Windows Support Forum

Highly resistant Vundo/MS Juan/MS Tracker infection

Q: Highly resistant Vundo/MS Juan/MS Tracker infection

Okay this is really really annoying I can't seem to track the root cause of the infection and it keeps coming back after restart or on invocation of IE even though MBAM reports successful removal Any help greatly appreciated Logs from HJT and MBAM attached Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS Juan/MS Tracker Vundo/MS resistant infection Highly System svchost exeC Program Files Lavasoft Highly resistant Vundo/MS Juan/MS Tracker infection Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Bonjour mDNSResponder exeC Program Files Google Common Google Highly resistant Vundo/MS Juan/MS Tracker infection Updater GoogleUpdaterService exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC WINDOWS System svchost exeC Program Files Norton Highly resistant Vundo/MS Juan/MS Tracker infection Ghost Agent VProSvc exeC WINDOWS system nvsvc exeC WINDOWS System svchost exeC WINDOWS system PSIService exeC WINDOWS system svchost exeC WINDOWS system dllhost exeC WINDOWS system dllhost exeC Program Files Norton Ghost Shared Drivers SymSnapService exeC WINDOWS Explorer EXEC WINDOWS RTHDCPL EXEC Program Files ASUS EPU- Engine FourEngine exeC Program Files ASUS Ai Suite AiNap AiNap exeC Program Files Common Files Ulead Systems AutoDetector monitor exeC Program Files Norton Ghost Agent VProTray exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files HP ToolBoxFX bin HPTLBXFX exeC WINDOWS System spool DRIVERS W X E S I H EXEC WINDOWS System spool DRIVERS W X E S I H EXEC Program Files Corel Corel MediaOne CorelIOMonitor exeC Program Files HP HP Software Update HPWuSchd exeC WINDOWS system RUNDLL EXEC Program Files iTunes iTunesHelper exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Zamaan's Software Browser Hijack Retaliator BHR exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Skype Phone Skype exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Microsoft ActiveSync Wcescomm exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Spybot - Search amp Destroy TeaTimer exeC PROGRA MI AA rapimgr exeC Program Files WinTV Ir exeC Program Files WinZip WZQKPICK EXEC Program Files iPod bin iPodService exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files Belkin Network USB Hub Control Center Connect exeC Program Files MagicDisc MagicDisc exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www ulead com tw uleadAP push dopus amp TYPE R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO fbb f - d - b-ffd - c ac e - e ca - c - dff-b - d f bbf - C WINDOWS system nccmat dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run Six Engine quot C Program Files ASUS EPU- Engine FourEngine exe quot -rO - HKLM Run Ai Nap quot C Program Files ASUS Ai Suite AiNap AiNap exe quot O - HKLM Run QFan Help quot C Program Files ASUS Ai Suite QFan QFanHelp exe quot O - HKLM Run Cpu Level Up help C Program Files ASUS Ai Suite CpuLevelUpHelp exeO - HKLM Run Ulead AutoDetector v C Program Files Common Files Ulead Systems AutoDetector monitor exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run Norton Ghost quot C Program Files Norton Ghost Agent VProTray exe quot O - HKLM Run Symantec PIF AlertEng quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe quot a m quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A AlertEng dll quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run Corel Photo Downloader quot C Program Files Corel Corel MediaOne Corel PhotoDownloader exe quot -startupO - HKLM Run ToolBoxFX quot C Program Files HP ToolBoxFX bin HPTLBXFX exe quot enum on alerts on notifications on systrayIcon on fl on fr on appData onO - HKLM Run EPSON Stylus Photo R Series C WINDOWS System spool DRIVERS W X E S I H EXE P quot EPSON Stylus Photo R Series quot O quot USB quot M quot Stylus Photo R quot O - HKLM Run EPSON Stylus Photo R Series Copy C WINDOWS System spool DRIVERS W X E S I H EXE P quot EPSON Stylus Photo R Series Copy quot O quot LPT quot M quot Stylus Photo R quot O - HKLM Run Corel File Shell Monitor C Program Files Corel Corel MediaOne CorelIOMonitor exeO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKLM Run BHR C Program Files Zamaan's Software Browser Hijack Retaliator BHR exeO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKCU Run Evidence Eliminator C Program Files Evidence Eliminator ee exe mO - HKCU Run Skype quot C Program Files Skype Phone Skype exe quot nosplash minimizedO - HKCU Run Messenger Yahoo quot C Program Files Yahoo Messenger YahooMessenger exe quot -quietO - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot backgroundO - HKCU Run H PC Connection Agent quot C Program Files Microsoft ActiveSync Wcescomm exe quot O - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exeO - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User 'Default user' O - Startup Belkin Network USB Hub Control Center lnk C Program Files Belkin Network USB Hub Control Center Connect exeO - Startup MagicDisc lnk C Program Files MagicDisc MagicDisc exeO - Global Startup AutoStart IR lnk C Program Files WinTV Ir exeO - Global Startup WinZip Quick Pick lnk C Program Files WinZip WZQKPICK EXEO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Web Anti-Virus statistics - F - A - D - CA -AA ACF ED E - C Program Files Kaspersky Lab Kaspersky Anti-Virus SCIEPlgn dllO - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra 'Tools' menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra button Create Mobile Favorite - EAF BB - F- D - - C FAE D F - C PROGRA MI AA INetRepl dllO - Extra button Skype - BF - - EC - -D B E B - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button no name - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dllO - Extra 'Tools' menuitem Spybot - Search amp amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dllO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Protocol grooveLocalGWS - FED C-F CA- -A - CB B CD - C Program Files Microsoft Office Office GrooveSystemServices dllO - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLLO - AppInit DLLs fflqng dll nccmat dllO - Winlogon Notify SASWinLogon - C Program Files SUPERAntiSpyware SASWINLO dllO - Winlogon Notify qoMeBuTm - qoMeBuTm dll file missing O - Service Lavasoft Ad-Aware Service aawservice - Lavasoft - C Program Files Lavasoft Ad-Aware aawservice exeO - Service Apple Mobile Device - Apple Inc - C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeO - Service Automatic LiveUpdate Scheduler - Symantec Corporation - C Program Files Symantec LiveUpdate ALUSchedulerSvc exeO - Service Kaspersky Anti-Virus AVP - Kaspersky Lab - C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeO - Service Bonjour Service - Apple Inc - C Program Files Bonjour mDNSResponder exeO - Service Google Updater Service gusvc - Google - C Program Files Google Common Google Updater GoogleUpdaterService exeO - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exeO - Service iPod Service - Apple Inc - C Program Files iPod bin iPodService exeO - Service LiveUpdate - Symantec Corporation - C PROGRA Symantec LIVEUP LUCOMS EXEO - Service LiveUpdate Notice Service Ex LiveUpdate Notice Ex - Unknown owner - C Program Files Common Files Symantec Shared ccSvcHst exe file missing O - Service LiveUpdate Notice Service - Symantec Corporation - C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeO - Service Norton Ghost - Symantec Corporation - C Program Files Norton Ghost Agent VProSvc exeO - Service NVIDIA Display Driver Service NVSvc - NVIDIA Corporation - C WINDOWS system nvsvc exeO - Service ProtexisLicensing - Unknown owner - C WINDOWS system PSIService exeO - Service SymSnapService - Symantec - C Program Files Norton Ghost Shared Drivers SymSnapService exe--End of file - bytesMalwarebytes' Anti-Malware Database version Windows Service Pack mbam-log- - - - - txtScan type Quick ScanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected

Relevancy 100%
Preferred Solution: Highly resistant Vundo/MS Juan/MS Tracker infection

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Highly resistant Vundo/MS Juan/MS Tracker infection

I ran a full rather than quick scan using MBAM below is the log...

Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3

08/11/2008 20:59:54
mbam-log-2008-11-08 (20-59-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 156629
Time elapsed: 36 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{8D06E455-D60E-403F-A815-2D6313C268D7}\RP61\A0015442.dll (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

http://www.bleepingcomputer.com/forums/t/178713/highly-resistant-vundoms-juanms-tracker-infection/
Relevancy 88.15%

Hi I had a Vundo trojan infection a few months ago that I was able to remove manually infection Vundo/Virtumonde Resistant with HJT Process Explorer and Spybot However I have another one now that is resistant to Resistant Vundo/Virtumonde infection my previous removal method I am getting the IE popups for false AV software and slowed PC performance Thanks so much for your help Attached is my HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services Resistant Vundo/Virtumonde infection exeC WINDOWS system lsass exeC Program Files Common Files Virtual Token vtserver exeC WINDOWS system ibmpmsvc exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files IBM IBM Rapid Resistant Vundo/Virtumonde infection Restore Ultra rrpcsb exeC Program Files Network Associates Common Framework FrameworkService exeC Program Files Network Associates VirusScan mcshield exeC Program Files Network Associates VirusScan vstskmgr exeC Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exeC Program Files lotus notes ntmulti exeC WINDOWS System QCONSVC EXEC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC WINDOWS System TPHDEXLG EXEC WINDOWS system TpKmpSVC exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system wscntfy exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Documents and Settings swish Local Settings Application Data Google Update GoogleUpdate exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system TpShocks exeC PROGRA ThinkPad PkgMgr HOTKEY TPHKMGR exeC PROGRA ThinkPad UTILIT EzEjMnAp ExeC WINDOWS system dla tfswctrl exeC IBMTOOLS UTILS ibmprc exeC Program Files ThinkPad ConnectUtilities QCWLICON EXEC Program Files IBM Updater jre bin javaw exeC WINDOWS system rundll exeC Program Files ThinkPad PkgMgr HOTKEY TPONSCR exeC Program Files Network Associates VirusScan SHSTAT EXEC Program Files Network Associates Common Framework UpdaterUI exeC Program Files Common Files Network Associates TalkBack tbmon exeC Program Files Adobe Acrobat Distillr Acrotray exeC Program Files ThinkPad PkgMgr HOTKEY TpScrex exeC Program Files Windows Defender MSASCui exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Digital Line Detect DLG exeC Program Files iPod bin iPodService exeC Documents and Settings swish Local Settings Application Data Google Chrome Application chrome exeC WINDOWS System svchost exeC WINDOWS system rundll exeC Program Files Internet Explorer iexplore exeC Documents and Settings swish Local Settings Application Data Google Chrome Application chrome exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http en wikipedia org wiki Main PageR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - Hosts comO - Hosts best-click-scanner infoO - Hosts antivirus-xp-pro- comO - Hosts microsoft infosecuritycent... Read more

A:Resistant Vundo/Virtumonde infection

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop. <<mirror>>Please rename the random filename into GAMERSOpen the renamed program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output resultsPost me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GAMERS result..

http://www.bleepingcomputer.com/forums/t/223556/resistant-vundovirtumonde-infection/
Relevancy 83.42%

Bleep this I need help I can't get rid of Adware vundo Variant rel MS Juan I've followed a couple of steps and it deletes some of it but not all I've tried Malwarebytes' Anti Maleware as it does find it and delete it I then do another system Variant/rel MS Adware.vundo It won't away. Infection. go Juan scan and it reappears Here's my log for MBAM and HiJack this Malwarebytes' Anti-Malware Database version Windows Service Pack AMmbam-log- - - - - txtScan type Full Scan C D Objects scanned Time elapsed hour s minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Adware.vundo Variant/rel MS Juan Infection. It won't go away. Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Delete on reboot HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C My Backup -- - - Documents and Settings Owner Local Adware.vundo Variant/rel MS Juan Infection. It won't go away. Settings Temp TDSS b tmp Trojan Agent - gt Quarantined and deleted successfully C My Backup -- - - Documents and Settings Owner Local Settings Temp a hpa a exe Trojan Agent - gt Quarantined and deleted successfully C My Backup -- - - Documents and Settings Owner Local Settings Temporary Internet Files Content IE Z SWHV G install exe Rogue Winweb - gt Quarantined and deleted successfully C System Volume Information restore F E DB-F - BE -A - F CA BFB F RP A dll Trojan TDSS - gt Quarantined and deleted successfully Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA AVG AVG avgwdsvc exeC Program Files McAfee McAfee AntiSpyware Msssrv exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Digital Media Reader shwiconem exeC WINDOWS system hkcmd exeC WINDOWS zHotkey exeC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS ALCWZRD EXEC PROGRA AVG AVG avgrsx exeC Program Files Canon MyPrinter BJMyPrt exeC Program Files ScanSoft OmniPageSE OpwareSE exeC PROGRA AVG AVG avgtray exeC WINDOWS system ctfmon exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC PROGRA AVG AVG avgemc exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www gatewaybiz com R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO b da- a-a a-c - b ba c - c ab - b ... Read more

A:Adware.vundo Variant/rel MS Juan Infection. It won't go away.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/188213/adwarevundo-variantrel-ms-juan-infection-it-wont-go-away/
Relevancy 82.99%

I seem to have the MS Juan and MS Tracker amongst other things going on with my machine since yesterday. I have since ran malwarebytes, ad aware and spybot. They all find and kill stuff but I am still getting trojan popups from Avast, as well as returning ms juan and tracker in malwarebytes.

This is the first time this has happened to me and I am unsure of what to do next to try to clean my machine up, any help would be greatly appreciated. I can post logs of my previous scans if you wish.

Thank you.

A:MS Juan, MS Tracker and more...

Here was my first scan last night
Malwarebytes' Anti-Malware 1.33
Database version: 1656
Windows 5.1.2600 Service Pack 3

1/15/2009 8:32:34 PM
mbam-log-2009-01-15 (20-32-34).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 214716
Time elapsed: 1 hour(s), 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
E:\WINDOWS\system32\geBrOedb.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\qvorpbdt.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\khfCvUnO.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3eb56daa-bd88-46ee-80c8-0bca5d5d6455} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3eb56daa-bd88-46ee-80c8-0bca5d5d6455} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3eb56daa-bd88-46ee-80c8-0bca5d5d6455} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfcvuno (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\gebroedb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\gebroedb -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\geBrOedb.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\bdeOrBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\bdeOrBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\qvorpbdt.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32 ... Read more

http://www.bleepingcomputer.com/forums/t/195711/ms-juan-ms-tracker-and-more/
Relevancy 81.7%

Hi Below the row of astericks SYSTEM) infection HJT Vundo for regenerating JUAN/MS TRACK on (MS reboot log I have attached my Hijack This log Note I ran this log after running MBAM and quarantining my two stubborn bugs So I don't know if the problem will show up in my log Once I reboot the problem will be back and maybe I should run HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot this log again then further explanation is below And here is a description of the status of my problem I was alerted to a malware infection the other night by AVG and Zone Alarm as well as by the fraudulent quot scan your computer quot pop ups and other IE pop ups even though I use Firefox and the fact that I couldn't run Windows automatic updates Using Spybot and Malwarebytes Anit-malware MBAM I was able to reduce a big infection including HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot lots of Virtumonde Vundo bugs and a few Smitfraud-C and MyWay MyWebSearch bugs and recover my access to Windows Updates But two bugs remain HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot regenerating every time I reboot They are HKEY LOCAL MACHINE SOFTWARE MICROSOFT MS JUAN Malware Trace andHKEY LOCAL MACHINE SOFTWARE MICROSOFT MS TRACK SYSTEM Trojan Vundo When I quarantine remove these with MBAM the next scan shows zero infections until I reboot Then the same two registry key infections show up just to disappear again until reboot I'm doing this all in safe mode and my wireless internet radio is disabled Also I've tried scanning with Trojan Remove AVG VundoFix and Spybot again and they all reveal nothing I also uninstalled Java and manually removed remaining files though I can see there are still files remaining in regedit that I'm afraid to mess with And I've been repeatedly running RegSeeker and cleaning stuff out of some temp folders though I'm not sure which ones matter and whether I should delete all files including desktop ini files etc I have downloaded SuperAntiSpyware but haven't used it yet and it was not able to get updates from the web for some reason actually i wasn't able to get them for MBAM either and I've heard about ComboFix but don't know if I need that I've also read about using Avenger to remove certain targeted files I don't really understand which to choose and in what sequence or how to use them I was hoping some kind soul with experience with this particular pattern would walk me through what to do at this stage Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC Program Files Adobe Adobe Version Cue CS bin VersionCueCS exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Common Files Autodesk Shared Service AdskScSrv exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Common Files Creative Labs Shared Service CreativeLicensing exeC WINDOWS system CTsvcCDA exeC Program Files Cisco Systems VPN Client cvpnd exeC WINDOWS System svchost exeC Program Files Dell QuickSet NICCONFIGSVC exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Common Files Seagate Schedule schedul exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system ZoneLabs vsmon exeC Program Files Adobe Adobe Version Cue CS data database bin mysqld-nt exeC WINDOWS Explorer EXEC WINDOWS system wuauclt exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system hkcmd exeC WINDOWS system i... Read more

A:HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot

Hello shearaWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.Please post your HJT log this way as its unreadable the way you posted itOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

http://www.bleepingcomputer.com/forums/t/189312/hjt-log-for-vundo-infection-ms-juanms-track-system-regenerating-on-reboot/
Relevancy 80.41%

Hi AllI have kaspersky IS installed with PC Tools Spyware doctor It reported quite many problems on latest scan alongwith one persistent problem of VirtuMonde trojan It has also added registry value MS Ff Ie Ms Juan, Not Working, Virtumonde Traces And And Tracker Of Ms JUAN and MS Track System under HKLM Software Microsoft I am unable to clean these registry problems whenever I manually delete them it reappears Following is the hijackthis log I shall also post combofix results once I am done with it TIAHIJACKTHISLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Alcohol Soft Alcohol StarWind Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker StarWindServiceAE exeC Program Files Hewlett-Packard Shared hpqwmiex exeC WINDOWS System alg exeC Program Files Spyware Doctor pctsTray exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC WINDOWS system Rundll exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC PROGRA MICROS rapimgr exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Hewlett-Packard Digital Imaging bin hpohmr exeC Program Files Hewlett-Packard Digital Imaging bin hpotdd exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS System svchost exeC Documents and Settings Administrator Local Settings Application Data Google Chrome Application chrome exeC WINDOWS system wuauclt exeC Documents and Settings Administrator Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Administrator My Documents Software HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL about blankR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO no name - B D -CB - A - F A-AF ADA - no file O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - EA - F- A-A A- DF EB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - B... Read more

A:Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker

HiFirst please uninstall KASPERSKY & see if the problems with IE & FF persist ?Post a new hijackthis log with KASPERSKY uninstalled ...THEN ...Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

http://www.bleepingcomputer.com/forums/t/169769/ie-and-ff-not-working-traces-of-virtumonde-and-ms-juan-ms-tracker/
Relevancy 70.52%

Greetings I have been struggling for over a week to remove a bad infection of what seems to be multiple viruses including Virtumonde Vundo H Rootkit TDSServ MS Juan and MS Track System I had Super Super Anti Spyware at one point as well I have read numerous forums and have followed instructions to run the latest versions of SpyBoy S amp D Adaware / Vundo.H / TDSServ / Vundo MS Virtumonde / MS Track Juan Rootkit Variants: System SuperAntiSpyware MalwareBytes Anti-Spyware and VundoFix While I seemed to get the infection s against the ropes it continues to persist and re-populate itself and others on my PC The PC runs slow I get Firefox pop up windows and my Internet Explorer settings have been dropped to accept all cookies Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ even when I change them back to default I was running an older version of Java which I have since uninstalled I have Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ downloaded and installed the latest version RSIT HJT Data Report follows Please help me Logfile of random's system information tool written by random random Run by Robert at - - Microsoft Windows XP Home Edition Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Windows Media Player WMPNSCFG exeC WINDOWS system spoolsv exeC Program Files Webshots WebshotsTray exeC WINDOWS system cisvc exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System MsPMSPSv exeC Program Files Raxco PerfectDisk PDSched exeC Program Files McAfee MPF MPFSrv exeC WINDOWS system cidaemon exeC Program Files Java jre bin jusched exeC Program Files Java jre bin jqs exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system NOTEPAD EXEC Program Files Internet Explorer iexplore exeC WINDOWS system rundll exeC PROGRA McAfee MSC mcmscsvc exeC PROGRA McAfee VIRUSS mcshield exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files McAfee SiteAdvisor McSACore exeC Program Files Java jre bin java exec PROGRA mcafee com agent mcagent exec program files common files mcafee mna mcnasvc exec PROGRA mcafee msc mcshell exeC PROGRA McAfee VIRUSS mcsysmon exeC Documents and Settings Robert Desktop RSIT exeC Program Files Trend Micro HijackThis Robert exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dellnet comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - CDD A-C F - DA - ED - E A C - C WINDOWS system byXNgeFX dll file missing O - BHO no name - A B - D - F-BDF - FA B D C - C WINDOWS system efcCuTnN dll file missing O - BHO de f a-ee - fa- ad - df b - b -fd - da -af - eea f ed - C WINDOWS system okriov dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavCli... Read more

A:Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/188393/vundo-variants-ms-juan-ms-track-system-vundoh-virtumonde-rootkit-tdsserv/
Relevancy 68.8%

Referred here from Am I Infected Topic here http www bleepingcomputer com forums t xp-vundo DDS would not run OBDDS did not work so i used hijackthis problem Ok so i've been infected with a vundo since september th I started noticing the effects sometime in november first it took out my IE i switched to firefox because i had resistant very vundo heard that FF was not affected by vundos it appears that it is I also tried google chrome it also appears to feel the effects of the trojan then i decided to actually fix the problem as opposed to avoiding it i have tried adaware spybot search and destroy vundofix hijack this malwarebytes antimalware virtumondebegone and autoruns they all found evidence of a trojan except for virtumondebegone nothing has taken care of this and now my computer freezes about ten minutes after logon without fail which is a huge very resistant vundo pain when i try and run full scans because they freeze before they can be completed ctrl alt delete seems to be disabled oh and also i found a rootkit among my drivers and selected the disable option when i right-clicked not sure if that did anything i also tried SDfix which did not work it very resistant vundo started i hit y and nothing last night i tried out SAS and my computer very resistant vundo worked like a charm after reboot BUT this morning when i logged on it's running like it's drunk immensely slow ctrl alt dlt useless and firefox won't even open i'm at a loss at what to do i would really appreciate your help thanks log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS SOUNDMAN EXEC Program Files Common Files Maxtor Schedule schedhlp exeC Program Files Common Files Real Update OB realsched exeC Program Files iTunes iTunesHelper exeC Program Files Malwarebytes' Anti-Malware mbamgui exeC Program Files Java jre bin jusched exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC WINDOWS system spoolsv exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Common Files Maxtor Schedule schedul exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Malwarebytes' Anti-Malware mbamservice exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS System svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files iPod bin iPodService exeC WINDOWS System imapi exeC WINDOWS system rundll exeR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - -d - -b a -b e df - C WINDOWS system mifolole dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run Acronis Scheduler Service C Program Files Common Files Maxtor Schedule schedhlp exe O - HKLM Run TkBellExe C Program Files Common Files Real Update OB realsch... Read more

A:very resistant vundo

please close topic.

i was relating my woes to a friend who as it turned out had a very similar problem. he, being rather computer savvy helped me eradicate the virus using combofix.

thank you for listening, bleeping computer. your tutorials and resources have been very useful to me. you are trustworthy and helpful and i will definitely be referring people to you.

