Home > Help I > HELP! I Think I Have A New Variant To The VUNDO Virus

HELP! I Think I Have A New Variant To The VUNDO Virus

Windows 7 Pro 64 bit NSBU 22.9.0.68 IE 11 mhyde Visitor2 Reg: 04-Feb-2010 Posts: 10 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 04-Feb-2010 | 12:52PM • Permalink Please type your message and try again. 7 Replies Latest reply on Apr 15, 2009 12:09 PM by secured2k Vundo variant bwallace Apr 12, 2009 11:19 PM I was having virus C:\WINDOWS\system32\yawikofe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Having problems getting to safe mode on this computer (it's new and a little too fast for it's own good) but I'm going to try again in a little bit.Could someone http://splodgy.org/help-i/help-i-think-i-have-a-virus-i-know-i-have-lots-of-pop-ups.php

It is known to be distributed through spam email, peer-to-peer file sharing, drive-by downloads, and by other malware. Analysis by Jaime Wong and Jireh Sanico Prevention Take these steps to help prevent infection on your PC. C:\WINDOWS\system32\OoVxwyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully. security cleanup · actions · 2007-Mar-19 6:56 pm · (locked)

Forums → Software and Operating Systems → Security« Microsoft Lottery - You May Already Be a Winner • Month of https://forums.techguy.org/threads/help-i-think-i-have-a-new-variant-to-the-vundo-virus.739101/

A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.With Regards,Extremeboy Note: Please do not Here are the results:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 03/08/2009 at 07:11 PMApplication Version : 4.25.1014Core Rules Database Version : 3788Trace Rules Database Version: 1745Scan type : Complete ScanTotal Scan Time : 01:50:49Memory items Thanks for nothing.safe mode didn't help either, as windows logon is loaded even in safe mode, but a utility that schedules files to be deleted at next reboot did.The question remains, If you have any further problems with your Norton product, please feel free to come here again and open up a new thread.

DO NOT bump your new topic. I then moved the mdam-setup file from the flash drive to the infected PC and tried to install. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Hope they have a money-back guarantee (PC Tools usually do I believe).

Join Now What is "malware"? Also attached is the HijackThis log. Sounds a bit like your computer is part of a botnet. http://www.bleepingcomputer.com/forums/t/209311/i-think-im-infected-with-a-virus-help/ I've had experience with this virus before and I'm very angry McAfee couldn't actually deal with it.

Select Smart scan and click on the SCAN button to search for Trojan Vundo malicious files. Register now! Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 9:48PM • Permalink OK, will let it finish scanning. I tried running Malwarebytes as some posts recommend but the software would not download on the infected computer.

Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program You willing to help out another infected Norton user?  Replies are locked for this thread. Variants of Win32/Vundo, such as Trojan:Win32/Vundo.AF and Trojan:Win32/Vundo.gen, might create a mutex called SysUpdIsRunningMutex to prevent multiple instances of the variant from running. Back to top #6 magenta.opal magenta.opal Topic Starter Members 6 posts OFFLINE Local time:01:21 PM Posted 08 March 2009 - 05:51 PM Here are the results.

Attached is "DDS.txt" file. navigate here Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Should I just wipe/reformat the drives on the infected PC and reinstall the OS? Advice on grounding shielded DSL cable [HomeImprovement] by trs79265.

Will update Reader. Before I did the scan, I updated the virus definitions and disabled System Restore as Symantec recommends here: http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=3 The scan discovered the Trojan Vundo but could not completely remove it. What do I do? Check This Out Disable Autorun functionality This threat tries to use the Windows Autorun function to spread via removable drives, such as USB flash drives. This is a common malware behavior.

Hijackthis Start Hijackthis and tick these entries O2 - BHO: (no name) - {dddeec46-5e4a-446f-88b7-294547fe1e1e} - bevozeti.dll (file missing) O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" Back to top #7 extremeboy extremeboy Malware Response Team 12,975 posts OFFLINE Gender:Male Local time:02:21 PM Posted 08 March 2009 - 06:07 PM Hello.That looks a lot better, how's your What do I do?

However, when I downloaded it to the clean PC, the program works just fine.

Make sure that everything is Checked (ticked),then click on the Remove Selected button. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats STEP 3 : Remove the malicious registry keys added by the Trojan C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. It is known to be distributed through spam email, peer-to-peer file sharing, drive-by downloads, and by other malware.

Helpful Guides How to fix "No Internet After Malware Removal" (Free Guide) How to remove an Unwanted Browser Toolbar (Chrome, Firefox, IE and Edge) How to remove Any Browser Redirect (Virus You can download RogueKiller from the below link. Shopping for a Zero-Turn Mower [HomeImprovement] by John97240. this contact form Like Show 0 Likes(0) Actions 6.

I downloaded a vundo remover from a help site and from symantec, neither detected anything. RE: Vundo!grb secured2k Apr 15, 2009 12:09 PM (in response to seanmcd) You are probably getting this virus from an exploit in a 3rd party plugin like older versions of Flash, I rebooted and it was still acting up - I looked in regedit and found 3 dlls set to run at startup, so I wrote them down, rebooted off cd once Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.

But it didn't actually block it. C:\Documents and Settings\Furqan\Application Data\rhccwhj0en01\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give Delete the installer after use.An icon will be created on your desktop.

C:\WINDOWS\system32\dewukobe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. So I disabled, Spybot S&D TeaTimer and also the Spysweeper shields and automatic load options and ran the Kaspersky Online Scanner. C:\WINDOWS\system32\opnlmLBr.dll (Trojan.Vundo) -> Delete on reboot. We started getting random weird web pages popping up on us so I knew it had gotten through.

c:\WINDOWS\system32\sebowowa.dll (Trojan.Vundo.H) -> Delete on reboot. afriendhad made a suggestion that perhaps the infection is in my "modem"?? 4.