Home > Possible Vundo > Possible Vundo? Or Other Infections. Hijackthis Log

Possible Vundo? Or Other Infections. Hijackthis Log

You can also drop old restore points this way: Control Panel> System> System Restore tab> CHECK 'turn off System Restore'> Apply> OK> Reboot That will drop the old restore points. Many think that the email from Aunt Sally is okay and the attachment is secure because Aunt Sally sent it. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Tried to do a clean install of windows and it would freeze at the screen where the setup would open.Eventually had to take the drive out and format it from my this contact form

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply That may cause it to stall. Someone will be along to tell you what steps to take after you post the contents of the scan results....................................................................................Important Note: Possible Vulnerability in Sun Java versions may be responsible for

After a few moments, the System Properties dialog box closes. 0 LVL 8 Overall: Level 8 Anti-Virus Apps 2 Anti-Spyware 1 Message Accepted Solution by:dmarinenko dmarinenko earned 300 total points GO back and re-hide the files and folders after the search. Note: If ThreatFire posses a problem please drop into safe mode and try to run again.

After a few moments, the System Properties dialog box closes. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> Finally click Empty Selected. Click to clear the Turn off System Restore check box.

Jan 15, 2009 #10 zyglur TS Rookie Topic Starter Posts: 22 I think We are close to the end. Once you click yes, your desktop will go blank as it starts removing Vundo. 6. It is a simple procedure that will only take a few moments of your time. rihuhavu is from the vundo and the other garbage names probably are also O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) Always back up your registry first.

Please help Dec 29, 2008 Add New Comment You need to be a member to leave a comment. Or Other Infections. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.

I even ran vundofix as I was instructed last time I had an issue, and it found nothing. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:39:17 PM, on 3/31/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe Windows 7 Pro 64 bit NSBU 22.8.1.14 IE 11 bjm_ Guru Norton Fighter25 Reg: 07-Sep-2008 Posts: 13,706 Solutions: 280 Kudos: 2,010 Kudos0 Re: HijackThis Log concerning Trojan Vundo Posted: 03-Aug-2010 | Although I have not received notification of Vundo or infection on my computer, I continue to have delayed computer and internet speed, popups, and occasionally warnings and alerts from my computer

All scans (vundofix, malwarebytes and superantispyware) are clean. weblink Click on CleanUp!. Success always occurs in private and failure in full view. Thank you again Jan 22, 2009 #23 Bobbye Helper on the Fringe Posts: 16,335 +36 You're welcome.

  1. Greets Jurgenv.
  2. I'm at work for now but I began the cleaning and will get back to you afterwards.
  3. Greets Jurgenv.
  4. Will probably try the email client out tonight when I get home as I'm at work at the moment.
  5. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Java Cache The rest are optional - if you want to remove the
  6. I hope I wasn't to long Zyglur Jan 13, 2009 #1 Bobbye Helper on the Fringe Posts: 16,335 +36 Unfortunately, when you ran Malwarebytes, you did not check this
  7. Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India MenuExperts Exchange Browse BackBrowse Topics Open Questions Open Projects Solutions Members Articles Videos Courses Contribute Products BackProducts Gigs
  8. Jan 14, 2009 #4 zyglur TS Rookie Topic Starter Posts: 22 ok, I performed the scans and deletes : you will find the logs atached to this post I believe last
  9. scanning hidden autostart entries ...scanning hidden files ...
  10. You shouldn't have has any 'left over' malware files.

What I should do is "not sure" = TRASH Thanks again for all the time you spent on my problem. You must have done something in your sleep! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. navigate here uStart Page = hxxp://www.google.com/ uLocal Page = \blank.htm uInternet Connection Wizard,ShellNext = hxxp://www.lexmark.com/MD/?func=newreg&lang=0&prtr=4410001&ctry=00000409&os=5&src=1 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm LSP: c:\windows\System32\iavlsp.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java

A very good deterrent is SpywareBlaster- it's free and it's good: http://www.javacoolsoftware.com/spywareblaster.html Jan 19, 2009 #18 zyglur TS Rookie Topic Starter Posts: 22 Thank you, that was actually the answer Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Could the experts take a look at this HijackThis log and see if there's anything unusual going on?

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

Urgent Customer Issues If you are experiencing an issue that needs urgent assistance please visit our customer support area: Chat with Norton Support @NortonSupport on Twitter Who's online There are currently I was suprised my antivirus (ESET NOD32 SMart Security) didn't prevent the infection, do you think I should change ? Maybe, I should have kept my $.02 Hope I did not harm OP from getting needed assist here.... The program will install and then begin downloading the latest definition files.

I told my friend to start digging for his recovery disks if he has them. Please allow ComboFix to install, if needed, Windows Recovery Console. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Skip http://scvanet.org/possible-vundo/possible-vundo-but-i-ve-taken-this-as-far-as-i-can-go-help.html I downloaded Spywareblaster and will install it ASAP.

If, Yes : wich antivirus and wich antispyware ? IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no It is a simple procedure that will only take a few moments of your time. ** Please Note: At times ComboFix may appear to stall, please be patient.When finished, it will Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Spark] C:\Program Files\Spark\Spark.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4

Jan 21, 2009 #22 zyglur TS Rookie Topic Starter Posts: 22 Spybot and Antivirus (ESET NOD32) scan yesterday were clean.