:]

http://www.bleepingcomputer.com/forums/t/190118/very-resistant-vundo/
Relevancy 65.79%

Hello I am helping a friend clean Resistant Infection up Resistant Infection his computer The computer is running XP home When using the internet search results and pages other than the home email page are redirected to random sites I installed Malwarebytes Anti-Malware on the computer After installation Malwarebytes would not run I reinstalled into a different directory than the default Malwarebytes still would not run After renaming mbam exe Malwarebytes would run After multilple scans both quick and full Trojan DNSChanger keeps appearing in the results I have not had a scan without at least infection being reported I decided to uninstall and reinstall Malwarebytes Anti-Malware into the default directory After installation Malwarebytes would not run as mbam When I renamed mbam Malwarebytes ran I was unable to perform the update on the new installation When I tried I received an error message The newly installed version was and dated I ran a quick scan without the update and found Trojan DNSChanger on the system again After rebooting I tried to update again This time the update worked Malwarebytes is now at version dated Currently the computer is running a full scan Also I receive RUNDLL errors on startup One is for C WINDOWS ipfxscag dll The other is for C WINDOWS abacelotefcao dll I am guessing that these are from previously cleared infections but are still in the registry I can fix the registry but would like to get rid of the resistant infection first By the way I am writing this message from my clean computer The infected computer is currently disconnected from the internet I only plug the infected computer onto the network when I need to update Malwarebytes Any help you can give is appreciated Thank you Minstral

A:Resistant Infection

I have some new information. Well, actually, it is the regular pattern of what I have been seeing. The full scan of Malwarebytes finished. Trojan.Agent in the C:\WINDOWS\System32\ernel32.dll file was found. I cleaned it and rebooted. I am running another Malwarebytes full scan. If the pattern continues, Trojan.DNSChanger will be found in this scan.

Minstral

http://www.bleepingcomputer.com/forums/t/339142/resistant-infection/
Relevancy 65.79%

I have been getting fake spyware popups and off the wall ad popups I ran Malware Bytes and SuperAntiSpyware to I now but have Juan help with again...please I possible Vundo Vundo killed MS H clear Vundo H a week ago and tried to use the same scanners to clear this but I have run into a brick wall Would you review my HJT log below and help me thru this Thanks Candi Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode I killed Vundo H but now I have Vundo with possible MS Juan again...please help Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost I killed Vundo H but now I have Vundo with possible MS Juan again...please help exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS arservice exe C PROGRA AVG AVG avgwdsvc exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Nexon Mabinogi npkcmsvc exe C PROGRA AVG AVG avgrsx exe C WINDOWS system nvsvc exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C WINDOWS RTHDCPL EXE C WINDOWS ARPWRMSG EXE C WINDOWS eHome ehmsas exe C Program Files HP HP Software Update HPwuSchd exe C PROGRA AVG AVG avgtray exe C Program Files Java jre bin jusched exe C WINDOWS system rundll exe C WINDOWS system ctfmon exe C HP KBD KBD EXE c windows system hpsysdrv exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Internet Explorer iexplore exe R - HKCU Software Microsoft Internet Explorer Main Start Page http att my yahoo com O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO da fc - a-a f -b d -ab c b d d - d d b c - ba- d b- f a-a cf ad - C WINDOWS system yttxkk dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run AlwaysReady Power Message APP ARPWRMSG EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXE O - HKLM Run HPBootOp quot C Program Files Hewlett-Packard HP Boot Optimizer HPBootOp exe quot run O - HKLM Run HP Software Update C Program Files HP HP Software Update HPwuSchd exe O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run fc eaa rundll exe quot C WINDOWS system bbkotjts dll quot b O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - DEFAULT User Startup Pin lnk C hp bin CLOAKER EXE User Default user O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Internet Connection Help - E D D B- - a -B F- D D C - C WINDOWS PCHEALTH HELPCTR Vendors CN Hewlett-Packard L Cupertino S Ca C US IEButton support htm O - Extra Tools menuitem Internet Connection Help - E D D B- - a -B F- D D C - C WINDOWS PCHEALTH HELPCTR Vendors CN Hewlett-Packard L Cupertino S Ca C US IEButton support htm O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem ... Read more

A:I killed Vundo H but now I have Vundo with possible MS Juan again...please help

https://forums.techguy.org/threads/i-killed-vundo-h-but-now-i-have-vundo-with-possible-ms-juan-again-please-help.785785/
Relevancy 64.93%

Hi guys Having issues with pop up ads in ie spy shredder prompts antivirus and general slow running pc I've run adaware spybot and spynomore with no effective end to the problem And Juan Vundo Ms although the reoccuring issue is virtumonde vundo msjuan Have looked up other posts namely here and followed Thunder's advice in points and Could you please look at my hijackthis and malwarebytes logs and offer any more advice on how to remove this stuff for good please ThanksDMLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Ms Juan And Vundo Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx Ms Juan And Vundo exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS system spoolsv exeC Program Files Adobe Adobe Version Cue CS bin VersionCueCS exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC MSSQL binn sqlservr exeC WINDOWS system HPZipm exeC Program Files Symantec AntiVirus SavRoam exeC WINDOWS system svchost exeC Program Files Symantec AntiVirus Rtvscan exeC Program Files Adobe Adobe Version Cue CS data database bin mysqld-nt exeC PROGRA Symantec LIVEUP LUCOMS EXEC WINDOWS system wscntfy exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Adobe Adobe Version Cue CS ControlPanel VersionCueCS Tray exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Java jre bin jusched exeC Program Files SpyNoMore SNM exeC WINDOWS system ctfmon exeC MSSQL Binn sqlmangr exeC Program Files Common Files Sonic Shared CineTray exeC Program Files HP Digital Imaging bin hpqgalry exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http companywebR - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO no name - E D B- CA- -A A- CB - no file O - BHO no name - D F C-C - EA - - AC D BA - no file O - BHO no name - C E - - B E- FC - FC B - no file O - BHO no name - F C -F D- B -A EA-A A F C - no file O - BHO no name - FCC -D - D -B E-E E E - no file O - BHO no name - cadcf- aea- f- c -e ee fc fa - no file O - BHO no name - AC FD -C - DB-A - EE C E F - no file O - BHO no name - d - e - c - - ed e a c e - no file O - BHO no name - ede fe -dae - a -a - df e ce - no file O - BHO Browser protection - FB FFB B- - - - ECDB C B - C PROGRA SPYNOM SNMIEG DLLO - HKLM Run SetRefresh C Program Files Compaq SetRefresh SetRefresh exeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run Adobe Version Cue CS quot C Program Files Adobe Adobe Version Cue CS ControlPanel VersionCueCS Tray exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe EnterpriseO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT VPTray exeO - HKLM Run Synchronization Manager SystemRoot system mobsync exe logonO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Svchost c Windows Temp SecurityHackers exeO - HKLM Run DelayedLoad C DOCUME Dave LOCALS Temp atmadm exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SNM C Program Files SpyNoMore SNM exe startupO - HKLM Run USS quot C Program Files USS USS exe quot O - HKLM Run e b d rundll exe quot C WINDOWS system tnfoguuw dll quot bO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run WeatherWatcherLive quot C Program Files Weather Watcher Live ww exe qu... Read more

A:Ms Juan And Vundo

Hello to everyone,One of our PC's has been infected with virtumonde and I need to bring in the heavy guns. If anyone can help, it'd be much appreciated. Here goes... Symptoms are very slow running speed, low virtual memory warnings, pop up ads in IE7, occasional spyshredder sales pitches, occasional antivirus 2008 sales pitches.virtumonde and vundo picked up by spynomore, removed, then after reboot, more pop ads in IE7. My PC is connected to a work server, but because we are small business we don't have a administrator as such, I've been lumped with the job. I've got a little experience and know how, but would love any advice from experts.I've had a look at other posts and have now downloaded hijackthis and cleared IE temporary files. Here's the log:Please help!ThanksCCLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:32:48 PM, on 26/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\MSSQL7\binn\sqlservr.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\MSSQL7\Binn\sqlmangr.exeC:\Program Files\Common Files\Sonic Shared\CineTray.exeC:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companywebR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {01E5D31B-54CA-4483-A82A-3758CB975638} - (no file)O2 - BHO: (no name) - {42D78F0C-C076-4EA1-8432-66AC026D55BA} - (no file)O2 - BHO: (no name) - {43C7E917-2946-4B2E-9FC6-1FC35127B931} - (no file)O2 - BHO: (no name) - {48F13C14-F82D-4B17-A5EA-A59A2F1704C7} - (no file)O2 - BHO: (no name) - {78FCC154-D884-44D3-B95E-E4870E81585E} - (no file)O2 - BHO: (no name) - {896cadcf-2aea-404f-9c43-e5ee3fc9fa76} ... Read more

http://www.bleepingcomputer.com/forums/t/165337/ms-juan-and-vundo/
Relevancy 64.93%

Well, for the last 2 days i've been having vundo problems. I've tried using malwarebytes, atf-cleaner, superantispyware, and vundofix. I've gone from having 30 or so infections down to just 1- ms juan. Only malwarebytes can find this recurring key registry problem. It says it quarantines the problem, yet it keeps reoccurring after i reboot.
So now i don't know what to do. I downloaded dss and just ran a log and received 2 txt files which i have attached. Also I cannot say I'm great with computers so slower step by step help would be appreciated.
Thank you

A:Ms Juan And Vundo

Hello masterbraz and welcome to BC. Let's see what we can find. Please follow the steps below in order:First, it appears that there are multiple anti-virus applications running on this computer (Symantec and Avast). Running more than 1 anti-virus application at the same time can cause file access and resource issues and if there is an infection the multiple programs can actually block each other from dealing with the infected file(s). I highly recommend that you choose which application you want to keep and uninstall the other one(s) to prevent these problems. After that, continue with the rest of the steps.Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

http://www.bleepingcomputer.com/forums/t/152488/ms-juan-and-vundo/
Relevancy 64.93%

I m running very slow I m getting Vundo-Juan pop ups and recently had google hijacked In the last few days I ve had problems with SHuer Vundo Juan Clicker and many generic trojans and downloaders Spybot was attacked and I ve since removed it I m using AVG Super antispyware and Malwarebytes This is my HJT Vundo-Juan log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Vundo-Juan spoolsv exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C PROGRA Grisoft AVG avgcc exe C WINDOWS system RUNDLL EXE C WINDOWS system ctfmon exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system nvsvc exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Mozilla Firefox firefox exe C Program Files Internet Explorer IEXPLORE EXE C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C PROGRA Grisoft AVG avgvv exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - HKLM Run SystemTray SysTray Exe O - HKLM Run AlcxMonitor ALCXMNTR EXE O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exe O - HKCU Run HijackThis startup scan C Program Files Trend Micro HijackThis HijackThis exe startupscan O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User LOCAL SERVICE O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User NETWORK SERVICE O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User SYSTEM O - HKUS DEFAULT Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User Default user O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Winlogon Notify SASWinLogon - C Program Files SUPERAntiSpyware SASWINLO dll O - Service Apple Mobile Device - Apple Inc - C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe O - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVG avgamsvr exe O - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - C PROGRA Grisoft AVG avgupsvc exe O - Service AVG E-mail Scanner AVGEMS - GRISOFT s r o - C PROGRA Grisoft AVG avgemc exe O - Service Bonjour Service... Read more

Relevancy 64.93%

Hi My laptop has been infected Whenever MS Vundo / JUAN I would open Firefox it would open random tabs on links to porn and other security prevention type sites I downloaded and ran Super Anti Spyware and Malware Bytes which said I had a bunch of vundo trojans that were apparently cleaned After subsequent runs of Malware Bytes there was a MS JUAN registry key that Malware Bytes could not Vundo / MS JUAN clean After reading I read a post that suggested I download and run ComboFix That was done and I am attaching that log in case it is helpful I also ran HiJackThis and that log is also attached I then decided to manually attempt to delete the MS JUAN key I modified the key permissions and was able to delete it After a reboot the key was still gone and a final scan with Malware Bytes said it was clean I see no more symptoms Please let me know if my logs show any unsymptomatic problems or if you would like me to run other tools Thank you nbsp

https://forums.techguy.org/threads/vundo-ms-juan.787856/
Relevancy 64.93%

Hi help please Norton told me i had vundo and claimed to have removed it but i'm still getting unwanted pop-ups and slow downs when i launch a browser window ie or mozilla Malwarebytes keeps finding Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace Kaspersky is log as Please Help Juan Ms Vundo follows Files scanned Threat name Infected objects Suspicious objects Duration of the scan File name Threat name Threats count C WINDOWS system znddkj dll C WINDOWS system znddkj dll Infected Trojan Win Monderc gen C Apps Nero Ultra Edition b zip Infected not-a-virus AdTool Win MyWebSearch bm C Apps Nero Ultra Edition b zip Infected Trojan Win Monderc gen C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Suspicious Trojan-Spy HTML Fraud gen C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Infected Trojan-Spy Help Please Vundo Ms Juan HTML Paylap hl C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Infected Trojan-Spy HTML Wamufraud au C Documents and Settings Nick Local Settings Application Data Microsoft Outlook Outlook pst Suspicious Trojan-Spy HTML Fraud gen C WINDOWS system cbtyocnd dll Infected not-a-virus AdWare Win Virtumonde zdg C WINDOWS system cuhhkgrr dll Infected Trojan Win Obfuscated auw C WINDOWS system gtrsecml dll Infected Trojan Win Obfuscated auw C WINDOWS system hnmyqiwm dll Infected Trojan Win Obfuscated auw C WINDOWS system ihbirwbg dll Infected Trojan Win Monder acy C WINDOWS system mnlxromd dll Infected Trojan Win Obfuscated auw C WINDOWS system mtipssgo dll Infected Trojan Win Monder acy C WINDOWS system qvhspaes dll Infected Trojan Win Monderc gen C WINDOWS system wvUlmjgD dll vir Infected not-a-virus AdWare Win Virtumonde zic C WINDOWS system znddkj dll Infected Trojan Win Monderc gen P Documents Nick amp Laura Common mbam-setup exe Infected not-a-virus FraudTool Win SpyNoMore g X N BACKUP Drive C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Suspicious Trojan-Spy HTML Fraud gen X N BACKUP Drive C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Infected Trojan-Spy HTML Paylap hl DSS main txt Deckard's System Scanner v Run by Nick on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Installed Java Update - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Nick exe ------------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system cisvc exeC WINDOWS System GEARSec exeC WINDOWS System svchost exeC Program Files Dell OpenManage Client Iap exeC Program Files Kontiki KService exeC Program Files Common Files... Read more

A:Help Please Vundo Ms Juan

Hello Nicktpp and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/157913/help-please-vundo-ms-juan/
Relevancy 64.93%

Hi I too have contracted the dreaded Vundo MS Juan virus as well as Sinowal some kind of tracker When I run Adware Alert it detects and removes everything until I start another Internet session or restart my computer I am running on Windows XP I have tried VundoFix and it didn t find anything I also have Norton and Cyberdefender which both seem to be useless in getting rid of this virus Adware is the only one that even detects it but can t get rid of it I tried to run hijackthis not sure if this will help or is correct Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS system Vundo Juan MS spoolsv exe C Program Files Vundo MS Juan Norton AntiVirus Engine ccSvcHst exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C Program Files Spyware Doctor pctsTray exe C WINDOWS system wdfmgr exe C Program Files Norton AntiVirus Engine ccSvcHst exe C WINDOWS system wscntfy exe C WINDOWS System alg exe C WINDOWS system igfxtray exe C WINDOWS system igfxsrvc exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS RTHDCPL EXE C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Microsoft IntelliType Pro type exe C Program Files Microsoft IntelliPoint point exe C Program Files Dell Support Center bin sprtcmd exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files AdwareAlert AdwareAlert exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files CyberDefender AntiSpyware cdas f exe C Program Files Digital Line Detect DLG exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files HP Digital Imaging bin hpqgalry exe C Program Files Internet Explorer iexplore exe C WINDOWS system HPZipm exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http frontier my yahoo com R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file R - URLSearchHook no name - F CE E- EBF- d -AE - F - no file R - URLSearchHook MyIdentityDefender - A FE-B B - -A DC- CBD C B D - C Documents and Settings Schaefer s Local Settings Application Data CyberDefender cdmyidd dll F - REG system ini UserInit C WINDOWS system userinit exe O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar MyIdentityDefender - A FE-B B - -A DC- CBD C B D - C Documents and Settings Schaefer s Local Settings Application Data CyberDefender cdmyidd dll O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Persistence C WINDOWS system igfxpers exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run PDVDDXSrv quot C Program Files CyberLink PowerDVD DX PDVDDXSrv exe quot O - HKLM Run Google Desktop Search quot C Program Files Google Google Desktop Search GoogleDesktop exe quot startup O - HKLM Run ECenter C Dell E-Center EULALauncher exe O - HKLM Run dscactivate quot C Program Files Dell Support Center gs agent custom dsca exe quot O - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM... Read more

https://forums.techguy.org/threads/vundo-ms-juan.768025/
Relevancy 64.5%

Hello!Apparently I am the latest to be infected with the Vundo virus on my PC. Seems to be a popular issue lately unfortunately. Anyhow, I did as much research on my own as I could, and found a few threads on this board as a starting point. I believe myself to be an above average PC user, and thus seeing as others had idential problems to me, I tried to follow the recommendations of your experts. It does not appear I was successful in removing this malware, and was hoping someone could assist me. I followed the instructions provided by boopme in this thread: http://www.bleepingcomputer.com/forums/ind...et.exe&st=0However, it does not appear the problem has been resolved. I will hold off on posting any logs, etc. until asked to do so. Any help that you can provide is greatly appreciated! Thanks,Jim

A:MS Juan/Vundo issues on PC

Hi Jim and welcome to BC!

I reviewed the topic you referenced. Please update malwarebytes and post a fresh log for review. That will be our starting point.

http://www.bleepingcomputer.com/forums/t/190249/ms-juanvundo-issues-on-pc/
Relevancy 64.5%

Hi

I've been wrestling with riding my work laptop from Vundo and Trojan\Bdoor-CPK for 1.5 days. I've made a lot of progress however I'm evidently missing something. I have XoftSpySE which detects a registry entry "software\microsoft\juan" and I am receiving unsolicited pop-up windows.
Please, I need another set of eyes / brains to look over my HJT log and see if you have any recommendations.

I did everhting that was indicated in a similar post with the same title. i.e ran ATF cleaner and then superantispyware. Please advise. I ran this HFT afte I have completed ATF AND superantispyware.

