Vundo Virus Problem w/log

[gubhenheim]

Hey,
What a great way to start off the new year huh?
I've had this thing before but just got it again.
I was gonna do a virus scan but came here instead to see if i could fix it with my log

THANKS A BUNCH IN ADVANCE!

if anything else is need please let me know




Imma follow the very thorough instructions first

 

[BlkHeartWolf]

Right Click on MyComputer icon and go to properties
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu
download malwarebytes and install
run hijackthis and malwarebytes at the same time
select any files and or keys I posted in hijackthis but on both maiwarebytes and hijackthis click fix at the same time.
then reboot immediatly.
if you forget to turn off system restore it will return no matter

reboot once complete, run hijack this and post your log here again

 

[gubhenheim]

Beggining of the End

Ok,
Did what was suggested...
I scanned with SuperAnti, cleaned with CC and
did the thing with Malwarebytes and HiJack
here are my logs

thanks for the help

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log

 

[gubhenheim]

Hello,

I've noticed that my Malwarebytes is running on outdated definitions but i wont update,
something about a firewall. However, I changed my firewall settings to allow the program and tried all three mirrors.
Any Suggestions?

 

[kimsland]

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

Failing that, try here: https://www.techspot.com/vb/post684649-3.html

Then continue: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

 

[BlkHeartWolf]

He will need the winsock fix i believe get winsockfix and run it then follow the instruction prior for mawarebytes and hijackthis

 

[gubhenheim]

yeah,
i tried running the fixit cmd, my computer restarted but Malwarebytes wont update
i was thinking of just reinstalling it, however i cannot access the webpage.

im wondering what my options are, im downloading winsockfix right now, hoping that it will help
thanks

OK- GOT AN UPDATED COPY,
as of now, i am running malwarebytes
will restart and then run hijack.

also, i got a pop up with a url containing the word sagipsul, should i worry or does this come with my problem?

thanks

 

[BlkHeartWolf]

i know it is frustrating but we will work through it

 

[gubhenheim]

So here are the logs hopefully they are correct:

thanks again for the patience and aid

 

[kimsland]

A little better
Please update Malwarebytes one more time (again?) Yes again ! Sadly Malwares hide other Malwares, running multiple scans, will find and remove them all (but update it first)

Also try a free AntiVirus like => Avira

 

[gubhenheim]

ok, will do
have a quick question, i've got SAS and im open to downloading avira
is it fine to have both programs running at the same time along with Malwarebytes?

and just checked, malwarebytes says i have the latest database version
sooo....

 

[kimsland]

Yes actually I saw that it looked updated, but that's my standard advice - update first

Regarding SAS; you can un-install it now
And make sure to use one Antivirus, which will be the free Avira

Then with Avira all updated and working
Run Malwarebytes full scan (update first )

 

[gubhenheim]

very well then,
SAS is dead and gone, Avira is my weapon of choice.
i'll start my scan soon and be back after i get some shut eye.

THANK YOU VERY MUCH!
I OWE THIS SITE MY something

ok scanning is done here are my logs, and i think my system is clean, can you do a once over?

im going restart and update with my hijackthis log

here is my hijack this log and scan log

thanks again

is it fine to turn my system restore back one?

 

[BlkHeartWolf]

NO
Right Click on MyComputer icon and go to properties
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu

After the reboot
download malwarebytes www.malwarebytes.org and install
run hijackthis and malwarebytes at the same time
select any files and or keys I posted in hijackthis but on both maiwarebytes and hijackthis click fix at the same time.
then reboot immediatly.
if you forget to turn off system restore it will return no matter

reboot once complete, run hijack this and post your log here again


O20 - AppInit_DLLs: jwapfx.dll
O20 - Winlogon Notify: xxyaxVlM - xxyaxVlM.dll (file missing)

 

[gubhenheim]

Latest Scan and Hijackthis

Hopefully these will be the keys that will solve my dilemma

 

[kimsland]

You have a number of bad issues

Please run a new scan with HJT and tick and fix the following entries (confirming your Internet browser is first closed)

O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

Before restarting, download the following 4 tools, and print these instructions

1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
3. Restart computer and press F8 to run Windows in Safe Mode
4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
6. Run VirtumondoBeGone. Click Continue and wait for the report.
7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
8. Restart computer and run Windows normally.
9. Attach the report

 

[gubhenheim]

SCANS FOR VUNDO w/REPORTS

Here are my scans and vundo program reports

 

[kimsland]

Still exists:

O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.

Download KillBox: http://www.killbox.net/downloads/KillBox.exe
Run it, and copy and paste this line into the path: C:\Program Files\Vongo\Tray.exe
Click the Red X (delete button)

Restart back to SafeMode
Locate: C:\Program Files\Vongo folder and delete it

Startup HJT scan still in Safe Mode
Tick and fix the following entry:

O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

Restart back to Normal mode
Provide another HJT scan log (I want to see if it's now removed )

 

[gubhenheim]

im racing against the clock to do all of this before i have to reboot to regain an internet connection,
but KILLBOX states that "C:\Program Files\Vongo\Tray.exe" seems to not exist. So right now im gonna reboot in safe mode and be offline running hijack this after deleting the folder

thanks

UPDATE- ok, will this resolve my problems?

 

[kimsland]

Hooray :grinthumb its gone :approve:

Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

 

[gubhenheim]

Did and done.
Should this solve, my internet connection problems.
I guess i'll find out soon, but if it doesn't.
Will that mean that my system is infected with something else?

AND THANK YOU!
GRAND SLAM APPRECIATION

It didn't =( , and i don't know what could be the problem . Is this another topic?

 

[kimsland]

Oh I've just been emphasizing on Malware removal

Try this:
https://www.techspot.com/vb/post662504-2.html

And let me know the outcome

 

[gubhenheim]

rush to beat the internet baddies!

I've tried the commands, but they don't seem to work.
I have winsock, tried that and still the same problem

Also ran Spybot SD in safemode and found some stuff earlier but, that didn't do anything.
I'll see if running the routine again will prove to be better.

Thanks

would uninstalling then reinstalling firefox work?

 

[kimsland]

Hmm.

Please create a new thread here -> Storage & Networking
Explaining the issue clearly, and referencing all Malware removed already

Actually probably a good idea to supply another HJT log (in the new thread)
And this:
Start --> Run--> cmd /c ipconfig /all >Desktop\ipconfig.txt < ok>

And post the ipconfig.txt (on your Desktop) as an attachment (in the new thread)