Start Update"
Then run a full scan with Avira and provide that log as well

Restart

Run a fresh HijackThis scan, and provide that log as well

3 logs pending

 

[atown11]

The Combofix log was too big to attach so I had to split it into 4 parts. I will upload the HijackThis log on the next post.

Here is the hijackthis log.

 

[kimsland]

BitTorrent found

File Sharing Programs found in logs

Info on using P2P Programs => https://www.techspot.com/vb/topic124748.html

Quote from 8-Step Removal Guide:

Uninstall File Sharing/P2P Programs

During the cleaning process all File Sharing Programs should be uninstalled
This is to avoid any possible reinfection of any malwares through file sharing

We reserve the right to withdraw our support:

• If such programs are found in your logs
• Should you not agree to their removal.

As they are normally set to bypass your Firewall and Anti-Virus software
Filesharing/P2P Programs serves as a constant threat to your computer

Also uninstall your McAfee Antivirus
Then run the McAfee Removal Tool

 

[atown11]

I uninstalled McAfee and did the clean up. As for BitTorrent, I uninstalled it over a year ago so I did a search on my computer and deleted everything that was left over. Is there something else I should do in regards to BitTorrent?

 

[kimsland]

Please run another ComboFix scan in Normal Mode
And save the log to be supplied to a new reply (I usually save it to Desktop for easy access)

Then restart and then run a fresh HijackThis scan and attach the log to a new reply
By the way if you are very thorough you could actually go through the HijackThis scan yourself and check (place a tick) in each entry that has "file missing" ( or "no file") at the end of the entry, and then select Fix.
Then restart again, and then provide a new HijackThis scan (run again) log (this will help you and me view the log much easier

 

[atown11]

Here are the logs. I went through the hijackthis log but I only saw two "no file" and one was yahoo toolbar which I dont use so I did want to check it and then the other one I didnt know what it was so I didnt want to touch it. Let me know what you think. Thanks!

 

[kimsland]

Please run HJT scan only
Close your Internet Browser (IE or Firefor or whichever you use)
Place a check mark (tick the box) next to the following entries
And then select Fix

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Before restarting, run the Norton Removal tool

Restart

Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Un-install Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• 
• When shown the disclaimer, Select "2"

(Note: 1 space after ComboFix in that uninstall command)


Restart

All should be OK

 

[atown11]

Thank you! I really appreciate it!