Thanks
Anand
 

A:Juan still hanging around (Vundo)

I am also posting the log of Superantispyware.
 

https://forums.techguy.org/threads/juan-still-hanging-around-vundo.641562/
Relevancy 64.5%

I keep getting Firefox pop ups I ran Malwarebytes anti malware and it says it got rid of it but pop ups still occurring Please help DDS Version - NTFSx Run by Mark at on Mon Internet Explorer BrowserJavaVersion Microsoft MS and Trojan.Vundo Juan Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Lavasoft Ad-Aware aawservice MS Juan and Trojan.Vundo exeC WINDOWS Explorer EXEC Program Files Java jre bin jusched exeC Program Files CyberLink PowerDVD DX PDVDDXSrv exeC Program Files Google Google Desktop Search GoogleDesktop exeC WINDOWS RTHDCPL EXEC Program Files Lexmark Series lxczbmgr exeC WINDOWS system RUNDLL EXEC Program Files Common Files Ulead Systems AutoDetector monitor exeC Program Files iTunes iTunesHelper exeC Program Files Microsoft IntelliPoint ipoint exeC WINDOWS system LEXBCES EXEC Program Files McAfee com Agent mcagent exeC Program Files DellSupport DSAgnt exeC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Lexmark Series lxczbmon exeC program files steam steam exeC WINDOWS system ctfmon exeC Program Files Skype Phone Skype exeC Program Files Microsoft IntelliPoint dpupdchk exeC Program Files Citrix GoToMeeting g mstart exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files eFax Messenger J GTray exeC Program Files TechSmith SnagIt SnagIt exeC Program Files Citrix GoToMeeting g mcomm exeC Program Files OpenOffice org program soffice exeC Program Files TechSmith SnagIt TSCHelp exeC Program Files OpenOffice org program soffice BINC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Citrix GoToMeeting g mlauncher exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MSK MskSrver exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exeC WINDOWS system PSIService exeC WINDOWS system rundll exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Skype Plugin Manager skypePM exeC Program Files iPod bin iPodService exeC Program Files McAfee MPF MPFSrv exeC PROGRA McAfee VIRUSS mcsysmon exeC WINDOWS system igfxsrvc exeC WINDOWS system taskmgr exeC Program Files Mozilla Firefox firefox exeC Program Files Outlook Express msimn exeC Documents and Settings Mark Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearch Page hxxp www google com hws sb dell-usuk en side html channel usuDefault Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearch Bar hxxp www google com hws sb dell-usuk en side html channel usuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localuSearchAssistant hxxp www google com ieuSearchURL Default hxxp search yahoo com search fr mcafee amp p smSearchAssistant hxxp www google com hws sb dell-usuk en side html channel usuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dllBHO HelperObject Class c d-c - c - -fce ad c - c program files techsmith snagit SnagItBHO dllBHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c progra yahoo companion installs cpn yt dllBHO NoExplorer - No FileBHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c program files yahoo common yiesrvc dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c progr... Read more

A:MS Juan and Trojan.Vundo

Hi,sorry for the delay.Click here to download HijackThis.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the program.By default it will install to C:\Program Files\Trend Micro\HijackThisAfter the final dialogue box it will launch HijackThis.Click on the scan button. It will scan and then ask you to save the log.Save the log, and post me it in your next reply togheter with the MBAM log you've saved earlier.

http://www.bleepingcomputer.com/forums/t/190403/ms-juan-and-trojanvundo/
Relevancy 64.5%

I had a post out earlier with this and it has disappeared so here it is again Not sure where it went Anyway I got infected with the vundo trojan last Saturday it showed up when i did a scan with AdwareAlert It removes it but it immediately comes back either located in the registry under software microsoft juan or software microsoft ms juan I have run the symantec vundo removal tool Juan Vundo Trojan - and I have also run vundofix exe and and it picked up files and deleted them but the virus Vundo Trojan - Juan is still there I have also done scans with McAfee and followed their step by step instructions including turning the system restore off and suspending the exporer exe Winlogon exe and rundll dll However it shows up again when I open IE I m sure there is something out there that I don t know how to delete So please help I ve been dealing with this for days and have made some progress but just can t get rid Vundo Trojan - Juan of it Thanks This is the log from hijackthis Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C WINDOWS Nhksrv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS System CTsvcCDA EXE C WINDOWS System svchost exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe C PROGRA McAfee VIRUSS mcods exe C PROGRA McAfee MSC mcpromgr exe c PROGRA COMMON mcafee mcproxy mcproxy exe c PROGRA COMMON mcafee redirsvc redirsvc exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files McAfee MPF MPFSrv exe C PROGRA McAfee MPS mps exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C WINDOWS System wltrysvc exe C WINDOWS System MsPMSPSv exe C WINDOWS Explorer EXE C WINDOWS System bcmwltry exe c PROGRA mcafee com agent mcagent exe C WINDOWS system devldr exe C Program Files Adaptec Easy CD Creator DirectCD DirectCD exe C WINDOWS DELLMMKB EXE C Program Files Java jre bin jusched exe C WINDOWS System spool DRIVERS W X E FATIADA EXE C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C WINDOWS System spool DRIVERS W X E FATIADA EXE C Program Files iTunes iTunesHelper exe C Program Files McAfee MPS mpsevh exe C Program Files Messenger msmsgs exe C WINDOWS system RUNDLL EXE C Program Files Microsoft Location Finder LocationFinder exe C WINDOWS system ctfmon exe C Program Files Windows Media Player WMPNSCFG exe C Program Files AdwareAlert AdwareAlert exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Netropa OSD exe C Program Files Adobe Acrobat Distillr AcroTray exe C Program Files iPod bin iPodService exe C Program Files Outlook Express MSIMN EXE C PROGRA COMMON McAfee EmProxy emproxy exe C Program Files Internet Explorer iexplore exe C PROGRA WinZip winzip exe C DOCUME Tom LOCALS Temp HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dellnet com R - HKCU Software Microsoft Internet Explorer Main Search Bar http www comcast net toolbar search R - HKCU Software Microsoft Internet Explorer Main Start Page http www watkinsonline com koenig R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www comcast net toolbar searc... Read more

Relevancy 64.5%

Hello I ve been having problems with removing the MS Juan Trojan Vundo combination I ran the free version of AVG anti-virus and it was able to remove several threats on my computer system I Juan Vundo with MS Help and Trojan also ran Malawarebyte s Anti-Malware and it was able to remove most of the problematic threats also But when I keep doing a scan using Malawarebytes program I keep seeing two of the same infected files I am not sure what logs I should post but I will post my Malawarebyte s log down below Please inform me if any more logs are needed Malwarebytes Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected

A:Help with MS Juan and Trojan Vundo

I was infected with MS Juan the other day and tried everything to get rid of it, I finally downloaded Combofix and ran it, that took care of the problem for me. Good Luck!

http://www.bleepingcomputer.com/forums/t/193838/help-with-ms-juan-and-trojan-vundo/
Relevancy 64.5%

Ok so I downloaded a game and my avast hit me up that I had a trojen which I then found out to be Vundo I then downloaded malwarebytes which found and removed around infections Since then I am still getting loads of pop ups from IE and after scanning I am being told I have a malware trace on MS juan and I can t get rid of the sod So far I have tried malwarebytes spybot windows defender super antispyware and ad-aware and its getting removed but not staying away I ve read some other threads but it seems the advice is for each individual need so here I am and here are my logs Hijack this Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Juan (sorry) MS case Another vundo Program Files Windows Defender MsMpEng exe Another vundo case (sorry) MS Juan C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Alwil Software Avast aswUpdSv exe C Another vundo case (sorry) MS Juan Program Files Alwil Software Avast ashServ exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv Another vundo case (sorry) MS Juan exe C WINDOWS system LEXPPS EXE c APPS Powercinema Kernel TV CLCapSvc exe c APPS Powercinema Kernel CLML NTService CLMLServer exe C WINDOWS system PSIService exe C WINDOWS system svchost exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C Program Files Sonic DigitalMedia LE v MyDVD LE USBDeviceService exe c APPS Powercinema Kernel TV CLSched exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS RTHDCPL EXE C Program Files Java jre bin jusched exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Winamp winampa exe C Program Files Common Files Real Update OB realsched exe C Program Files Thomson SpeedTouch USB Dragdiag exe C Program Files QuickTime qttask exe C Program Files Sonic DigitalMedia LE v MyDVD LE DetectorApp exe C PROGRA ALWILS Avast ashDisp exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files MSN Messenger msnmsgr exe C Program Files Uniblue SpeedUpMyPC SpeedUpMyPC exe C Program Files NETGEAR WG v Configuration Utility RtlWake exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files MSN Messenger usnsvc exe C Program Files Malwarebytes Anti-Malware mbam exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http forums moneysavingexpert com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www google co uk search sourceid navclient amp ie UTF- amp rlz T PBEA enGB amp q avg R - HKCU Software Microsoft Internet Explorer Main Window Title Packard Bell R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO CBrowserHelperObject Object - CA C - B - E-A -A C DB ... Read more

A:Another vundo case (sorry) MS Juan

Hi, Welcome to TSG!!
Run HJT again and put a check in the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {aacf8361-4b25-78f8-2b44-bc1f608a3aff} - {ffa3a806-f1cb-44b2-8f87-52b41638fcaa} - C:\WINDOWS\system32\fnhaobej.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O20 - Winlogon Notify: kHARjiiH - kHARjiiH.dll (file missing)

Close all applications and browser windows before you click "fix checked".
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

https://forums.techguy.org/threads/another-vundo-case-sorry-ms-juan.721487/
Relevancy 64.5%

hi i seem to have a case of MS Juan Malwarebytes has failed to remove it so I ve gone ahead and run a hijackthis scan i think the dlls to remove are yrphcs dll aofxdk dll tabcdv dll hqqgcv dll but it doesn t look Vundo/MS trojan Juan like the hjt logs on other ms juan vundo infections i ve seen anyone confirm don t want to go deleting things Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files ESET Vundo/MS Juan trojan ESET NOD Antivirus ekrn exe C Vundo/MS Juan trojan Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C WINDOWS system svchost exe C Program Files WZCBDL Service WZCBDLS exe C WINDOWS system ZuneBusEnum exe C WINDOWS system rundll exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Program Files D-Link Air USB Utility AirCFG exe C Program Files ESET ESET NOD Antivirus egui exe C WINDOWS system DeltTray exe C Program Files NVIDIA Corporation NvMixer NvMixerTray exe C sj hpupdate exe C Program Files SyncroSoft Pos H O cledx exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files Adobe Acrobat Distillr Acrotray exe C WINDOWS system RUNDLL EXE C Program Files Zune ZuneLauncher exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files iPod bin iPodService exe C Program Files Trillian trillian exe C Program Files utorrent exe C Program Files Mozilla Firefox firefox exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Google Google Talk googletalk exe C Program Files Trend Micro HijackThis HijackThis exe O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO amp ZuneIt - A C - - -B B-D DDE EB B - mscoree dll file missing O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO FlashFXP Helper for Internet Explorer - E A B-D - -AD - B EE - C PROGRA FlashFXP IEFlash dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run D-Link Air USB Utility C Program Files D-Link Air USB Utility AirCFG exe O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run DeltTray DeltTray exe O - HKLM Run NvMixerTray C Program Files NVIDIA Corporation NvMixer NvMixerTray exe O - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run HP Update C C sj hpupdate exe C O - HKLM Run H O C Program Files SyncroSoft Pos H O cledx exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Distillr Acrotray exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Z... Read more

Relevancy 64.5%

Any Help Ms Vundo, Juan Virtumonde, Computer is Freaking Out ogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS System SCardSvr exeC WINDOWS Mixer exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exeC Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exeC Program Files PowerISO PWRISOVM EXEC Program Files Virtumonde, Vundo, Ms Juan Grisoft AVG Anti-Spyware avgas exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files ArcSoft Connection Service Bin ACDaemon exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files Spyware Doctor pctsTray exeC Program Virtumonde, Vundo, Ms Juan Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system ctfmon exeC Program Files Virtumonde, Vundo, Ms Juan Common Files ArcSoft Connection Service Bin ACService exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC WINDOWS system wscntfy exeC Program Files iPod bin iPodService exeC Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exeC WINDOWS System alg exeC WINDOWS System svchost exeC Program Files Mozilla Firefox firefox exeC Documents and Settings MOTZ ROCK Desktop HijackThis exeC WINDOWS System wbem wmiprvse exeC Program Files Symantec LiveUpdate AUpdate exeC PROGRA Symantec LIVEUP LUCOMS EXER - HKCU Software Microsoft Internet Explorer Main Start Page http google com igR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - DB C - - A B-BE D- D E E C C - C WINDOWS system geBtUlJd dll file missing O - BHO no name - D CB -C CD- c f-BFDC- B AFBDC C - no file O - BHO no name - BB-D F - C-B EB-D DAF D D - no file O - BHO no name - D EAA - D - FFD-B - A F E - no file O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - BHO no name - F BC E-D D- B F- -C D FE - no file O - HKLM Run C-Media Mixer Mixer exe startupO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -DelayO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run RoxioDragToDisc quot C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe quot O - HKLM Run RoxWatchTray quot C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe quot O - HKLM Run PWRISOVM EXE C Program Files PowerISO PWRISOVM EXEO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run ArcSoft Connection Service C Progra... Read more

A:Virtumonde, Vundo, Ms Juan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/259684/virtumonde-vundo-ms-juan/
Relevancy 64.5%

Hello My pc has been plagued with a bunch of different malwares viruses I am actually unable to run IE currently I just get an error window I have Symantec currently installed on there this hellish experience started when Symantec caught the following files TDSScb tmp clicker txt omnxawresc tmp wavvsnet tmp Don t know if that is relevant info but there it is I have installed and run malwarebytes and hijackthis here is my hjthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Symantec Client Security Symantec AntiVirus DefWatch exe C Program Files Dell OpenManage Client Iap exe C Juan, to Vundo, MS a winlogun, few.. name Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Symantec Client Security Symantec AntiVirus Rtvscan exe C WINDOWS System spool DRIVERS W X HPZipm exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Analog Devices Core smax pnp exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD DVDLauncher exe C PROGRA SYMANT SYMANT vptray exe C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe C Program Files Vundo, MS Juan, winlogun, to name a few.. Windows Defender MSASCui exe C Program Files eFax Messenger J GDllCmd exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Adobe Acrobat Distillr AcroTray exe C Program Files Adobe Acrobat Reader reader sl exe C Program Files eFax Messenger J GTray exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main First Home Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - Vundo, MS Juan, winlogun, to name a few.. HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Persistence C WINDOWS system igfxpers exe O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run vptray C PROGRA SYMANT SYMANT vptray exe O - HKLM Run RoxioDragToDisc quot C ... Read more

A:Vundo, MS Juan, winlogun, to name a few..

Please read here first BEFORE posting for help in this forum

IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS

Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the clean up process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by their own IT Departments in order to avoid any undesirable results. Click to expand...
 

https://forums.techguy.org/threads/vundo-ms-juan-winlogun-to-name-a-few.780989/
Relevancy 64.5%

I guess this Vundo Variant put a ton of stuff (MS Variant Juan) Vundo on my computer that I finally managed to remove and now it's the only thing left that any of my programs can pick up I've run Trend Vundo Variant (MS Juan) Micro PC-cillin SUPERantiSpyware and Malwarebyte's Anti-Malware The last two can detect it but even after Vundo Variant (MS Juan) rebooting the damn thing just keeps coming back I've tried VundoFix and FixVundo but those Vundo Variant (MS Juan) don't work either I attached my DDS logs Any help you guys can give me would be REALLY appreciated DDS Version - NTFSx Run by Removed at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV PC-cillin Internet Security - Virus Protection On-access scanning enabled Updated FW PC-cillin Internet Security - Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS system igfxpers exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Creative Mixer CTSVolFE exeC WINDOWS System DLA DLACTRLW EXEC Program Files Common Files InstallShield UpdateService issch exeC Program Files Dell MediaDirect PCMService exeC Program Files iTunes iTunesHelper exeC WINDOWS system igfxsrvc exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Java jre bin jusched exeC Program Files Trend Micro Internet Security pccguide exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Digital Line Detect DLG exeC PROGRA MI AA rapimgr exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC PROGRA TRENDM INTERN PcCtlCom exeC Program Files Dell Support Center bin sprtsvc exesvchost exeC WINDOWS system svchost exe -k imgsvcC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN TmPfw exeC PROGRA TRENDM INTERN tmproxy exeC Program Files iPod bin iPodService exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC Program Files Mozilla Firefox firefox exeC WINDOWS system rundll exeC WINDOWS system NOTEPAD EXEC Documents and Settings Removed Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uSearch Page hxxp www google comuSearch Bar hxxp www google com ieuDefault Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uDefault Search URL hxxp www google com iemDefault Page URL hxxp www dell commStart Page hxxp www dell comuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchAssistant hxxp www google com hws sb dell-usuk-rel en side html channel usBHO efadda- - a -b d - e d e - c windows system jkkKBqrS dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO f f c- d -f - e - b ae e e ea- b - e - f- d c f f - c windows system vtvydu dlluRun ctfmon exe c windows system ctfmon exeuRun DAEMON Tools quot c program files daemon tools daemon exe quot -lang uRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun DellSupportCenter quot c program files dell support center bin sprtcmd exe quot P DellSupportCenteruRun OE OEM quot c program files trend micro internet security tmas oe TMAS OEMon exe quot uRun H PC Connection Agent quot c program files microsoft activesync wcescomm exe quot uRun jsf j rgfght c docume Removedc locals temp winloggn exeuRun xsjfn jkemfofght c docume Removedc locals temp winlogin exeuRun SUPERAntiSpyware c program files superanti... Read more

A:Vundo Variant (MS Juan)

Click here to download HijackThis.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the program.By default it will install to C:\Program Files\Trend Micro\HijackThisAfter the final dialogue box it will launch HijackThis.Click on the scan button. It will scan and then ask you to save the log.Save the log, and post me it in your next reply.

http://www.bleepingcomputer.com/forums/t/189585/vundo-variant-ms-juan/
Relevancy 64.5%

Hi there A friend of mine asked me to look at there Ms Juan) Help With (includes Need Vundo Some computer and judging from the symptoms and dll's popping up it looks like vundo Here is the HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ Need Some Help With Vundo (includes Ms Juan) exeC WINDOWS system spoolsv exeC Program Files Fichiers communs Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS SOUNDMAN EXEC WINDOWS sm hlpr exeC WINDOWS system VTTimer exeC WINDOWS system VTtrayp exeC WINDOWS V Mon exeC Need Some Help With Vundo (includes Ms Juan) Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC WINDOWS system Rundll exeC WINDOWS system ctfmon exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Skype Phone Skype exeC Program Files Microsoft Office Office OSA EXEC Program Files Microsoft Office Office FINDFAST EXEC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC Program Files Skype Plugin Manager skypePM exeC WINDOWS system taskmgr exeC WINDOWS explorer exeC WINDOWS system notepad exeC Program Files Trend Micro HijackThis Monkey exeC Little Red Basket procexp exeC WINDOWS system NOTEPAD EXER - HKCU Software Microsoft Internet Explorer Main Start Page http www google fr ig hl frR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName LiensR - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLLO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Programme d'aide de l'Assistant de connexion Windows Live - D - C - ABF- ECC- C - C Program Files Fichiers communs Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar Ask Toolbar - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSBAR DLLO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run SMSERIAL sm hlpr exeO - HKLM Run VTTimer VTTimer exeO - HKLM Run VTTrayp VTtrayp exeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run V Mon exe C WINDOWS V Mon exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run CyberDefender Early Detection Center quot C Program Files CyberDefender AntiSpyware ISSIntro exe quot O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe autoO - HKLM Run BM fd ec b Rundll exe quot C WINDOWS system idonqlls dll quot sO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe... Read more

A:Need Some Help With Vundo (includes Ms Juan)

Hello, Fd13. Welcome to BC.Before we get into the fixes, please disable Spybot's TeaTimer, as it may interfere with the process.Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.On the left hand side, click on Tools, then click on the Resident Icon in the list.Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.Click on the "System Startup" icon in the ListUncheck the "TeaTimer" box and "OK" any prompts.If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.Exit Spybot S&D when done.(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Please download Malwarebytes' Anti-Malware and save it to your Desktop. Alternate download location Alternate download locationDouble-click mbam-setup.exe to install the application.Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please post that log in your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.In your next reply, please include the following:Log from MBAM Log from Combofix

http://www.bleepingcomputer.com/forums/t/172159/need-some-help-with-vundo-includes-ms-juan/
Relevancy 63.64%

Hi resistant MAX++ for steps Infection, removing to consrv I have Windows Professional -bit system that is infected with consrv dll The consrv Infection, resistant to steps for removing MAX++ only indication of an active infection is that when performing a Google or Yahoo search and then clicking a search result I get redirected to a random page instead of the actual link If I copy and paste the Google result to a new browser tab I can get to the site without a problem After a lot of research I found that consrv dll was in my Windows System directory I ve tried changing the registry entries that point to this file so that I can then reboot and delete it however as soon as I change the registry to what it should be winsrv it automatically reverts back to consrv I tried booting the system using the Windows CD and running regedit in the recovery console however the registry entries appear correct while in the recovery console But when I boot back in to Windows normally they are again pointing to consrv and can t be edited I also tried renaming consrv dll while in the recovery console I am succesful at renaming the file however when I reboot Windows will get to the quot Starting Windows quot screen and then suddenly reboot no blue screen THis continues until I go back in to the recovery console and rename the malware file back to consrv dll I have tried a number of malware removal tools including AVG and MalwareBytes They all report that the computer is not infected I have run DDS scr and attached the attach txt file Pasted below is the contents of the DDS txt file DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by ccortez at on - - Microsoft Windows Professional GMT - SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system atieclxx exe C Windows System spoolsv exe C Windows System svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C Program Files x Intel AMT LMS exe C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exe c Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files Wave Systems Corp Trusted Drive Manager TdmService exe C Program Files x Common Files Intel Privacy Icon UNS UNS exe c Program Files Dell Dell ControlPoint System Manager DCPSysMgrSvc exe C Windows system wbem wmiprvse exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system WUDFHost exe C Program Files x Malwarebytes Anti-Malware mbamservice exe C Windows system sppsvc exe C Windows system SearchIndexer exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system taskhost exe C Windows servicing TrustedInstaller exe C Windows system Dwm exe C Windows system taskhost exe C Windows Explorer EXE C Program Files Java jre bin jusched exe C Program Files x Common Files Intel Privacy Icon PrivacyIconClient exe C Program Files Dell Dell ControlPoint Dell ControlPoint exe C Program Files Dell Dell ControlPoint Security Manager BcmDeviceAndTaskStatusService exe C Program Files x Citrix GoToMeeting g mstart exe C Program Files Dell Dell ControlPoint System Manager DCPSysMgr exe C Program Files x Analog Devices Core smax pnp exe C Program Files x Adobe Acrobat Acrobat acrobat sl exe C Program Files x Adobe Acrobat Ac... Read more

A:consrv Infection, resistant to steps for removing MAX++

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/420564/consrv-infection-resistant-to-steps-for-removing-max/
Relevancy 63.64%

I can't seem to delete the trojan vundo ms Trojan.Vundo Infected JUAN) with (MS juan from my computer I've tried running ad-ware super anti-spyware and malwarebytes anti-malware Everytime after I am finished running these programs a detection occurs and I am asked to remove the trojan However every time I check my registry keys again both quot MS Juan quot and quot MS Track System quot reappear I've continuously run these programs to try and remove the trojan yet it won't delete from my registry keys It seems that the only time pop-ups appear is when doing a google search DDS Version - NTFSx Run by ngo at on Sat Internet Explorer Microsoft Windows XP Infected with Trojan.Vundo (MS JUAN) Professional GMT - AV Norton AntiVirus On-access scanning enabled Updated FW Norton Internet Worm Protection enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel Wireless Bin EvtEng exe C Program Infected with Trojan.Vundo (MS JUAN) Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin ZcfgSvc exe svchost exe C WINDOWS Explorer EXE svchost exe C Program Files Common Files Infected with Trojan.Vundo (MS JUAN) Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system drivers CDAC BA EXE C WINDOWS CDProxyServ exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Toshiba TOSHIBA RAID Service kraidsvc exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system svchost exe -k imgsvc c TOSHIBA IVP swupdate swupdtmr exe C Program Files Viewpoint Common ViewpointService exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C WINDOWS system THotkey exe C WINDOWS eHome ehmsas exe C WINDOWS system TFNF exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C WINDOWS system rundll exe C Program Files TOSHIBA TOSHIBA Picture Enhancement Utility TosPEHK exe C Program Files Analog Devices SoundMAX SMax PNP exe C Program Files Toshiba Tvs TvsTray exe C Program Files Apoint K Apoint exe C Program Files TOSHIBA TouchED TouchED Exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files TOSHIBA Wireless Hotkey TosHKCW exe C WINDOWS system TPSMain exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TPSBattM exe C Program Files Apoint K Apntex exe C Program Files Toshiba TOSHIBA RAID Console Kraidman exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS system dla tfswctrl exe C Program Files TOSHIBA ConfigFree CFSServ exe C Program Files DIGStream digstream exe C Program Files Common Files Real Update OB realsched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C WINDOWS system RAMASST exe C Program Files iPod bin iPodService exe C Program Files Toshiba Bluetooth Toshiba Stack TosA dp exe C Program Files Toshiba Bluetooth To... Read more

A:Infected with Trojan.Vundo (MS JUAN)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThis may seem repetitive, but we need to see the current status of your system, please.Please Hold on it may take us a day or so to get back with you.

http://www.bleepingcomputer.com/forums/t/189606/infected-with-trojanvundo-ms-juan/
Relevancy 63.64%

Hello I have been infected with a New Juan Vundo variant I have been variant Juan New / Infected: Vundo infected once in the past and Infected: New Juan / Vundo variant I managed to manually delete the various DLLs that seemed to be causing the problem However I have installed many more programs since then and I don't want to accidently delete some DLL that is needed for something So how did I get infected Well the most recent episodes were released Battlestar Galactica I simply couldn't wait the one week to watch them streaming and so I Infected: New Juan / Vundo variant managed to get hold of a bad torrent The torrent asked to install something which I obviously didn't do but after a couple days I noticed the tell tale pops Superantispyware tells me I have the Vundo New Juan variants and I can see the bad DLLs in the hijack this Also I am currently running a Vundo fix right now and awaiting the results At any rate I would greatly appreciate any help that you can provide Below I have provided First the DDS and second a recent hijack this DDS Ver - - - NTFSx Run by James G Reynolds at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - FW Norton AntiVirus enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC WINDOWS system nvsvc exeC WINDOWS Explorer EXEC Program Files NVIDIA Corporation NvMixer NVMixerTray exeC Program Files Microsoft IntelliType Pro itype exeC Program Files Microsoft IntelliPoint ipoint exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC WINDOWS system rundll exeC Documents and Settings James G Reynolds Local Settings Application Data Google Update GoogleUpdate exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Steam Steam exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files BOINC boincmgr exeC Program Files BOINC boinc exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Mozilla Firefox firefox exeC Program Files Internet Explorer IEXPLORE EXEC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp www cnn com uInternet Settings ProxyOverride localBHO e d - f f- f -adc - dd - c windows system sonukupa dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO Google Dictionary Compression sdch c d fe-e d- -bb - c e e c e - c program files google google toolbar component fastsearch B E dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO febcb f - ce - b a- -aa a ab fd df ba -a aa- -a b - ec f bcbef - c windows system sksrpi dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eab... Read more

A:Infected: New Juan / Vundo variant

Vundofix returned no results.

http://www.bleepingcomputer.com/forums/t/213427/infected-new-juan-vundo-variant/
Relevancy 63.64%

I've been wrestling with riding my work laptop from Vundo and Trojan\Bdoor-CPK for 1.5 days. I've made a lot of progress however I'm evidently missing something. I have XoftSpySE which detects a registry entry "software\microsoft\juan" and I am receiving unsolicited pop-up windows.
Please, I need another set of eyes / brains to look over my HJT log and see if you have any recommendations.

Thank You !
 

Relevancy 63.64%

I've been trying for 2 days but this trojan keeps reappearing after deletion.
 

https://forums.techguy.org/threads/vundo-ms-juan-trojan-problem.727915/
Relevancy 62.78%

I started getting pop-ups and noticed my malware MS needed! Vundo Infected Juan/ with Help computer had slowdowned so I ran avast and found a bunch of trojans of the Vundo type Infected with MS Juan/ Vundo malware Help needed! Avast didn't take care of the problem so I've tried uninstalling and updating Java spybot windows defender adaware and malwarebytes Doing all of this I seem to have cleared up most of the Infected with MS Juan/ Vundo malware Help needed! bad stuff I am still getting problem found when I run malwarebytes a registry entry called MS JUAN I am also still getting the popup window when I am surfing the web When I remove this entry it comes back instantly Help is very appreciated DDS Ver - - - NTFSx Run by Andrew at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV avast antivirus VPS - On-access scanning enabled Updated Running Processes F WINDOWS system svchost -k DcomLaunch svchost exe F Program Files Windows Defender MsMpEng exe F WINDOWS System svchost exe -k netsvcs F WINDOWS system svchost exe -k WudfServiceGroup svchost exe F WINDOWS system spoolsv exe F Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe F WINDOWS System svchost exe -k HTTPFilter svchost exe F WINDOWS System svchost exe -k imgsvc F Program Files Viewpoint Common ViewpointService exe F WINDOWS Explorer EXE F Program Files Windows Defender MSASCui exe F Program Files AIM aim exe F Program Files AIM aolsoftware exe F Program Files Mozilla Firefox firefox exe F Program Files Viewpoint Viewpoint Manager ViewMgr exe F Program Files Microsoft Office Office WINWORD EXE F Program Files Java jre bin jqs exe F WINDOWS system rundll exe F Documents and Settings Andrew Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - f program files common files adobe acrobat activex AcroIEHelper dll BHO CB A EF-C - F - BA- A - No File BHO Spybot-S amp D IE Protection - f - d - - d f - f program files spybot - search amp destroy SDHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - f program files java jre bin ssv dll BHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - f program files adobe acrobat acrobat AcroIEFavClient dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - f program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - f program files java jre lib deploy jqs ie jqs plugin dll TB Adobe PDF -d c - - fa - e eaac - f program files adobe acrobat acrobat AcroIEFavClient dll TB DB BFA -A E - E- E A-C D CBF - No File EB Adobe PDF ec be- - c -a -beb d a b - f program files adobe acrobat acrobat AcroIEFavClient dll EB - a - b-a - c a a - No File uRun Aim quot f program files aim aim exe quot d locale en-US ee aol imApp mRun AppleSyncNotifier f program files common files apple mobile device support bin AppleSyncNotifier exe mRun Windows Defender quot f program files windows defender MSASCui exe quot -hide mRun SunJavaUpdateSched quot f program files java jre bin jusched exe quot IE Append to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert link target to Adobe PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert link target to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert selected links to Adobe PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIECaptureSelLinks html IE Convert selected links to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppendSelLinks html IE Convert selection to Adobe PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert selection to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert... Read more

A:Infected with MS Juan/ Vundo malware Help needed!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the ch... Read more

http://www.bleepingcomputer.com/forums/t/196631/infected-with-ms-juan-vundo-malware-help-needed/
Relevancy 62.78%

I'll try to be as detailed as possible. The kids computer was infected with massive amounts of spyware (we run McAfee, but somehow they clicked something that bypassed it). I tried to download Spybot S&D (blocked access to internet), Was able to download Ad-Aware (but it later shut down access), and then downloaded Malawarebytes and SuperAntiSpyware to a flash drive and installed them on the computer (access to download updates blocked). Additionally, I ran Vundofix (came up with no infection - HAH) and Symantec FXvMonde.

Both MWB and SAS find and "eliminate" the problems, but they come back immediately. As of now, Internet explorer, McAfee and any updates are not able to access the internet. However, when I took Firefox back over (by cancelling the proxy server requirement the spyware had added), I was able to access. Firefox is now the default browser, but popups are happening there as well.

A:Can't shake the Vundo Variant / MS Juan Blues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThis may seem repetitive, but we need to see the current status of your system.Please Hold on it may take us a day or so to get back with you.R,K

http://www.bleepingcomputer.com/forums/t/190334/cant-shake-the-vundo-variant-ms-juan-blues/
Relevancy 62.78%

Hi I ve had problems cleaning both the vundo juan virus and there has also been an annoying adware which is from http topinfo c la which keeps appearing on IE Virus and http://topinfo.c.la/ Juan Vundo I have tried various tools including Spybot Superantispyware XoftSpySE Every time it detects and removes it when I restart my machine the virus keeps coming back The Vundo Vundo Juan Virus and http://topinfo.c.la/ Juan virus keeps on appearing on my registry key Here is also a copy of my latest log file below These two bugs are driving me mad and would be grateful for some help to remove them permanently A million thanks lt Meta info quot XoftSpySE-SP Tech-Support Log quot time quot - - - - - quot gt lt SysInfo Operating-System quot Win XP quot Service-Pack quot Service Pack quot XoftSpy-Version quot quot DB-Version quot quot DB-Date quot quot Working-Dir quot C Program Files XoftSpySE quot License-Key quot D -EE - C -EC A quot Vendor-ID quot quot Product-ID Vundo Juan Virus and http://topinfo.c.la/ quot quot Auto-DB-Update quot on quot Auto-Program-Update quot on quot Auto-Removal quot on quot Exit-When-Finished quot on quot gt lt ScanSettings scanActive quot true quot scanRegistry quot true quot scanSysFolders quot true quot Vundo Juan Virus and http://topinfo.c.la/ scanDrives quot true quot scanHosts quot true quot scanAdvScan quot true quot gt - lt Processes gt lt Process name quot C WINDOWS system services exe quot md quot c ce eec f d bb bb ed quot gt lt Process name quot C WINDOWS system lsass exe quot md quot f b f d c ebf d d quot gt lt Process name quot C WINDOWS system svchost exe quot md quot f ae ed aaabc a de quot gt lt Process name quot C WINDOWS system svchost exe quot md quot f ae ed aaabc a de quot gt lt Process name quot C WINDOWS System svchost exe quot md quot f ae ed aaabc a de quot gt lt Process name quot C Program Files Intel Wireless Bin EvtEng exe quot md quot c b c a ee f d a d quot gt lt Process name quot C Program Files Intel Wireless Bin S EvMon exe quot md quot c c a ce f a e c quot gt lt Process name quot C Program Files Intel Wireless Bin WLKeeper exe quot md quot ed e d d e d ccc quot gt lt Process name quot C WINDOWS system svchost exe quot md quot f ae ed aaabc a de quot gt lt Process name quot C WINDOWS system svchost exe quot md quot f ae ed aaabc a de quot gt lt Process name quot C WINDOWS system spoolsv exe quot md quot da ec acd cdc d c cf d af f quot gt lt Process name quot C WINDOWS System SCardSvr exe quot md quot d de df e dbc d d b aa e quot gt lt Process name quot C Program Files Wave Systems Corp Common DataServer exe quot md quot c d d d bfce ac quot gt lt Process name quot C Program Files McAfee Common Framework FrameworkService exe quot md quot bc a b d cc cd e b f quot gt lt Process name quot C Program Files McAfee VirusScan Enterprise Mcshield exe quot md quot bef e ac be a c fc quot gt lt Process name quot C Program Files McAfee Common Framework naPrdMgr exe quot md quot efb e ea c f e cc bf quot gt lt Process name quot C Program Files Dell QuickSet NICCONFIGSVC exe quot md quot a fa e b df aafda ce quot gt lt Process name quot C Program Files Intel Wireless Bin RegSrvc exe quot md quot d acefe a de d e bfff quot gt lt Process name quot C WINDOWS system svchost exe quot md quot f ae ed aaabc a de quot gt lt Process name quot C WINDOWS system wdfmgr exe quot md quot c b dee d ef f b dd a quot gt lt Process name quot C Program Files Raxco PerfectDisk PDSched exe quot md quot bfbaadf e c b b a af e quot gt lt Process name quot C WINDOWS system wbem wmiprvse exe quot md quot ea c ab fe a d dd c cf quot gt lt Process name quot C WINDOWS Explorer EXE quot md quot a ae b e quot gt lt Process name quot C WINDOWS System alg exe quot md quot f fbf d c cf a a b quot gt lt Process name quot C Program Files Apoint Apoint exe quot md quot bdf b a ae b c d e quot gt lt Process name quot C WINDOWS system hkcmd exe quot md quot d cf b fd abb d d d c quot gt lt Process name quot C WINDOWS syste... Read more

https://forums.techguy.org/threads/vundo-juan-virus-and-http-topinfo-c-la.591170/
Relevancy 62.78%

I had quot pest tracker quot appear on my computer and has been acting strange ever since I have deleted the program and am still not right I am running Windows XP and screen saver and desktops are not acting like they are set I have noticed that all of my 'KB ' files in windows were created about weeks ago in the middle of the night and there Infection Pest Tracker are matching hidden ' KB uninstall' folders created at the same time Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Sygate SPF smc exeC WINDOWS system spoolsv exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system HPZipm exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS SYSTEM USRmlnkA exeC Program Files Common Files Real Update OB realsched Pest Tracker Infection exeC PROGRA Grisoft AVG avgcc exeC WINDOWS Pest Tracker Infection SYSTEM USRshutA exeC WINDOWS SYSTEM USRmlnkA exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files Java jre bin jusched exeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Pest Tracker Infection Spybot - Search amp Destroy TeaTimer exeC Program Files Common Files Microsoft Shared Works Shared wkcalrem exeC Program Files BackWeb BackWeb Program backweb exeC Program Files Greetings Workshop Gwremind exeC Program Files HP Digital Imaging bin hpqtra exeC WINDOWS system ntvdm exeC Program Files TrueSwitchAT amp TYahoo TrueWizard exeC PROGRAM FILES BACKWEB BACKWEB PROGRAM FREXT EXEC Program Files HP Digital Imaging bin hpqgalry exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC Program Files Common Files Real Update OB rnathchk exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www att net R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize rch search htmlR - HKLM Software Microsoft Internet Explorer Main Local Page c windows SYSTEM blank htmO - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C PROGRAM FILES YAHOO COMPANION INSTALLS CPN YCOMP DLLO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C PROGRAM FILES ADOBE ACROBAT READER ACTIVEX ACROIEHELPER DLLO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Yahoo Companion - EF BD -C FB- D - F- D F - C PROGRAM FILES YAHOO COMPANION INSTALLS CPN YCOMP DLLO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS system msdxm ocxO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run USRpdA C WINDOWS SYSTEM USRmlnkA exe RunServices Device cpipe-USRpdAO - HKLM Run SystemTray SysTray ExeO - HKLM Run McAfeeWebScanX C PROGRAM FILES NETWORK ASSOCIATES MCAFEE VIRUSSCAN WebScanX ExeO - HKLM Run TkBellExe C Program Files Common Files Real Update OB realsched exe -osbootO - HKLM Run PRISMSVR EXE quot C WINDOWS system PRISMSVR EXE quot APPLYO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run SmcService C PROGRA Sygate SPF smc exe -startguiO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - H... Read more

A:Pest Tracker Infection

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://64.124.210.159//alla/server.exeO16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cabO16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cabO16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exeO21 - SSODL: systemp - {FB2CD720-F640-11D9-A2DD-444553540000} - systemp.dll (file missing)Reboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\ARCHIVE.MHTc:\eied_s7.cabc:\ex.cabc:\ex.cabC:\Windows\System32\systemp.dll Reboot your computer to go back to normal mode.Then do the following:Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt. Post the contents of this log in your next reply along with a new hijackthislog.Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

http://www.bleepingcomputer.com/forums/t/112308/pest-tracker-infection/
Relevancy 62.35%

I got the gadcom virus on my laptop, but after trying to remove it with Malwarebytes Anti-Malware and SUPERAntiSpyware in safe mode, with the system restore off, i still get problems. It removed most of the problems i think, but when I ran a scan with Malwarebytes again, the log file shows register keys infected

HKEY_LOCAL_MACHINE\SOFTWARE\MS Juan (Malware.Trace)
HKEY_LOCAL_MACHINE\SOFTWARE\MS Track System (Trojan.Vundo)

Malwarebytes log file says they are quarantined and deleted, but the problem persists even after reboot. what can i do?? please help. i also used norton antivirus, but it doesn't seem helpful.

A:gadcom persists: MS Juan and MS Track System (vundo)

Please download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".In the top menu, click file and choose save report list.Save the DrWeb.csv report to your desktop.Exit Dr.Web Cureit when done.Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

http://www.bleepingcomputer.com/forums/t/188224/gadcom-persists-ms-juan-and-ms-track-system-vundo/
Relevancy 62.35%

Hi I am running Windows XP Home Edition SP on a Sony Vaio Laptop I have run several Anti Spyware programs and still cannot get MS Juan or MS Track System off of my machine I have tried SpyBot Malware Bytes Adaware SuperAntiSpyware and VundoFix MS Juan and MS Track System are found and removed but none of the Removal Juan System MS and MS (Trojan.Vundo) Track Anti-spyware could keep the files from coming back each time I restart and scan Below is my Hijack This log please help Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe MS Juan and MS Track System (Trojan.Vundo) Removal C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe D Program Files lavasoft aawservice exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS ATK Hcontrol exe C Program Files Apoint Apoint exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Sony HotKey Utility HKserv exe C Program Files Sony ISB Utility ISBMgr exe C WINDOWS System ezSP Px exe C WINDOWS system spoolsv exe C Program Files sony vaio media integrated server Platform VMConsole exe C WINDOWS system spool drivers w x hpztsb exe C WINDOWS system hphmon exe C Program Files Java jre bin jusched exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Electronic Arts EADM Core exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Apoint Apntex exe C WINDOWS system gearsec exe D Program Files QuDataCalculator CalcAgent exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS ATK ATKOSD exe C Program Files Sony HotKey Utility HKWnd exe C Program Files Microsoft AntiSpyware gcasDtServ exe C WINDOWS System svchost exe C Program Files Common Files Sony Shared VAIO Entertainment VzCdb VzFw exe C Program Files Sony vaio media integrated server VMISrv exe C Program Files Sony vaio media integrated server Platform SV Httpd exe C Program Files Sony vaio media integrated server Platform UPnPFramework exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe C Program Files Malwarebytes Anti-Malware mbam exe C WINDOWS system NOTEPAD EXE C Program Files Mozilla Firefox firefox exe C WINDOWS system rundll exe C WINDOWS system rundll exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www sony com vaiopeople N - Netscape user pref quot browser search defaultengine quot quot engine C A CProgram Files CNetscape CNetscape Csearchplugins CSBWeb src quot C Documents and Settings eric hreha Application Data Mozilla Profiles default hc opynk slt prefs js O - BHO no name - E F-C D - D -B D- B D BE B - no file O - BHO no name - F B - E- CA - DF- FD - no file O - BHO no name - ECA A -A EA- F E- F B- FE ADC CE - no file O - BHO no name - -EEC - FF - -C A AD - no file O - BHO no name - - F - D - - D F - no file O - BHO no name - F A-FD - - AFC- F F B C - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - DE - - - BA- F B FA - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar no name - BA B -B - c -B - F F - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run Hcontrol C WINDOWS ATK Hcontrol exe O - HKLM Run Apoin... Read more

Relevancy 62.35%

Hi I appreciate you taking your time to help I recently downloaded a Yahoo Messenger Later on I decided that I didn t Please Trojan.Vundo Juan MS Problems. Malware.Trace, Help. need it so I uninstalled the program After that I opened Firefox and noticed Problems. Trojan.Vundo MS Juan Malware.Trace, Please Help. strange pop ups continuously coming up Strange blank pages with long URLs ending in Superjuan I realized it must have been a virus of some kind After some advice I Downloaded Malwarebytes Preformed the required Updates Preformed a Full Scan Removed the infected files After that I recived a message that said something along the lines of Not all of the files could be removed and they will be removed upon restart and received this log after restart Malwarebytes Anti-Malware Database version Windows Service Pack AMmbam-log- - - - - txtScan type Full Scan C D Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Problems. Trojan.Vundo MS Juan Malware.Trace, Please Help. Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected C WINDOWS system qtsloiwg dll Trojan Vundo H - gt Delete on reboot C WINDOWS system vtUlMdEX dll Trojan Vundo H - gt Delete on reboot C WINDOWS system mumurp dll Trojan Vundo H - gt Delete on reboot C WINDOWS system ddcCssRL dll Trojan Vundo H - gt Delete on reboot Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects d cb -c cd- c f-bfdc- b afbdc c Trojan Vundo H - gt Delete on reboot HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon Notify ddccssrl Trojan Vundo H - gt Delete on reboot HKEY CLASSES ROOT CLSID d cb -c cd- c f-bfdc- b afbdc c Trojan Vundo H - gt Delete on reboot HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects de ef - - -a - d adb a Trojan Vundo H - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID de ef - - -a - d adb a Trojan Vundo H - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects e -a ca- - b d- aeb bc da Trojan Vundo H - gt Delete on reboot HKEY CLASSES ROOT CLSID e -a ca- - b d- aeb bc da Trojan Vundo H - gt Delete on reboot HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats de ef - - -a - d adb a Trojan Vundo H - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats d cb -c cd- c f-bfdc- b afbdc c Trojan Vundo H - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats e -a ca- - b d- aeb bc da Trojan Vundo H - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft contim Trojan Vundo - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft instkey Trojan Vundo - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft rdfa Trojan Vundo - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft FCOVM Trojan Vundo - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft RemoveRP Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run a be ba Trojan Vundo H - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer ShellExecuteHooks d cb -c cd- c f-bfdc- b afbdc c Trojan Vundo H - gt Delete on reboot Registry Data Items Infected HKEY LOCAL MACHINE SYSTEM CurrentControlSet Control LSA Notification Packages Tr... Read more

A:Problems. Trojan.Vundo MS Juan Malware.Trace, Please Help.

As the log posted in the above post is an MBAM log, I am moving this topic from the HiJack This forum to the Am I Infected forum. ~ OB

http://www.bleepingcomputer.com/forums/t/202772/problems-trojanvundo-ms-juan-malwaretrace-please-help/
Relevancy 62.35%

Hi I was alerted to a malware infection the other night by AVG and Zone Alarm as well as by the fraudulent scan your computer pop ups and other IE pop ups even though I use Firefox and the fact that I couldn t run Windows automatic updates Regenerating ? and MS TRACK at Vundo SYSTEM) JUAN Reboot (MS please! Help Using Spybot and Malwarebytes Anit-malware MBAM I was able to reduce a big infection including lots of Virtumonde Vundo bugs and a few Smitfraud-C and MyWay MyWebSearch bugs and recover my access to Windows Updates But two bugs remain regenerating every time I reboot They are HKEY LOCAL MACHINE SOFTWARE MICROSOFT Vundo (MS JUAN and MS TRACK SYSTEM) Regenerating at Reboot ? Help please! MS JUAN Malware Trace and HKEY LOCAL MACHINE SOFTWARE MICROSOFT MS TRACK SYSTEM Trojan Vundo When I quarantine remove these with MBAM the next scan shows zero infections until I reboot Then the same two registry key infections show up just to disappear again until reboot I m doing this all in safe mode and my wireless internet radio is disabled Also I ve tried scanning with Trojan Remove AVG VundoFix and Spybot again and they all reveal nothing I also uninstalled Java and manually removed remaining files though I can see there are still files remaining in regedit that I m afraid to mess with And I ve been repeatedly running RegSeeker and cleaning stuff out of some temp folders though I m not sure which ones matter and whether I should delete all files including desktop ini files etc I keep reading about HijackThis Super Antispyware and ComboFix and haven t tried these yet I ve also read about using Avenger to remove certain targeted files I don t really understand which to choose and in what sequence or how to use them I was hoping some kind soul with experience with this particular pattern I m seeing that it s ubiquitous for folks right now would walk me through what to do at this stage Thanks in advance

A:Vundo (MS JUAN and MS TRACK SYSTEM) Regenerating at Reboot Help please!

If you're using Spybot's Teatimer, disable it for now-------------------------------------------ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Now SAS,may need an hourPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with SUPERAntiSpyware as follows:Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.

http://www.bleepingcomputer.com/forums/t/189286/vundo-ms-juan-and-ms-track-system-regenerating-at-reboot-help-please/
Relevancy 62.35%

Hi my computer has been infected with the Vundo virus SUPERAntiSpyware says the infected files are all in the registry When I try to remove them with anti-spyware programs they keep coming back I even tried Malwarebytes but they keep coming back even after I reboot Here is my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode registry from Adware.Vundo remove Variant/Rel MS Can't Juan and with network supportRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Mozilla Firefox firefox exeC WINDOWS system igfxsrvc exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www gaiaonline comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Can't remove MS Juan from registry and Adware.Vundo Variant/Rel Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Can't remove MS Juan from registry and Adware.Vundo Variant/Rel Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - C Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dll file missing O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - Toolbar Viewpoint Toolbar - F AD AA -D - - DAF- D B - C Program Files Common Files Viewpoint Toolbar Runtime IEViewBar dllO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exeO - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run DMXLauncher C Program Files Dell Media Experience DMXLauncher exeO - HKLM Run REGSHAVE C Program Files REGSHAVE REGSHAVE EXE AUTORUNO - HKLM Run DXM Patch C WINDOWS p exe Q AO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run QUICKCARE C Program Files Qwest QuickCare bin sprtcmd exe P QUICKCAREO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run LogitechQuickCamRibbon quot C Program Files Logitech QuickCam Quickcam exe quot hideO - HKLM Run LogitechCommunicationsManager quot C Program Files Common Files LogiShrd LComMgr Communications Helper exe quot O - HKLM Run LogonStudio quo... Read more

A:Can't remove MS Juan from registry and Adware.Vundo Variant/Rel

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,Canarie. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:I notice you have run HJT in Safe mode with network support. I hope you can run RSIT in normal mode. Otherwise, run it in either mode.Step1Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please post back:1.RSIT log.txt and info.txt. Thanks

http://www.bleepingcomputer.com/forums/t/198151/cant-remove-ms-juan-from-registry-and-adwarevundo-variantrel/
Relevancy 62.35%

Have tried everything to get rid of this Computer is behaving extremely slow Watching movies is not possible Freezes to frame by frame play after - minutes Any CPU vundo/MS usage/slow running..possible help High JUAN..Please help would be appreciated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP High CPU usage/slow running..possible vundo/MS JUAN..Please help WinNT MSIE Internet Explorer v SP High CPU usage/slow running..possible vundo/MS JUAN..Please help Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C CFusionMX runtime bin jrunsvc exe C CFusionMX db slserver bin swagent exe C CFusionMX runtime bin jrun exe C CFusionMX db High CPU usage/slow running..possible vundo/MS JUAN..Please help slserver bin swstrtr exe C Program Files Intel Wireless Bin ZcfgSvc exe C CFusionMX db slserver bin swsoc exe C CFusionMX verity k nti bin k admin exe C WINDOWS Explorer EXE C PROGRA Intel Wireless Bin XConfig exe C WINDOWS System svchost exe C Program Files Java jre bin jqs exe C mysql bin mysqld-nt exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C CFusionMX verity k nti bin k server exe C CFusionMX verity k nti bin k index exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Microsoft IntelliPoint point exe C Program Files Java jre bin jusched exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Microsoft ActiveSync wcescomm exe C PROGRA MI AA rapimgr exe C Program Files Digital Line Detect DLG exe C Program Files Logitech SetPoint SetPoint exe C WINDOWS BricoPacks Vista Inspirat YzToolbar YzToolBar exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C WINDOWS system wuauclt exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system RUNDLL EXE C Documents and Settings maurice Local Settings Application Data Opera Opera profile cache temporary download VundoFix exe C Program Files Opera opera exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywaybiz R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL about blank R - HKLM Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO no name - C F - - - -B DC AC E - C WINDOWS system tuvWpNfD dll file missing O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar Winamp Toolbar - EBF BA - - c a- B-BB F D DE - C Program Files Winamp Toolbar winamptb dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet Wireless O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run nwiz nwiz exe installquiet O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run ... Read more

A:High CPU usage/slow running..possible vundo/MS JUAN..Please help

DDS (Version 1.0) - NTFSx86
Run by maurice at 19:31:04.75 on Sun 12/07/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1506 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\maurice\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\maurice\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\maurice\startm~1\programs\startup\y'ztoo~1.lnk - c:\windows\bricopacks\vista inspirat\yztoolbar\YzToolBar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0... Read more

http://www.techsupportforum.com/forums/f50/high-cpu-usage-slow-running-possible-vundo-ms-juan-please-help-321262.html
Relevancy 61.92%

I got the vundo trojan and I ve cleaned it all out over and over with Malwarebytes but MS Juan keeps coming go MS Juan won't away infection back I can t seem to get rid of it No matter how many times I run scans on it and delete it it s always there again when I recheck If you need any other information MS Juan infection won't go away please ask I m a bit low on sleep so I m not exactly thinking right now haha Here s a HijackThis log I m sorry if I ve been a bit vague Thank you for any help you can give Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files Compact Wireless-G USB Adapter Wireless Network Monitor WLService exe C Program Files Compact Wireless-G USB Adapter Wireless Network Monitor WUSB GC exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgemc exe C Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exe C WINDOWS Explorer EXE C WINDOWS RTHDCPL EXE C PROGRA AVG AVG avgtray exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system ctfmon exe C WINDOWS system igfxsrvc exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files iPod bin iPodService exe C Program Files Electronic Arts EADM Core exe C Program Files Steam Steam exe C Program Files Messenger msmsgs exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C PROGRA Yahoo MESSEN ymsgr tray exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Live Messenger usnsvc exe C Program Files Java jre bin jucheck exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Persistence C WINDOWS system igfxpers exe O - HKLM Run winsvcon quot C Documents and Settings Joey Application Data Google pzpsp exe quot O - HKLM Run BCROReminder C Pr... Read more

A:MS Juan infection won't go away

Hi Welcome to TSG!!

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System


Download the file & save it as it's originally named.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.

Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
 

https://forums.techguy.org/threads/ms-juan-infection-wont-go-away.785521/
Relevancy 61.92%

Hello My computer has recently started to Infection Ms Juan slow down and recieve strange pop-up ads when I opened Internet Explorer and I couldn't open some websites After a bit of research I got a copy of Malwarebytes' Anti-Malware and found out that I had the Virtumonde malware After alot of research I removed it successfully with VundoFix Just to be on the safe side I ran MAM again and discovered that I had caught the MS Juan virus after the removal of Virtumonde Virtumonde was the only malware it was detecting until I removed it now it is MS Juan I still get pop-ups to a lesser extent though and my computer is still running slower than usual I can easily delete it from my registry but it comes right back Ms Juan Infection when Ms Juan Infection I open Internet explorer The more sites I visit it seems to gain extra file names such as MetaJuan Superjuan and others all in the MS Juan directory in the registry I have been doing lots of research and after reading all of the HijackThis solutions I have found that there is no one solution to the problem as they are different from mine and the others Taking into account the different usernames and possible programs My system restore points go to the exact point after I caugt Virtumonde So I have decided to post a log of my own For some reason the extra txt did not open I tried posting before and it turned out I had the wrong copy of Hijack this so I got the new one ran DSS and I ony got Main txt this time Main txt Deckard's System Scanner v Run by user on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis run as user exe ------------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS RTHDCPL EXEC WINDOWS system RUNDLL EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Microsoft IntelliType Pro itype exeC Program Files Microsoft IntelliPoint ipoint exeC WINDOWS system Rundll exeC Program Files Java jre bin jusched exeC Program Files Windows Defender MSASCui exeC WINDOWS system ctfmon exeC WINDOWS system WTablet TabUserW exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system nvsvc exeC WINDOWS system PSIService exeC Program Files CyberLink Shared Files RichVideo exeC WINDOWS system Tablet exeC Program Files Internet Explorer iexplore exec WINDOWS system ZuneBusEnum exeC WINDOWS system wscntfy exeC WINDOWS System svchost exeC PROGRA MICROS Office OUTLOOK EXEC Documents and Settings user Desktop dss exeC PROGRA TRENDM HIJACK user exeR - HKCU Software Microsoft Internet Explorer Main Start Page http cm my yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - C - B- A-A A -E DE C DB - C WINDOWS system rqRklIxY dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - C AF -C E - A -B -A A FE - C WINDOWS system yayvUnMG dll file missing O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google... Read more

A:Ms Juan Infection

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/146246/ms-juan-infection/
Relevancy 61.49%

Hi I have a Dell Inspiron laptop running XP SP and IE which seems to have been infected with a trojan called Vundo I have real-time virus scanning via McAfee and it leapt into action last weekend with a series of red critical system change messages when I must have stumbled on a hacked webpage Initially persistant Trojan Vundo/MS partially solved still popups but Juan, nothing appeared to be wrong but the next day I noticed that the Security Centre was giving me a red Trojan Vundo/MS Juan, partially solved but still persistant popups alert shield to tell me that automatic Windows Updates were turned off and it couldn t turn them back on from the balloon that comes up but when I looked into it via Control Panel the Windows Updates were set to automatic Later on McAfee alerted me that it had Trojan Vundo/MS Juan, partially solved but still persistant popups found an removed a Trojan called Vundo about - instances of it but it obviously hadn t because when I next switched on it detected and removed them all again I have run AVG Malwarebytes Anti-Malware and Laversoft Ad-Aware which all found several infected files on different scans and they seemed to fix the issue I was having with the security centre and also a couple of error messages I had on start up Initially my net access was slowed to a crawl and the trojan was also bringing up a series of popups on my main IE browser window trying to encourage me to click on fake virus scan installers but these seems to have mainly stopped and my net access is now at normal speed however I m still getting random advertising popups that seem to be generated every time I open a new IE browser or go to a new page My last scan didn t report trojan Vundo and it is no longer being detected by McAfee but Ad-Aware did find trace adware called MS Juan I d really appreciate the help of someone here who knows more than I do My HJT log is below Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Common Files AOL ACS AOLAcsd exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C Program Files Dell QuickSet NICCONFIGSVC exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files SiteAdvisor SAService exe C WINDOWS system svchost exe C WINDOWS system Tablet exe C PROGRA mcafee com agent mcagent exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Java j re bin jusched exe C WINDOWS stsystra exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system igfxsrvc exe C Program Files Dell QuickSet quickset exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Dell Media Experience DMXLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files AOL ACS AOLDial exe C Program Files QuickTime qttask exe C PROGRA COMMON AOL AOLSPY AOLSP Scheduler exe C Program Files ScanSoft OmniPageSE OpwareSE exe C Program Files SiteAdvisor SiteAdv exe C Program Files Common Files Real Update OB realsched exe C Program Files NetWaiting netWaiting exe C Program Files Dell Support DSAgnt exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files ... Read more

https://forums.techguy.org/threads/trojan-vundo-ms-juan-partially-solved-but-still-persistant-popups.732275/
Relevancy 61.49%

First off thank you guys so much for helping me out just a short while ago I'm pretty good at keeping safe online but somehow got hit with my Juan MS / MS (Malware.Trace) (Trojan.Vundo) System Track second virus in just a few weeks I appreciate what you guys do and do plan on donating to you Okay on with this I have run Malwarebytes Anti-Malware and ComboFix and MS Juan (Malware.Trace) / MS Track System (Trojan.Vundo) attached the logs It seems that its two files that just won't go away They have latched onto Acrobat Malwarebytes' Anti-Malware Database version Windows Service Pack PMmbam-log- - - - - txtScan type Full Scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory MS Juan (Malware.Trace) / MS Track System (Trojan.Vundo) Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt No action taken Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected ComboFix - - - Kienzle - - - NTFSx Microsoft Windows XP Professional GMT - Running from c downloaded apps ComboFix exe Files Created from - - to - - - - - - lt DIR gt d-------- c documents and settings All Users Application Data ScanSoft - - - - lt DIR gt d-------- c program files AviSynth - - - - lt DIR gt d-------- c program files Avi Dvd - - - - lt DIR gt d-------- c documents and settings All Users Application Data vsosdk - - - - lt DIR gt d-------- c program files VSO - - - - lt DIR gt d-------- c documents and settings Kienzle Application Data Vso - - - - --a------ c windows gdiplus dll - - - - --a------ c windows system wvc dmod dll - - - - --a------ c windows system vp vfw dll - - - - --a------ c windows system drv dll - - - - --a------ c windows system drv dll - - - - --a------ c windows system drv dll - - - - --a------ c windows system cook dll - - - - --a------ c windows system drivers pcouffin sys - - - - --a------ c documents and settings Kienzle Application Data pcouffin sys - - - - lt DIR gt d-------- c program files DupeEliminator - - - - --a------ C error - - - - --a------ C stdout - - - - lt DIR gt d-------- c documents and settings Kienzle Application Data GlarySoft - - - - lt DIR gt d-------- c program files Glary Utilities - - - - lt DIR gt d-------- c program files Duplicate Music Files Finder - - - - lt DIR gt d-------- c program files iTunes - - - - lt DIR gt d-------- c program files iPod - - - - lt DIR gt d-------- c documents and settings All Users Application Data BE AF F A F CA CB BCF - - - - --a------ c windows system GEARAspi dll - - - - --a------ c windows system drivers GEARAspiWDM sys - - - - --------- c windows system dllcache ieframe dll - - - - --------- c windows system dllcache ieapfltr dat - - - - --------- c windows system dllcache ieframe dll mui - - - - --------- c windows system dllcache msfeeds dll - - - - --------- c windows system dllcache ieapfltr dll - - - - --------- c windows system dllcache iertutil dll - - - - --------- c windows system dllcache icardie dll - - - - --------- c windows system dllcache msfeedsbs dll - - - - --a------ c windows system dllcache custsat dll - - - - --------- c windows system dllcache ieudinit exe - - - - --a------ c windows system javacpl cpl - - - - lt DIR gt d-------- C FALL - - - - --a------ c windows system dllcache explorer exe - - - - --a------ c windows explorer exe - - - - lt DIR gt d-------- C rsit - - - - lt DIR gt d-------- c program files trend micro - - - - lt DIR gt d-------- c program files Lavasoft - - - - lt DIR gt d-------- c program files Common Files Wise Instal... Read more

A:MS Juan (Malware.Trace) / MS Track System (Trojan.Vundo)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.First we want to remove Combofix. It's a powerful program and there is no room for error if you make a mistake.Follow this process to uninstall Combofix. It will also restore a few settings and remove quarantined items. Click START then RUN Now type Combofix /u in the runbox and click OK

Please download DDS and save it to your desktop.Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. A second report, Attach.txt will open next.Save both reports to your desktop.Please copy and paste both logs into your next reply.=============The next log will show us any hidden files that are present.Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.Note: If you have any problems, try running GMER in SAFE MODE"Important! Please do not select the "Show all" checkbox during the scan..

http://www.bleepingcomputer.com/forums/t/188570/ms-juan-malwaretrace-ms-track-system-trojanvundo/
Relevancy 61.49%

Hi can someone please take a look at juan Possible trojan infection my hjt log and advise I have problems with IE either not connecting or being redirected and am also receiving some strange system alerts and also slow and sluggish performance when Possible juan trojan infection opening programs Any Possible juan trojan infection help would be gratefully accepted Hjt log Possible juan trojan infection as follows Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Windows RtHDVCpl exe C Windows System rundll exe C Windows System rundll exe C Program Files Alwil Software Avast ashDisp exe C Program Files Java jre bin jusched exe C Program Files PowerISO PWRISOVM EXE C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Packard Bell SetUpMyPC SmpSys exe C Program Files Creative Sync Manager Unicode CTSyncU exe C Program Files Windows Media Player wmpnscfg exe C Program Files uTorrent uTorrent exe C Windows System rundll exe C Windows System rundll exe C Windows system wbem unsecapp exe C Program Files Internet Explorer ieuser exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Windows system WerCon exe C Windows system Macromed Flash FlashUtil b exe C Users Danny Desktop HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http format packardbell com cgi-bi amp key IESTART R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar no name - D - - -A B -AEFAF AB - no file O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run NvSvc RUNDLL EXE C Windows system nvsvc dll nvsvcStart O - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C Windows system NvMcTray dll NvTaskbarInit O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SystemTraySD C Program Files SpywareDetector SDSystemTray exe -AUTO O - HKLM Run LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run PE CKFNT SE C Program Files Ulead Systems Ulead Photo Express SE ChkFont exe O - HKLM Run SDAutoLiveupdate C Program Files SpywareDetector LiveUpdateSD exe -AUTO O - HKLM Run PWRISOVM EXE C Program Files PowerISO PWRISOVM EXE O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKCU Run SmpcSys C Program Files Packard Bell SetUpMyPC SmpSys exe O - HKCU Run CTSyncU exe quot C Program Files Creative Sync Manager Unicode CTSyncU exe quot O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run EPSON Stylus Photo R Series C Windows system spool DRIVERS W X E FATIBNE EXE FU quot C Users Danny AppData Local Temp E S D tmp quot EF quot HKCU quot O - HKCU Run uTorrent quot C Program Files uTorrent uTorrent exe quot O - HKCU Run MSServer rundll exe C Users Danny AppData Local Temp ddcYppmn dll O - HKCU Run cmds rundll exe C Users Danny AppData Local Temp ssqQjJYr dll c O - HKCU Run BM d a d Rundll exe quot C Users Danny AppData Local Temp abkuedkm dll quot s O - HKUS S-... Read more

http://www.techsupportforum.com/forums/f284/possible-juan-trojan-infection-240894.html
Relevancy 61.06%

Hi I just infected with all these problems with pop-ups in firefox and in my systemtray so i installed Malwarebytes and scanned my computer It was able to System MS Juan remove Track (Trojan.Vundo)? (Malware.Trace), How MS to get rid of all the problems However two keep popping up everytime i restart my computer even though it says it s been removed successfully codebox Malwarebytes Anti-Malware Database version Windows Service Pack AM mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected No malicious items How to remove MS Juan (Malware.Trace), MS Track System (Trojan.Vundo)? detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected codebox any help is appreciated Thank You

A:How to remove MS Juan (Malware.Trace), MS Track System (Trojan.Vundo)?

Hi,Please do a full scan with MBAM, and post the logfile in your next reply.

http://www.bleepingcomputer.com/forums/t/186698/how-to-remove-ms-juan-malwaretrace-ms-track-system-trojanvundo/
Relevancy 60.2%

I'm having trouble removing MS Juan Malware Trace and MS Track System Trojan Vundo from my laptop which is running Windows XP Professional SP I've run Spybot Malwarebytes' Anti-Malware and Symantec and I can't seem to remove the trojans I'm starting to have many pop-ups when using any browser app Things seem to be running much slower on my PC as well Any help would be appreciated Thank you Here's my HijackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system ibmpmsvc exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files ThinkPad Bluetooth Software bin btwdins exeC WINDOWS system Ati evxx exeC WINDOWS system GtDetectSc exeC Program Files Common Files Symantec Shared ccSetMgr exeC WINDOWS system spoolsv exeC WINDOWS system IPSSVC EXEC Program Files ThinkPad ConnectUtilities AcPrfMgrSvc exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system bmwebcfg exeC Program Files Bonjour mDNSResponder exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Symantec AntiVirus DefWatch exeC WINDOWS SYSTEM DWRCS EXEC Program Files Intel Wireless Bin EvtEng exeC WINDOWS System svchost exeC WINDOWS system inetsrv inetinfo exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Oracle ODrive XfsSvcCon exeC Program Files OpenCASE OpenCASE Media Agent MediaAgent trouble MS Juan removing System Track (Malware.Trace) Having (Trojan.Vundo) MS and exec Program Files PatchLink Update Agent Having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo) GravitixService exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Symantec AntiVirus SavRoam exeC WINDOWS system svchost exec program files lenovo system update suservice exeC WINDOWS System TPHDEXLG exeC WINDOWS system TpKmpSVC exeC Program Files Novell ZENworks Asset Management bin CClientSvc exeC Program Files Common Files Lenovo Scheduler tvtsched exeC Program Having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo) Files Novell ZENworks Asset Management bin CClient exeC Program Files VMware VMware Workstation vmware-authd exeC Program Files Common Files VMware VMware Virtual Image Editing vmount exeC WINDOWS system vmnat exeC Program Files Common Files WinAgents TftpService exeC Program Files ThinkPad ConnectUtilities AcSvc exeC WINDOWS system vmnetdhcp exeC Program Files Novell ZENworks Asset Management bin TSUsage exeC Program Files ThinkPad ConnectUtilities SvcGuiHlpr exeC Program Files Microsoft ActiveSync wcescomm exeC WINDOWS Explorer EXEC WINDOWS SYSTEM DWRCST exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system TpShocks exeC PROGRA ThinkPad UTILIT EzEjMnAp ExeC Program Files Lenovo HOTKEY TPOSDSVC exeC PROGRA THINKV PrdCtr LPMGR exeC WINDOWS System DLA DLACTRLW EXEC WINDOWS system rundll exeC Program Files Lenovo HOTKEY TPONSCR exeC WINDOWS system TpScrLk exeC Program Files Lenovo PkgMgr HOTKEY TpScrex exeC Program Files Analog Devices Core smax pnp exeC Program Files PatchLink Update Agent pddm exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC WINDOWS Logi MwX ExeC Program Files Java jre bin jusched exeC Program Files Adobe Reader Reader Reader sl exeC Program Files Common Files Lenovo Scheduler scheduler proxy exeC Program Files iTunes iTunesHelper exeC Program Files ATI Technologies ATI ACE Core-Static MOM EXEC WINDOWS system rundll exeC WINDOWS system ctfmon exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC Program Files ThinkPad Bluetooth Software BTTray exeC Program Files Digital Line Detect DLG exeC Program Files ATI Te... Read more

A:Having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo)

Please download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post me these logs in your next reply.. Post each log in separate post..1. RSIT log.txt2. RSIT info.txt3. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/189994/having-trouble-removing-ms-juan-malwaretrace-and-ms-track-system-trojanvundo/
Relevancy 60.2%

I'm having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo) from my laptop, which is running Windows XP Professional SP2. I've run Spybot, Malwarebytes' Anti-Malware 1.31, and Symantec and I can't seem to remove the trojans. I'm starting to have many pop-ups when using any browser app. Things seem to be running much slower on my PC, as well. Any help would be appreciated. Thank you.

A:Having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo)

Hi wdwvision, welcome to BC.I think you would do well to read through the pinned topics at the top of this thread.

http://www.bleepingcomputer.com/forums/t/189987/having-trouble-removing-ms-juan-malwaretrace-and-ms-track-system-trojanvundo/
Relevancy 59.77%

Hey guys Recently I appear to have gathered to my comp an irritating piece of spyware that CA has Infection; Track MS System Juan and MS Darksma labelled Darksma It appears to like the registry settings MS Track System and MS Juan HKEY LOCAL Darksma Infection; MS Juan and MS Track System MACHINE SOFTWARE MICROSOFT MS Juan etc The symptoms are Whenever I open IE as in checking hotmail emails a get an alert box with the standard spyware message telling me Darksma Infection; MS Juan and MS Track System how my computer is infected with spyware and please download this new product to fix it funnily enough the no option doesn t seem to work Also a believe that the Darksma has attempted to download other viruses to the computer twice I have gotten CA alerts saying that they ve just deleted the Vundoo virus strand Well here s the HJT this log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Autodesk Shared Service AdskScSrv exe C Program Files Dassault Systemes B intel a code bin CATSysDemon exe C WINDOWS system RUNDLL EXE C WINDOWS RTHDCPL EXE C Program Files CA CA Internet Security Suite CA Anti-Virus ISafe exe C Program Files CA CA Internet Security Suite cctray cctray exe C Program Files CA CA Internet Security Suite CA Anti-Virus CAVRID exe C WINDOWS system rundll exe C Program Files Adobe Reader Reader Reader sl exe C Program Files CA SharedComponents PPRT bin ITMRTSVC exe C Program Files CA CA Internet Security Suite CA Anti-Spam QSP- QOELoader exe C WINDOWS System spool DRIVERS W X E FATIADP EXE C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Autodesk ds Max mentalray satellite raysat dsMax server exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS system rundll exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger MsnMsgr Exe C Documents and Settings Sam Local Settings Application Data Google Update GoogleUpdate exe C Program Files CA CA Internet Security Suite CA Anti-Spyware CAPPActiveProtection exe C Program Files Common Files Nero Lib NMBgMonitor exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS system svchost exe C Program Files CA CA Internet Security Suite CA Anti-Virus VetMsg exe C Program Files CA CA Internet Security Suite CA Anti-Spyware PPCtlPriv exe C WINDOWS system wscntfy exe C Program Files Common Files Nero Lib NMIndexingService exe C WINDOWS regedit exe C Program Files CA CA Internet Security Suite ccprovsp exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C WINDOWS System svchost exe C Program Files Windows Live Messenger usnsvc exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run cctray quot C Program Files CA CA Internet Security Suite cctray cctray exe quot O - HKLM Run CAVRID quot C Program Files CA CA Internet Security Suite CA Anti-Virus CAVRID exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run QOELOADER... Read more

Relevancy 58.48%

I've been infected for over a month and only seem to be going from bad to worse I ran SuperAntiSpyware Free Edition and it listed a lot of trojans I seem to have got rid of a lot of the trojans but two of them when I try to delete it off the results page I get the blue screen ups adware resident, pop 360, antivirus juan variant, downloader Infected vm, new trojan 2009 vundo gudmun with fakealert, & of death telling me a memory system error has occurred and they are called adware gudmun resident and trojan downloader new juan vm both have files and seem to have each Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups affected parts of my memory because SUPERAntiSpyware Free Edition list a file name and memory processor under their name Also after I deleted a few things off the results page I now get these two messages upon my desktop loading quot RUNDLL Error loading C WINDOWS system neburufo dll the specified module can not be found Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups quot Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups and quot RUNDLL Error loading C WINDOWS system lefizuvo dll the specified module can not be found quot As for the actual problems on my computer I keep getting pop ups telling me that I'm infected and it needs to run antivirus antivirus etc it always lists a different 'spywaye program' and it tells me to hit ok or cancel but if I hit either button it directs me to some website It happens frequently so even if I just have one window open by the time I know it I have extra windows open with nothing but a fake spyware message up with that warning I bought Norton Premier Edition from Fry's and installed it I ran it once and it was working fine but after a day or so it would no longer update or be allowed to get online and now I can't even run it at all The viruses and trojans that is on my computer has seemed to disabled every virus program I have because I can no longer run my Norton Adaware or the online trend micro housecall My Internet Explorer is not able to display pictures or icons at all I don't see the red x though I see the sheet of paper with a red square green circle and blue rectangle I've been using firefox because it was working better than my IE and the pictures loaded on there but I got a message saying a security update from firefox needed to be updated and I did it and when firefox restarted it won't connect to the internet anymore Sorry if this all sounds incoherent but I am at my wit's end with all the problems I'm having I've done everything I could think of to fix it on my own and it just seems to make it worse Please help I am desperate for all this to just be resolved and working again after over a month of nothing but problems DDS Ver - - - NTFSx Run by Leticia at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Norton Premier Edition On-access scanning enabled Updated FW disabled FW Norton Premier Edition enabled Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system Ati evxx exe svchost exe svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Common Files Symantec Shared VAScanner comHost exe C PROGRA COMMON SYMANT CCPD-LC symlcsvc exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS ehome ehtray exe C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE C WINDOWS system CTHELPER EXE C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C WINDOWS system LVCOMSX EXE C Program Files ATI Technologies ATI ACE CLI ... Read more

A:Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

http://www.bleepingcomputer.com/forums/t/198911/infected-with-trojan-downloader-new-juan-vm-adware-gudmun-resident-antivirus-2009-360-vundo-variant-fakealert-pop-ups/
Relevancy 55.9%

I have had my anti-virus Avast continuiously popup saying i have a trojan I delete it and then run XoftSpy And Winfixer,trojan Infected Vundo With Juan/vm, Downloader-new Trojan SE it also detects vundo and winfixer and downloader- New Juan VM I have also ran SuperanitSpyware It also tries to remove it all to find out it is still on there I have also ran Stinger it found nothing I am running Windows XP Also when i do this there Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo are others who also have different user names on it do i need to access each user and repeat the process for each user Sorry not sure of these things I have also experienced continous popups wanting me to download spyware antiviruses and to try and get rid of these are a real pain because they just Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo keep popping up Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS arservice exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system dllhost exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC WINDOWS ARPWRMSG EXEC Program Files HP DigitalMedia Archive DMAScheduler exeC Program Files Hp HP Software Update HPWuSchd exeC PROGRA Yahoo browser ybrwicon exeC PROGRA Yahoo YOP yop exeC PROGRA ALWILS Avast ashDisp exeC Program Files Java jre bin jusched exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC WINDOWS eHome ehmsas exeC Program Files Wire PortalMon exeC PROGRA COMMON INSTAL UPDATE issch exeC Program Files DISC DISCover exeC Program Files Zone Labs ZoneAlarm zlclient exeC PROGRA Yahoo browser ycommon exeC Program Files Messenger msmsgs exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files MySpace IM MySpaceIM exeC Program Files AIM aim exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Updates from HP Program Updates from HP exeC WINDOWS system svchost exeC Program Files AIM aolsoftware exeC Program Files DISC DiscStreamHub exeC Program Files HP Digital Imaging bin hpqSTE exeC HP KBD KBD EXEc windows system hpsysdrv exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http www yahoo com search ie htmlR - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Page URL http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Search... Read more

A:Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo

Hi,* Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

http://www.bleepingcomputer.com/forums/t/115034/infected-with-trojan-winfixertrojan-downloader-new-juanvm-and-vundo/
Relevancy 55.47%

Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC Program Files AntiVir PersonalEdition Classic sched exeC Program Files AntiVir PersonalEdition Classic avguard exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS Explorer EXEC WINDOWS system nvsvc exeC PROGRA Intel Wireless Bin XConfig exeC PROGRA TRENDM INTERN PcCtlCom exeC Program Files Intel Wireless Bin RegSrvc exeC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN tmproxy exeC PROGRA TRENDM INTERN Vundo.fx, Troj Agent.gzu, Troj Troj Juan.d, Tr/spy.vundo TmPfw exeC WINDOWS system dllhost exeC WINDOWS system wscntfy exeC PROGRA TRENDM INTERN PccGuide exeC WINDOWS ehome ehtray exeC Program Files Apoint Apoint exeC Program Files Java jre bin jusched exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS eHome ehmsas exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC Program Files Apoint Apntex exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system dla tfswctrl exeC Program Files Windows Defender MSASCui exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exeC Program Files Uniblue SpyEraser SpyEraser exeC Program Files Digital Line Detect DLG exeC Program Files Internet Explorer iexplore exeC Program Files AntiVir PersonalEdition Classic avgnt exeC Documents and Troj Agent.gzu, Troj Juan.d, Troj Vundo.fx, Tr/spy.vundo Settings RealPro Desktop stng exeC Documents and Settings RealPro Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run Apoint C Program Files Apoint Apoint exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet WirelessO - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run mmtask C Program Files Musicmatch Musicmatch Jukebox mmtask exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run Windows C WINDOWS WinSecurity services exeO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run pccguide exe quot C Program Files Trend Micro Internet Security pccguide exe quot O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hideO - HKLM Run avgnt quot C Program ... Read more

A:Troj Agent.gzu, Troj Juan.d, Troj Vundo.fx, Tr/spy.vundo

Welcome to BleepingComputer wolfdown Please move HijackThis to a permanent folder on the hard drive such as C:\HJT Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.*********************************Now go to:C:\HJT\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

http://www.bleepingcomputer.com/forums/t/84003/troj-agentgzu-troj-juand-troj-vundofx-trspyvundo/
Relevancy 52.03%

Over the past few weeks I keep getting a recurring Antivirus Pro 2010 infection. I've "cleaned" it with Malwarebytes, AdAware, and SpyBot. It keeps coming back! I subsequently ran StopZilla and was alerted to the additional infections of Vundo.A1, Vundo.A2, and PWS.ABD. I didn't want to purchase StopZilla to clean it due to my unsuccessful attempts with 3 other scanners, but it was interesting that the Vundo and PWS.ABD had not been founds with the former scanners and only StopZilla. I have run ComboFix and HijackThis logs and have attached them in the event you may find them useful. Thanks in advance for your assistance.

A:Antivirus Pro 2010, Vundo.A1, Vundo.A2, PWS.ABD Infection!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't ... Read more

http://www.bleepingcomputer.com/forums/t/313267/antivirus-pro-2010-vundoa1-vundoa2-pwsabd-infection/
Relevancy 52.03%

I just noticed today that I was getting strange popups on sites where their are none such as facebook and youtube I scanned with Malawarebytes and it found a couple trojans It restarted to delete them and on restart I got a RUNDLL error about the file that was just deleted and then a barrage of Avira warnings about the same DLL When ever I try Popups and / Vundo infection Random Vundo.H to delete it it just comes back Thank you in advance NecoLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS Vundo.H and Vundo infection / Random Popups system services exeC WINDOWS system lsass Vundo.H and Vundo infection / Random Popups exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Program Files Avira AntiVir PersonalEdition Classic sched exeC WINDOWS Explorer EXEC Program Files Intel IntelDH CCU AlertService exeC Program Files Avira AntiVir PersonalEdition Classic avguard exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files TortoiseSVN bin TSVNCache exeC WINDOWS System svchost exeC Program Files Intel Intel Matrix Storage Manager Iaantmon exeC WINDOWS system inetsrv inetinfo exeC Program Files Java jre bin jqs exeC WINDOWS system HPZipm exeC WINDOWS system PnkBstrA exeC WINDOWS system PnkBstrB exeC WINDOWS ehome RMSvc exeC Program Files Sling Media SlingAgent SlingAgentService exeC WINDOWS system svchost exec WINDOWS system ZuneBusEnum exeC Program Files Intel IntelDH Intel Media Server Media Server bin ISSM exeC Program Files Intel IntelDH Intel Media Server Shells MCLServiceATL exeC Program Files Avira AntiVir PersonalEdition Classic avgnt exeC WINDOWS system RUNDLL EXEC Program Files SteelSeries World of Warcraft MMO Gaming Mouse WoWMHID exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC Program Files Microsoft Xbox Accessories XboxStat exeC WINDOWS system ctfmon exeC Program Files DNA btdna exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files SlySoft AnyDVD AnyDVDtray exeC Program Files IBM Lotus Symphony framework shared eclipse plugins com ibm productivity tools base app win - soffice exeC Program Files SteelSeries World of Warcraft MMO Gaming Mouse WoWMTray exeC WINDOWS system dllhost exeC WINDOWS system rsvp exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC Program Files Steam Steam exeC Program Files iTunes iTunes exeC Program Files iLike ilikesidebar exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceHelper exeC Program Files Common Files Apple Mobile Device Support bin distnoted exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Owner YOUR- C B EF My Documents Desktop Stuff HiJackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www gateway com g startpage html Ch P amp M GM ER - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbar... Read more

A:Vundo.H and Vundo infection / Random Popups

Hello Neco,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Do not attach your log, as that makes it hard to read. **********************Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply. Do not attach your log, as that makes it hard to read.**********************Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt
Do not attach your logs, as that makes it hard to read.

http://www.bleepingcomputer.com/forums/t/271754/vundoh-and-vundo-infection-random-popups/
Relevancy 52.03%

Hello I read your rules and tried running everything you said I removed viewpoint media player myself and installed the ie spyad txt file as described Pandascan and Deckard however wouldn't work for me Panda's site wasn't responding and dss exe variant Vundo Another Infection, Vundo.N [SOLVED] crashes when it tries to clean my temporary files I made sure nothing else was running when running [SOLVED] Another Vundo Infection, Vundo.N variant DSS as well As for the updates unless they're critical to removing this virus I can't [SOLVED] Another Vundo Infection, Vundo.N variant even download them in a timely manner to keep up with you as I'm on k Enough rambling I ran your Vundo removal tool and it DID remove the Vundo virus but I still have random popups in Firefox linking back to adult sites It's not creating the IDKFA file it was before since I ran your Vundo tool only popups are left Sorry for rambling so much here's my log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system CTsvcCDA exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C Program Files Digital Media Reader readericon G exe C Program Files Creative SB Live -bit Surround Mixer CTSysVol exe C WINDOWS system MsPMSPSv exe C PROGRA Grisoft AVG avgcc exe C Program Files Gadwin Systems PrintScreen PrintScreen exe C Program Files WhatPulse WhatPulse exe C Program Files SRS Labs Audio Sandbox SRSSSC exe C Program Files Logitech SetPoint SetPoint exe C Program Files Last fm LastFMHelper exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C WINDOWS system wuauclt exe C WINDOWS system spoolsv exe C windows explorer exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http home peoplepc com search R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www gateway com g startpage h ys DTP amp M W R - HKLM Software Microsoft Internet Explorer Main Start Page http www gateway com g startpage h ys DTP amp M W R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http home peoplepc com search R - HKCU Software Microsoft Internet Explorer Main Window Title Jake O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dll file missing O - HKLM Run readericon C Program Files Digital Media Reader readericon G exe O - HKLM Run Recguard WINDIR SMINST RECGUARD EXE O - HKLM Run Reminder WINDIR Creator Remind XP exe O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run BootSkin Startup Jobs quot C PROGRA BootSkin BootSkin exe quot StartupJobs O - HKLM Run CTSysVol C Program Files Creative SB Live -bit Surround Mixer CTSysVol exe r O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run f rundll exe quot C WINDOWS system jthqchak dll quot b O - HKCU Run Power GoExpress NA O - HKCU Run Gadwin PrintScreen C Program Files Gadwin Systems PrintScreen PrintScreen exe nosplash O - HKCU Run WhatPulse C Program Files WhatPulse WhatPulse exe O - HKCU Run AIM C Program Files AIM aim exe -cnetwait odl O - HKCU Run SRS Audio Sandbox quot C Program Files SRS Labs Audio Sandbox SRSSSC exe quot hideme O - Startup Adobe Ga... Read more

A:[SOLVED] Another Vundo Infection, Vundo.N variant

Just wanted to be sure you've intentionally marked this as solved.

If you still need help, or just want to be sure....

To run DSS, do this:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please run Deckard's System Scanner once again, this time using these instructions (this assumes dss.exe is on your desktop):

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config UnTick Temp Cleanup on the left side, UnTick Event Logs on the right side.

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

http://www.techsupportforum.com/forums/f284/solved-another-vundo-infection-vundo-n-variant-246403.html
Relevancy 49.88%

I've had minor infections in the past usually solved by following the instructions of other fixed threads This is a PL, H Vundo Trojan Vundo Infection bad one and I really need help Trojan Vundo PL, Vundo H Infection It started when I downloaded an episode of criminal minds over bit torrent that required a quot content license quot that turned out to be the Vundo Trojan My google search results were being redirected to ad yieldmanager com and searchfindsite and AVG Free Spybot Search amp Destroy detected infections in the Windows Temp directory but they kept coming back after being removed I also tried Malwarebytes and Combofix but the registry keys seem familiar enough to me Two were out of place but there must be more because I'm still having problems I can't boot to Safe Mode Upon loading the DOS libraries the system restarts Also Root Repeal crashes my computer when I try to run a report Here is my DDS log DDS Ver Trojan Vundo PL, Vundo H Infection - - - NTFSx Run by Heikkila at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning disabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system nvsvc exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe svchost exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe svchost exe C Program Files AVG AVG avgwdsvc exe C WINDOWS Explorer EXE C Program Files Java jre bin jqs exe C Program Files AVG AVG avgnsx exe C WINDOWS ehome ehtray exe C Program Files Analog Devices Core smax pnp exe C WINDOWS system RUNDLL EXE C PROGRA AVG AVG avgtray exe C Program Files Java jre bin jusched exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files BitTorrent bittorrent exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Logitech SetPoint SetPoint exe C Program Files Timmmoore MCE STB Controller MyTray exe C Program Files VCOM PowerDesk pddlghlp exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C Program Files UltraVNC WinVNC exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C PROGRA SPEEDB VideoAcceleratorService exe C Program Files AVG AVG avgemc exe C PROGRA SPEEDB VideoAcceleratorEngine exe C Program Files UltraVNC WinVNC exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exe C Program Files AVG AVG avgcsrvx exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C WINDOWS system wscntfy exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Heikkila Desktop dds scr Pseudo HJT Report BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat reader activex AcroIEHelper ocx BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun BitTorrent quot c program files bittorrent bittorrent exe quot uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun Windows Defender quot c program files windows defender MSASCui exe quot -hide mRun ehTray c windows ehome ehtray exe mRun SoundMAXPnP c program files analog devices core smax pnp exe mRun Logitech Hardware Abstraction Layer KHALMNPR EXE mRun Kernel and Hardware Abstraction Layer KHALMNPR EXE mRun nwiz nwiz exe install mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun AVG TRAY c progra avg avg avgtray exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot m... Read more

A:Trojan Vundo PL, Vundo H Infection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------Please be patient and I'd be grateful if you would note the followingThe cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I ... Read more

http://www.bleepingcomputer.com/forums/t/280726/trojan-vundo-pl-vundo-h-infection/
Relevancy 49.88%

Have worked at least hours over the past few days to rid computer of multiple Trojans Cannot get rid of Vundo Have run Webroot Spy Sweeper Lavasoft AdAware SuperAntiSpyware and Vundo/vundo Variant Infection McAfee Only SuperAntiSpyware detects anything but even after cleaning it comes back with a vengeance At this point I'm getting multiple popus security alerts and such decreased performance that this post is difficult to type as it doesn't take all letters entered I also ran Hijack This and Combofix I failed to save the Combofix log but I'll be glad to run it Vundo/vundo Variant Infection again if need be Any help would be GREATLY appreciated Hijack this ran moments ago Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files McAfee HackerWatch HWAPI exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files McAfee MPF MPFSrv exeC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC Program Files McAfee Managed VirusScan Agent myAgtSvc exeC Program Files SiteAdvisor SAService exeC Program Files Belkin Bulldog Plus upsd exeC Program Files Webroot Spy Sweeper SpySweeper exeC PROGRA McAfee MANAGE VScan McShield exeC WINDOWS Explorer EXEC Program Files Analog Devices Core smax pnp exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Dell Media Experience DMXLauncher exeC Program Files Real RealPlayer RealPlay exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS System DLA DLACTRLW EXEZ ABACUS msgs exeC Program Files McAfee Vundo/vundo Variant Infection Managed VirusScan Agent myagttry exeC Program Files SiteAdvisor SiteAdv exeC Program Files Webroot Spy Sweeper SpySweeperUI exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Belkin Bulldog Plus MUPS exeC Program Files Microsoft SQL Server Tools Binn sqlmangr exeC Program Files Webroot Spy Sweeper SSU EXEC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Microsoft Office OFFICE WINWORD EXEC Program Files Internet Explorer IEXPLORE EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www dell comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell com O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dllO - Toolbar Security Toolbar - A AE -FBED- -A BF- AF - C WINDOWS system dycwcwvk dllO - HKLM Run SoundMAXPnP quot C Program Files Analog Devices Core smax pnp exe quot O - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Persistence C WINDOWS system igfxpers exeO - HKLM Run DMXLauncher quot C Program Files Dell Media Experience DMXLauncher exe quot O - HKLM Run RealTray quot C Program Files Real RealPlayer RealPlay exe quot SYSTEMBOOTHIDEPLAYERO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService isuspm exe quot -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run DLA C WINDOWS System DLA DLACTRLW EXEO - HKLM Run Abacus msgs quot Z ABACUS msgs exe qu... Read more

A:Vundo/vundo Variant Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum dgm My name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Now go to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

http://www.bleepingcomputer.com/forums/t/112520/vundovundo-variant-infection/
Relevancy 46.01%

Judging by this and this you folks are magical even with vundo Computer's symptoms popup windows in firefox after new searches significantly worse performance than yesterday long hard drive read writes and McAfee and ad aware both pick up files that they recognize as Vundo or Vundo grb I could make an attempt at a fix on my own but I'd really like some help Thanks very much for the help DDS follows DDS Ver - - - NTFSx Run by Owner at on Sun Internet Explorer Microsoft Windows XP Home Edition GMT - AV VirusScan Enterprise vundo infection / vundo!grb AntiSpyware Enterprise On-access scanning enabled Updated Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC vundo!grb / vundo infection WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Cisco Systems VPN Client cvpnd exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files McAfee Common Framework FrameworkService exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Digital Media Reader shwicon k exeC Program Files HP hpcoretech hpcmpmgr exeC WINDOWS system spool drivers w x hpztsb exeC Program Files Hewlett-Packard HP Software Update HPWuSchd exeC Program Files McAfee VirusScan Enterprise SHSTAT EXEC Program Files McAfee Common Framework UdaterUI exeC Program Files McAfee VirusScan Enterprise Mcshield exeC Program Files Microsoft IntelliType Pro itype exeC Program Files Adobe Adobe Version Cue CS ControlPanel VersionCueCS Tray exeC Program Files Adobe Adobe Acrobat Distillr Acrotray exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Real Update OB realsched exeC Program Files McAfee Common Framework McTray exeC WINDOWS system rundll exeC Program Files McAfee VirusScan Enterprise VsTskMgr exeC Program Files Microsoft Xbox Accessories XboxStat exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system ctfmon exec Program Files Microsoft IntelliType Pro dpupdchk exeC WINDOWS System snmp exeC Program Files Microsoft SQL Server Shared sqlwriter exeC Program Files Battery Status BattStat exeC WINDOWS system svchost exe -k imgsvcC Program Files iPod bin iPodService exeC WINDOWS system wscntfy exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Owner Desktop dds scr Pseudo HJT Report uSearch Bar hxxp www google com ieuStart Page hxxp mail google com mail hl en amp tab wm inboxuInternet Connection Wizard ShellNext hxxp google com uInternet Settings ProxyOverride localmSearchAssistant hxxp www google com ieBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe adobe acrobat activex AcroIEHelper dllBHO c c -c a - - a -bfd d c c d- dfb- a - - a c c c - c windows system wljltp dllBHO d cb -c cd- c f-bfdc- b afbdc c - c windows system yayyXPjJ dllBHO b fb- f- ff-a b-a d - c windows system iifgGVOi dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan enterprise Scriptcl dllBHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - c program files adobe adobe acrobat acrobat AcroIEFavClient dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllTB Adobe PDF -d c - - fa - e eaac - c program files adobe adobe acrobat acrobat AcroIEFavClient dllEB Adobe PDF ec be- - c -a -beb d a b - c program files adobe adobe acrobat acrobat AcroIEFavClient dlluRun ctfmon exe c windows system ctfmon exeuRun BattStat c program files battery status BattStatLauncher exemRun NeroFilterC... Read more

A:vundo!grb / vundo infection

Never mind all that. I've reinstalled windows - couldn't take the wait. Nevertheless, it's good to know that ya'll are out there, putting up with fools like me.

Peace,
Peter

http://www.bleepingcomputer.com/forums/t/203836/vundogrb-vundo-infection/
Relevancy 45.58%

I have recently had an infection caused by Vundo adware I think I've got rid of the infection by running SUPERAntispyware a couple of times but just to be sure I would appreciate it if someone could have a look at my Vundo Infection HiJackThis log file and see if there's anything that looks suspicious My anti-virus spyware program Eset System Security told me it had quarantined the infection but apparently it didn't I was suffering from disappearing icons and taskbar every time I booted the computer The computer would start everything would appear for a few seconds then disappear re-appear disappear until eventually I was left with just a blank desktop with the wallpaper showing I seem to be back to normal now but today my browsing and downloading seems a bit slow so thought I would see if anybody could spot any problems I have also run Combofix and have Vundo Infection a log file of this if it's needed Deckard's System Scanner v Run by Administrator on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - ComboFix created restore point - - UTC - RP - System Checkpoint - Vundo Infection - UTC - RP Vundo Infection - Made by Eusing Free Registry Cleaner - - UTC - RP - Installed SUPERAntiSpyware Free Edition-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Administrator exe ---------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Java jre bin jusched exeC Program Files HP HP Software Update HPWuSchd exeC Program Files VMware VMware Player hqtray exeC Program Files ESET ESET NOD Antivirus egui exeC PROGRA INTERN mum exeC Program Files Common Files Ahead Lib NMBgMonitor exeC WINDOWS system ctfmon exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Kirby Alarm Pro kirbyalarmpro exeC Program Files Common Files Acronis Schedule schedul exeC Program Files Ashampoo Ashampoo Magical Defrag bin aDefragService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files ESET ESET NOD Antivirus ekrn exeC Program Files Ashampoo Ashampoo Magical Defrag bin defragActivityMonitor exeC WINDOWS system svchost exeC WINDOWS system inetsrv inetinfo exeC WINDOWS System svchost exeC Program Files Norton Ghost Agent VProSvc exeC WINDOWS system nvsvc exeC WINDOWS system oodag exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files VMware VMware Virtual Image Editing vmount exeC WINDOWS system vmnat exeC Program Files VMware VMware Player vmware-authd exeC WINDOWS system vmnetdhcp exeC Program Files Common Files Ahead Lib NMIndexingService exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Program Files HP Digital Imaging bin hpqSTE exeC WINDOWS explorer exeC WINDOWS system notepad exeC WINDOWS explorer exeC Documents and Settings Administrator Desktop dss exeH DOWNLO Administrator exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software M... Read more

A:Vundo Infection

Hello graeme33,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

http://www.bleepingcomputer.com/forums/t/146796/vundo-infection/
Relevancy 45.58%

I've taken the last couple of days to try and clear a infection Vundo particularly stubborn strain of vundo off my computer I've run vundofix superantisypware malwarebytes both regularly and in safe mode as well as a couple other solutions but i'm unable to get rid of several registry entries and a dll CBXOIBBC DLL It also seems to have made my rundll exe hidden inaccessible to both my task manager and processexplorer The virus isn't currently locking me up or Vundo infection causing anymore popups but it seems to have dug in for the long haul Any assistance with this issue would be greatly appreciated P S in your 'new instructions' sticky you make reference to saving the file as 'gmer txt' then later say to attach the 'ark txt' which isn't mentioned beforehand I'm guessing that this is the gmer log but if im incorrect please let me know what i should send DDS Version - NTFSx Run by Jherek at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Dell Support Center bin sprtsvc exe C Program Files Common Files BitDefender BitDefender Communicator xcommsvr exe C Program Files BitDefender BitDefender vsserv exe C Program Files Common Files BitDefender BitDefender Update Service livesrv exe C WINDOWS System svchost exe -kbdx C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system wscntfy exe C WINDOWS system WLTRAY exe C WINDOWS System DLA DLACTRLW EXE C WINDOWS stsystra exe C Program Files ATI Technologies ATI ACE cli exe C Program Files Dell QuickSet quickset exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files BitDefender BitDefender bdagent exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files DellSupport DSAgnt exe C Program Files NetMeter NetMeter exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe -k HTTPFilter C WINDOWS System wbem wmiapsrv exe C Program Files ATI Technologies ATI ACE cli exe C Documents and Settings Jherek Desktop dds com Pseudo HJT Report uInternet Settings ProxyOverride local mWinlogon SFCDisable - xffffff d BHO C D-C - C - -FCE AD C - c program files techsmith snagit SnagItBHO dll BHO BB-D F - C-B EB-D DAF D D - c program files java jre bin ssv dll BHO A -E CA- D - CD - D B - c progra flashget jccatch dll TB E C -FCCC- E - EC-C D E E - c program files trend micro trendsecure transactionprotector TSToolbar dll TB FF E -ABDE- EB-B E-D AAB CABE - c program files techsmith snagit SnagItIEAddin dll TB FFDE - - f -B D-FC A F C - c program files bitdefender bitdefender IEToolbar dll TB E E AB-F - D - D - BA E - c progra flashget fgiebar dll uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun ctfmon exe c windows system ctfmon exe uRun DellSupport quot c program files dellsupport DSAgnt exe quot startup uRun DellSupportCenter quot c program files dell support center bin sprtcmd exe quot P DellSupportCenter uRun DAEMON Tools quot c program files daemon tools daemon exe quot -lang uRun c program files netmeter netmeter exe c program files netmeter NetMeter exe uRun cdloader quot c documents and settings jherek application data mjusbsp cdloader exe quot MAGICJACK uRun AdobeUpdater quot c program files common files adobe updater AdobeUpdater exe quot uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun Broadcom Wireless Manager UI c windows system WLTRAY exe mRun dscactivate quot c program files dell support center gs agent custom dsca exe quot mRun DLA c windows system dla DLACTRLW EXE mRun SigmatelSysTrayApp stsystra ex... Read more

A:Vundo infection

Hello and welcome to TSF,

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following report for further review, and so we may continue cleansing the system:

C:\ComboFix.txt


Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

http://www.techsupportforum.com/forums/f284/vundo-infection-324534.html
Relevancy 45.58%

My search engine is being redirected to unrelated sites I have this problem in both Mozilla and Internet Explorer For example when I search for quot Wells Fargo quot the header is correct yet the link address it takes you to Infection Possible Vundo is an advertisement of some sort versus Wells Fargo com Below are my logs Thanks for the help DDS Ver - - - NTFSx Run by Steve Hodges at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Norton Internet Security On-access scanning enabled Updated FW Norton Internet Security enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost Possible Vundo Infection exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Analog Devices Core smax pnp exeC Program Files Java jre bin jusched exeC Program Files Intel Modem Event Monitor IntelMEM exeC Program Files Dell Media Experience PCMService exeC Program Files Musicmatch Possible Vundo Infection Musicmatch Jukebox mm tray exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC WINDOWS System spool DRIVERS W X Possible Vundo Infection E S IC EXEC Program Files HP HP Software Update HPWuSchd exeC WINDOWS system igfxpers exeC Program Files Common Files Real Update OB realsched exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Plaxo PlaxoHelper en exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC WINDOWS system ctfmon exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Sony Sony Picture Utility VolumeWatcher SPUVolumeWatcher exeC Program Files Common Files EPSON EBAPI SAgent exeC Program Files Java jre bin jqs exeC Program Files Norton Internet Security Engine ccSvcHst exeC WINDOWS system svchost exe -k imgsvcC Program Files HP Digital Imaging bin hpqSTE exeC Program Files iPod bin iPodService exeC Program Files Norton Internet Security Engine ccSvcHst exeC Program Files HP Digital Imaging Product Assistant bin hprblog exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Malwarebytes' Anti-Malware mbam exeC Documents and Settings Steve Hodges Desktop dds scr Pseudo HJT Report uStart Page hxxp espn go com uDefault Page URL hxxp www dell me com mywayBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO Symantec NCO BHO adb e- aff- - aa - dac dfa - c program files norton internet security engine coIEPlg dllBHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c program files norton internet security engine IPSBHO DLLBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB amp Google c b - - d - b - a cd f - c program files google googletoolbar dllTB Norton Toolbar febefe - b - - d -ffb d b ca - c program files norton internet security engine coIEPlg dllTB CDD BF- FFB- - AD - DF B D - No FileEB Real com fe fa -d c- d - fa- c f afe - c windows system Shdocvw dlluRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun PlaxoUpdate c program files plaxo PlaxoHelper en exe -auRun ctfmon exe c windows system ctfmon exeuRun updateMgr quot c program files adobe acrobat reader AdobeUpdateManager exe quot AcRdB -reboot uRun PlaxoSysTray c program files plaxo PlaxoSysTray exemRun SoundMAXPnP c program files analog devices core smax pnp exemRun OSCD Creator c dell PreODM EXEmRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun IntelMeM c program files intel modem eve... Read more

A:Possible Vundo Infection

Any help on this yet?

http://www.bleepingcomputer.com/forums/t/194015/possible-vundo-infection/
Relevancy 45.58%

I have been having trouble with a browser redirect virus for quite some time - months AVG free picks it up as Trojan Horse VUNDO JW infection VUNDO.JW tries to clean it requires reboot to finish the actions and upon reboot and rescan then virus is gone The next day when scan finishes the same virus is back I am using AVG Free and also have installed Microsoft Security Essentials and avast which come up clean every time I also have installed MBAM Spybot SUPERAntiSpyware and HiJackThis I no longer have installed Spyware Doctor and several others which I cannot remember their names I have also used VUNDO.JW infection online scanners McAfee and Trend Micro I think All without luck I haven VUNDO.JW infection t seen any successful solution to my problem on the web and require assistance I first thought that the AVG may be a false positive but I am still getting browser redirects Any help would be appreciated The following is a description of what AVG finds C Windows System smss exe memory Trojan horse Vundo JW Moved to virus vaultC Windows System smss exe Trojan horse Vundo JW Reboot is required to finish the actionC Windows System csrss exe memory Trojan horse Vundo JW Moved to virus vaultC Windows System csrss exe Trojan horse Vundo JW Reboot is required to finish the actionC Windows System csrss exe memory Trojan horse Vundo JW Moved to virus vaultC Windows System csrss exe Trojan horse Vundo JW Reboot is required to finish the actionThe following is what Microsoft Security Essentials finds Exploit HTML IframeRef genVirus WIN Alureon fTrojanclicker JS Iframe FThanks Following are DDS and GMER files and attached file Attach zipDDS Ver - - - NTFSx Run by Valued Customer at on Internet Explorer BrowserJavaVersion Microsoft Windows Home Premium GMT - SP Spybot - Search and Destroy disabled Outdated ED FAF- B F- B -ACA - E C DADBE SP SUPERAntiSpyware disabled Updated A C- - e- F- E AC DA Running Processes C Windows system wininit exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC Windows system lsm exeC Program Files AVG AVG avgcsrvx exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSc Program Files Microsoft Security Essentials MsMpEng exeC Windows system atiesrxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system atieclxx exeC Windows system svchost exe -k NetworkServiceC Program Files Alwil Software Avast AvastSvc exeC Windows system Dwm exeC Windows Explorer EXEC Program Files VIA VIAudioi VDeck VDeck exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files Java jre bin jusched exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files AVG AVG avgtray exeC Program Files Logitech Gaming Software LWEMon exeC Program Files Microsoft Security Essentials msseces exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system svchost exe -k apphostC Windows system taskhost exeC Program Files ATI Technologies ATI ACE Core-Static CCC exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files iTunes iTunesHelper exeC Program Files Alwil Software Avast AvastUI exeC Windows system svchost exe -k LocalServiceAndNoImpersonationC Users Valued Customer AppData Local TheWeatherNetwork WeatherEye WeatherEye exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Windows system taskeng exeC Program Files Nero Nero Nero BackItUp NBService exeC Program Files AVG AVG avgnsx exeC Program Files Common Files Nero Nero BackItUp NBService exeC Windows Microsoft NET Framework v Windows Communication Foundation SMSvcHost exeC Windows system IoctlSvc exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC Windows syst... Read more

A:VUNDO.JW infection

Please disregard the above. SInce the middle of last week there has been an update (Microsoft, AVG, ?) and the virus and redirects are no longer happening. There has finally been a fix!!!!!!!!

http://www.bleepingcomputer.com/forums/t/294183/vundojw-infection/
Relevancy 45.58%

Okay - Ima try this again I have ran all The Spyware Virus and Firewall programs as instructed in the preperation guide They deleted alot of other stuff But i still have no solution for this Vundo TR Vundo Gen - I have Renamed hijack this to scanner and here is my log thanks in advanceLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system spoolsv exeC Program Files Avira AntiVir PersonalEdition Classic avguard exeC WINDOWS Explorer EXEC Program Files Avira AntiVir PersonalEdition Classic sched exeC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC Program Files Linksys Wireless-G USB Wireless Network Monitor WLService exeC Program Files Linksys Wireless-G USB Wireless Tr/vundo.gen Infection Network Monitor WUSB Gv exeC WINDOWS RTHDCPL EXEC Program Files Avira AntiVir PersonalEdition Classic avgnt exeC Program Tr/vundo.gen Infection Files Zone Labs ZoneAlarm zlclient exeC Program Files Common Files Real Update OB realsched exeC Program Files jntqn jntqn exeC WINDOWS system svchost exeC Program Files Trend Micro HijackThis Scanner exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http www yahoo com search ie htmlR - HKCU Software Microsoft Internet Explorer Main Start Page http www search com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize www yahoo comR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO bd fecd -d e -f -f -f d c a - a c d- f- f- f- e d dcef db - C WINDOWS system hapmvlsm dll file missing O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C PROGRA Yahoo Common yiesrvc dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - A C CE- B - -A -A E EF B - C WINDOWS system ssqrr dllO - BHO hpWebHelper Class - AAAE A- FFF- - C F- D DCB - C WINDOWS pchealth helpctr Vendors CN Hewlett-Packard L Cupertino S Ca C US plugin WebHelper dllO - BHO TBSB - DC F E- D - - -B F FB - C Program Files DesktopFun Toolbar desktopfuntoolbar dllO - BHO SidebarAutoLaunch Class - F AA - - -B C -A CCDF CBF D - C Program Files Yahoo browser YSidebarIEBHO dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar no name - BFB F - - F -B -AC A - no file O - HKLM Run ftutil rundll exe ftutil dll SetWriteCacheModeO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvSt... Read more

A:Tr/vundo.gen Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum JayStation3 My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java versions.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/112620/trvundogen-infection/
Relevancy 45.58%

Malware has taken over my son's computer Antivirus Pop-Ups for Virus Stopzilla etc DDS Ver - - - NTFSx NETWORK Run by User at on Sun Internet Explorer Microsoft Windows XP Professional GMT - AV Avanquest VirusScanner Pro On-access scanning disabled Updated AV Verizon Internet Security Suite Anti-Virus On-access scanning disabled Outdated FW Verizon Internet Security Suite Firewall disabled Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS system svchost exe -k netsvcs C WINDOWS system svchost exe -k NetworkService C Infection Vundo? - WINDOWS system svchost exe -k LocalService C WINDOWS system ZCfgSvc exe C WINDOWS Explorer EXE C Program Files Internet Explorer iexplore exe C Documents and Settings User Desktop dds scr C WINDOWS system wbem wmiprvse exe Infection - Vundo? Pseudo HJT Report uSearch Page hxxp www google com uSearch Bar hxxp www Infection - Vundo? google com ie mDefault Search URL hxxp www google com Infection - Vundo? ie uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie mWinlogon Userinit c windows system userinit exe c windows system sdra exe BHO f c- b - a - f -b d b b - c windows system vujanumi dll BHO PopKill Class c ea -e a - e -a -d b c a - c program files verizon verizon internet security suite pkR dll BHO b a b f-a - faa- - a b b a - - -aaf - af b a b - c windows system pczgnk dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Google Dictionary Compression sdch c d fe-e d- -bb - c e e c e - c program files google google toolbar component fastsearch B E dll TB Zango e bacf - e - e - - d e - TB amp Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dll EB cfc b- d f- -bae -b ba ee acc - Zango Information Window EB a cddcdc-beeb- -a - f e ceee - ShopperReports EB amp Discuss bdeade f-c - d -bced- a c ab f - shdocvw dll uRun ctfmon exe c windows system ctfmon exe uRun PhotoShow Deluxe Media Manager c progra nero data xtras mssysmgr exe uRun Aim quot c program files aim aim exe quot d locale en-US ee aol imApp uRun swg c program files google googletoolbarnotifier GoogleToolbarNotifier exe uRun AdobeUpdater c program files common files adobe updater AdobeUpdater exe uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun system tool c windows sysguard exe mRun ATIPTA c program files ati technologies ati control panel atiptaxx exe mRun ZCfgSvc exe c windows system ZCfgSvc exe mRun PRONoMgr exe c program files intel ncs proset PRONoMgr exe mRun Broadcom Wireless Manager UI c windows system WLTRAY exe mRun NeroFilterCheck c windows system NeroCheck exe mRun lxdimon exe quot c program files lexmark - series lxdimon exe quot mRun lxdiamon quot c program files lexmark - series lxdiamon exe quot mRun FaxCenterServer quot c program files lexmark fax solutions fm exe quot s mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun VerizonServicepoint exe quot c program files verizon vsp VerizonServicepoint exe quot AUTORUN mRun faviyamove Rundll exe quot c windows system bovufotu dll quot s mRun VirusScannerPro c progra avanqu fix-it MemCheck exe mRun aebe rundll exe quot c windows system tadezuzu dll quot b mRun CPM b d Rundll exe quot c windows system tahidazu dll quot a uExplorerRun svcho c windows svcho exe uPolicies-explorer NoWindowsUpdate x uPolicies-explorer NoThemesTab x uPolicies-system NoDispAppearancePage x uPolicies-system NoColorChoice x uPolicies-system NoSizeChoice x uPolicies... Read more

A:Infection - Vundo?

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/213001/infection-vundo/
Relevancy 45.58%

Hi guys This first came to my attention today when I noticed the red microsoft security center icon on my taskbar which on further inspection was alerting me that automatic updates were disabled I was unable to re-enable it through the security center or through the control panel Additionally popup windows started to show up when I'd use my web browser A system scan with McAfee uncovered nothing A subsequent scan with SpySweeper uncovered Virtumonde which I quarantined SpySweeper required that I restart the computer and when I did so it indicated prior vundo!grb infection to loading Windows that it was not the exact words performing an early file delete When Windows loaded McAfee alerted me to a threat which it identified as vundo grb and my problems continued as I described above despite a repeat scan with SpySweeper Also when my computer was logging off during the system restart prompted by SpySweeper I got numerous error messages from explorer exe Here's the DDS file DDS Ver - - - NTFSx Run by Kareem Walid Shehab at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C Program Files Webroot Spy Sweeper WRConsumerService exe C WINDOWS system Ati evxx exe C WINDOWS vundo!grb infection system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system svchost exe -k imgsvc C Program Files Webroot Spy Sweeper SpySweeper exe c PROGRA mcafee com agent mcagent exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Java jre bin jusched exe C Program Files Synaptics SynTP SynTPLpr exe C WINDOWS system wscntfy exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system spool drivers w x hpztsb exe C WINDOWS system WLTRAY exe C Program Files Google Google Desktop Search GoogleDesktop exe C WINDOWS system rundll exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Microsoft ActiveSync WCESCOMM EXE C WINDOWS system ctfmon exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Google Google Desktop Search GoogleDesktop exe c PROGRA mcafee msc mcshell exe C Program Files Mozilla Firefox firefox exe C Program Files Webroot Spy Sweeper SSU EXE C PROGRA McAfee MSC McLgView exe C Program Files Logitech MouseWare system em exec exe C Documents and Settings Kareem Walid Shehab Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf mDefault Page URL hxxp verizon yahoo com mStart Page hxxp verizon yahoo com uInternet Settings ProxyOverride local uSearchURL Default hxxp www google com keyword s mSearchAssistant hxxp www google com ie uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO IE pro BHO -e - df-a - fcd b bf - c program files ie pro IE pro dll BHO ffff c fbb c- - a e- d - ddf c d - c windows system sdvoagfl dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BH... Read more

A:vundo!grb infection

Please open Notepad >> Go to Format tab >> untick Word WrapPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/199197/vundogrb-infection/
Relevancy 45.58%

My antivirus caught these Vundo B Vundo MD and vundo infection possible supposedly possible vundo infection cleaned them Since then I can not access google bookmarks and when I click on an item that I have searched on google I go to some random page Usually something about searchclick or mfeed search I also get a popup from google toolbar every few minutes or so saying that the secure connection failed and www google com uses an invalid security certificate I have tried a few things that others have suggested elsewhere but all the scans come up empty I am hoping someone here with more knowledge than I can help Here is the contents of the dds txt log DDS Ver - - - NTFSx Run by Owner at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Microsoft Security Essentials On-access scanning enabled Updated BCF -A - -AEDE-D FCBCFCDF AV Norton AntiVirus On-access scanning disabled Outdated B F F- E - F -A - BC C FW Norton Internet Security enabled E - F - possible vundo infection - - B AF B Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exec Program Files Microsoft Security Essentials MsMpEng exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exeC WINDOWS Explorer EXEsvchost exeC WINDOWS system spoolsv exeC WINDOWS possible vundo infection system dla tfswctrl exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS System CTsvcCDA exeC Program Files Java jre bin jqs exeC PROGRA COMMON INSTAL UPDATE issch exeC WINDOWS system PSIService exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC Program Files Logitech iTouch iTouch exeC Program Files Winamp winampa exeC Program Files Dell Media Experience PCMService exeC Program Files Logitech MouseWare system em exec exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files Microsoft Security Essentials msseces exeC WINDOWS system ctfmon exeC Program Files Logitech Desktop Messenger Program BackWeb- exeC Program Files ViiKiiDesktopPlugin ViiKiiDesktopPlugin exeC WINDOWS System svchost exe -k imgsvcC WINDOWS System MsPMSPSv exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exe -k HTTPFilterC WINDOWS system rundll exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Owner Desktop dds scr Pseudo HJT Report uStart Page hxxp able kbs co kr live index htmluSearch Bar hxxp red clientapps yahoo com customize ie defaults sb ymsgr http www yahoo com ext search search htmluSearchMigratedDefaultURL hxxp search yahoo com search p searchTerms amp ei utf- amp fr b ie mSearch Bar hxxp red clientapps yahoo com customize ie defaults sb ymsgr http www yahoo com ext search search htmluInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyOverride localhostuSearchURL Default hxxp red clientapps yahoo com customize ie defaults su ymsgr http www yahoo commWinlogon Userinit c windows system userinit exe c windows system sdra exe BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO F C- C- E-A - AADD - No FileBHO CA F - F E- B -A E- E E C C - No FileBHO B CA - A - D -A DF- BB - No FileBHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dllBHO fcc - dc- d - d - e d e - No FileBHO E D - A- EC-A -BA D E E - No FileBHO BFA- C - EF-BCDA- C E EF - No FileBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO b d-dd - e - c -c ba a f - No FileBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllBHO FDD B - D - ffb- - B AD ACC - No FileTB Veoh Web Player Video Finder fbb -d d - f a-a e - b bfc - c program files veoh networks veohwebplayer VeohIETool... Read more

A:possible vundo infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/300076/possible-vundo-infection/
Relevancy 45.58%

For a while my boss has let his son come into the office after hours and use one of Vundo.JD please - help infection our desktop computers ostensibly for homework and the like However it seems he's been doing more than homework with it AVG detects Trojan horse Vundo JD in the following locations C Windows System csrss exe memory C Windows System csrss exe C Program FIles Dell Support Center gs agent custom dsca exe memory C Program FIles Dell Support Center gs agent custom dsca exe Initially when I went to use the machine I received the 'Windows cannot locate logon exe' message on startup I have since edited the appropriate key in the registry to stop the shell from looking for logon exe and ZoneAlarm had been removed I reinstalled ZoneAlarm and this morning I physically disconnected the machine from the internet On opening Task Manager the dsca exe file is shown using of the CPU This is a Win XP Pro machine with SP installed I have access to the Windows install CDs that came with the machine from Dell Here is the DDS log Vundo.JD infection - please help from Vundo.JD infection - please help yesterday afternoon DDS Ver - - - NTFSx Run by Jeff at on Wed Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF FW ZoneAlarm Firewall enabled BDA - B - F - -F FCFF F B Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe svchost exe svchost exe C Program Files AVG AVG avgcsrvx exe C WINDOWS SYSTEM ZoneLabs vsmon exe C WINDOWS system spoolsv exe svchost exe C Program Files AVG AVG avgwdsvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system RioMSC exe C Program Files Dell Support Center bin sprtsvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files AVG AVG avgnsx exe C WINDOWS Explorer EXE C Program Files Intel Modem Event Monitor IntelMEM exe C WINDOWS system dla tfswctrl exe C WINDOWS System DSentry exe C Program Files Dell Support Center gs agent custom dsca exe C Program Files QuickTime qttask exe C PROGRA AVG AVG avgtray exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS System svchost exe -k HTTPFilter C Program Files DellSupport DSAgnt exe C WINDOWS system wuauclt exe C Documents and Settings Jeff Desktop dds scr Pseudo HJT Report uInternet Settings ProxyServer http uInternet Settings ProxyOverride lt local gt mSearchAssistant hxxp www google com ie uURLSearchHooks H - No File uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO - f - d - - d f - c progra spybot SDHelper dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll TB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dll TB C E A- F - E-B E- B - No File EB BBE - E - D -AD - D AD - No File EB - a - b-a - c a a - No File uRun DellSupport quot c program files dellsupport DSAgnt exe quot startup uRun updateMgr quot c program files adobe acrobat reader AdobeUpdateManager exe quot AcRdB -reboot uRun DellSupportCenter quot c program files dell support center bin sprtcmd exe quot P DellSupportCenter mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun IntelMeM c program files intel modem event monitor IntelMEM exe mRun dla c windows system dla tfswctrl exe mRun DVDSentry c windows system DSentry exe mRun UpdateManager quot c program files common files sonic update manager sgtray exe quot r mRun dscactivate quot c program files dell support center gs agent custom dsca exe quot mRun QuickTime Task quot c program files quicktime qttask exe quot -atboottime mRun DellSupportCenter quot c program files dell support center ... Read more

A:Vundo.JD infection - please help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/vundo-jd-infection-please-help-446862.html
Relevancy 45.58%

Hello I am running CA Antivirus and it doesn t appear to be controling a Vundo Trojan While it captures stuff when I do a scan the problems reoccur when I reboot I have run Hijack this and the log is below Any help really appreciated Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services Infection Vundo exe C WINDOWS system lsass exe C WINDOWS system Vundo Infection svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system brsvc a exe C WINDOWS system brss a exe C WINDOWS system spoolsv exe C Program Files CA SharedComponents HIPSEngine UmxCfg exe C Vundo Infection Program Files CA SharedComponents HIPSEngine UmxPol exe C Program Files CA SharedComponents HIPSEngine UmxAgent exe C WINDOWS system svchost exe C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Program Files CA CA Internet Security Suite CA Anti-Virus Plus caamsvc exe C Program Files CA CA Internet Security Suite CA Anti-Virus Plus isafe exe C Program Files CA CA Internet Security Suite ccschedulersvc exe C Program Files Java jre bin jqs exe C Program Files Google Update GoogleUpdate exe C Program Files Kontiki KService exe C Program Files Common Files Logishrd LVMVFM LVPrcSrv exe C Program Files Maxtor Sync SyncServices exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system svchost exe C WINDOWS System alg exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C WINDOWS RTHDCPL EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Maxtor OneTouch Status maxmenumgr exe C Program Files Kontiki KHost exe C Program Files CA CA Internet Security Suite casc exe C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe C Program Files Common Files Nikon Monitor NkMonitor exe C Program Files Common Files Java Java Update jusched exe C program files real realplayer update realsched exe C Program Files MagicMus MulMouse exe C Program Files Logitech LWS Webcam Software LWS exe C WINDOWS system ctfmon exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Logitech Vid HD Vid exe C Program Files Audible Bin AudibleDownloadHelper exe C Program Files Nikon PictureProject NkbMonitor exe C Program Files WinZip WZQKPICK EXE C Program Files CA CA Internet Security Suite ccprovsp exe C Program Files Common Files ArcSoft Connection Service Bin ArcCon ac C Program Files Sony Sony Picture Utility PMBCore SPUVolumeWatcher exe C Program Files MagicMus MagicWl exe C Program Files Logitech LWS Webcam Software CameraHelperShell exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files Microsoft Office OFFICE OUTLOOK EXE C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files Common Files Java Java Update jucheck exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C WINDOWS explorer exe C Program Files CA CA Internet Security Suite ccEvtMgr exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files CA CA Internet Security Suite caschelp exe C Documents and Settings Mum amp Dad Desktop HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM ... Read more

Relevancy 45.58%

My computer is a Dell Precision M laptop running WindowsXP PRO SP Pentium M GHz MB RAM GB HD Vundo Infection with partitions GB OS GB data GB other data I have McAfee VirusScan Enterprise on my system It has begun detecting various items in the past few days but the Vundo Infection most frequent was Vundo When it was found in the System directory as lt random name gt dll McAfee could delete the file however when it was in the Temporary Internet Files folder McAfee choked and said quot move failed quot When I looked at that location the file was still there I could delete the files manually but they kept coming Vundo Infection back I found this forum and followed the instructions in topic the preparation guide Since I have done the first steps and rebooted McAfee has stopped complaining but I want to make sure the problem is gone Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system S EvMon exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system spoolsv exe C WINDOWS system ZCfgSvc exe C Program Files MonitorWare Agent mwagent exe C Program Files Cisco Systems VPN Client cvpnd exe C WINDOWS system inetsrv inetinfo exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files Network Associates VirusScan mcshield exe C Program Files Network Associates VirusScan vstskmgr exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system nvsvc exe C Barco DataServices oraDb g BIN TNSLSNR exe c barco dataservices oradb g bin ORACLE EXE C WINDOWS Explorer EXE C Program Files TrippLite PowerAlert engine pa exe C WINDOWS system RegSrvc exe C WINDOWS UMCSTUB EXE C WINDOWS system carpserv exe C Program Files Apoint Apoint exe C Program Files Network Associates VirusScan SHSTAT EXE C Program Files Network Associates Common Framework UpdaterUI exe C Program Files Common Files Network Associates TalkBack tbmon exe C Program Files QuickTime qttask exe C Program Files Apoint Apntex exe C Program Files TrippLite PowerAlert console pastatus exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files ThinPrint Client Thnclnt exe C WINDOWS System svchost exe C Program Files Internet Explorer iexplore exe C Program Files Mozilla Firefox firefox exe C WINDOWS system taskmgr exe C Documents and Settings JEAH Desktop Cleaning tools HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy barco com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride net barco com barco barco com lt local gt O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - A E DD- A - BC- F -C DEABC - C WINDOWS system pmnljkj dll file missing O - HKLM Run CARPService carpserv exe O - HKLM Run Apoint C Program Files Apoint Apoint exe O - HKLM Run PRONoMgr exe C Program Files Intel NCS PROSet PRONoMgr exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe installquiet O - HKLM Run ShStatEXE quot C Program Files Network Associates VirusScan SHSTAT EXE quot STANDALONE O - HKLM Ru... Read more

A:Vundo Infection

Looks like you got Vundo but not sure about anotherPlease download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We?ll get them next step.Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm============================Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)? Install ewido.? Run the application? Clickon scanner? then select the "Settings" tab.? Once in the Settings screen click on "Recommended actions" and then select "Delete".? Select "Automatically generate report after every scan"? Un-Select "Only if threats were found"? Click Complete System Scan and the scan will begin.? When the scan is finished, Set all items to delete? Apply all actions? look at the bottom of the screen and click the Save report button.? Save the report to your C: DriveThis will take some time to run!RE-BootPost that log and a new HiJack log

http://www.bleepingcomputer.com/forums/t/62920/vundo-infection/
Relevancy 45.58%

I had started this in another thread but had never gotten a response and wanted to see if Vundo Infection! Please Help anyone could provide any better insight to this issue than I am able to do Here is the link to the original thread - http forums techguy Vundo Infection! Please Help org malware-removal-hijackthis-logs -help-really-nasty-trojan html This thread has the inital HJT logs as well as the log for Anti-Malware from the inital cleaning As of now I have cleaned the system with Anti-Malware SUPERAntiSpyware and as suggested by other threads with similar problems ComboFix The scans are now coming up clean - but the system is very slow and plagued with Explorer critical errors random restarts and serious system errors The restarts happen at random but also occur almost immediately after starting graphic intensive programs - specifically Adobe Photoshop Adobe Premiere CS World of Warcraft and World of Warcraft Wraith of the Lich King beta clients Restarts triggered by these programs Vundo Infection! Please Help generally occur with - seconds of the program Vundo Infection! Please Help being completely loaded but no longer than When Windows loads after a restart I get between - error messages saying that the system experienced a quot Serious Error quot I do quite a bit image and video editing as well as being a bit of a gamer so any assistance clearing up these issues will be greatly appreciated The HJT log for the current state of the machine is below Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe c Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS system Ati evxx exe c Program Files Common Files Symantec Shared ccEvtMgr exe c Program Files Common Files Symantec Shared ccProxy exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE c Program Files Norton Internet Security Norton AntiVirus navapsvc exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS system IoctlSvc exe C WINDOWS System spool DRIVERS W X HPZIPM EXE C WINDOWS system svchost exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C WINDOWS ARPWRMSG EXE C Program Files DISC DISCover exe C Program Files DISC DiscUpdateMgr exe C Program Files Sonic DigitalMedia Plus DigitalMedia Archive DMAScheduler exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS eHome ehmsas exe C Program Files DISC DiscGui exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Common Files Real Update OB realsched exe C HP KBD KBD EXE C SCANJET PrecisionScanPro HPLamp exe C Program Files eFax Messenger J GDllCmd exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Program Files Common Files Nero Lib NMIndexingService exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Updates from HP Program Updates from HP exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C Program Files DISC DiscStreamHub exe c Program Files Common Files Symantec Shared SNDSrvc exe C WINDOWS ALCXMNTR EXE C Program Files ATI Technologies ATI Control Panel atiptaxx exe c windows system hpsysdrv exe C Program Files Java jre bin jusched exe C Program Files Java jre bin jucheck exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS Microsoft NET Framework v Windows Communication... Read more

https://forums.techguy.org/threads/vundo-infection-please-help.750461/
Relevancy 45.58%

I think I have a vundo infection Please help HJT file Logfile of Trend Micro HijackThis v Scan saved at PM on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Acer eManager Vundo Infection anbmServ exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system CTsvcCDA EXE C Program Files Nero Nero InCD InCDsrv exe C PROGRA McAfee Vundo Infection MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee com Agent mcagent exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system HPZipm exe C Program Files Dantz Retrospect retrorun exe C PROGRA Dantz RETROS wdsvc exe C Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C WINDOWS system WDBtnMgr exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Launch Manager QtZgAcer EXE C WINDOWS system rundll exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C WINDOWS AGRSMMSG exe C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Nero Nero InCD NBHGui exe C Program Files Nero Nero InCD InCD exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files Common Files Ahead Lib NMBgMonitor exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Logitech SetPoint SetPoint exe C Program Files Nikon PictureProject NkbMonitor exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C Program Files acer eRecovery Monitor exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files Mozilla Firefox firefox exe C Program Files Yahoo Widgets YahooWidgetEngine exe C Program Files Yahoo Widgets YahooWidgetEngine exe C Program Files Yahoo Widgets YahooWidgetEngine exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http global acer com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AIM Toolbar aoltb dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AIM Toolbar aoltb dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar AIM Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AIM Toolbar aoltb dll O - HKLM Run WD Button Manager WDBtnMgr exe O - HKLM Run SynTPLpr C Program Files Sy... Read more

A:Vundo Infection

What makes you think you are infected with Vundo?

Welcome to TSG
 

https://forums.techguy.org/threads/vundo-infection.745709/
Relevancy 45.58%

Hi I am fairly certain that I have the Vundo virus on my system and may have several other's as well So far I have ran a Symantec Virus scan which was unable to remove everything a Spybot Search amp Destroy scan which revealed and cleaned several items including a Virtumundo file I also ran an avast pre-boot scan and it found one file which is listed last below and have attached the log from that Finally I ran the VundoFix exe application which has been posted on here a few times That found one file but was unable to remove it I included the log from that scan Finally I attached my HijackThis log Thanks for your help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC Vundo Infection WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Intel Wireless Vundo Infection Bin S EvMon exeC Program Files Intel Vundo Infection Wireless Bin WLKeeper exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Vundo Infection Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell QuickSet NICCONFIGSVC exeC WINDOWS system HPZipm exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Spyware Doctor svcntaux exeC Program Files Spyware Doctor swdsvc exeC WINDOWS system svchost exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS system SearchIndexer exeC Program Files Spyware Doctor SDTrayApp exeC WINDOWS system wbem wmiprvse exeC WINDOWS stsystra exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system dla tfswctrl exeC Program Files Microsoft IntelliPoint point exeC PROGRA SYMANT VPTray exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Alwil Software Avast ashMaiSv exeC WINDOWS system wbem wmiprvse exeC Program Files Alwil Software Avast ashWebSv exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Creative Shared Files CTSched exeC Program Files Creative Creative Live Cam VideoFX StartFX exeC Program Files iTunes iTunesHelper exeC WINDOWS System alg exeC Program Files Dell QuickSet Quickset exeC WINDOWS troy exeC PROGRA ALWILS Avast ashDisp exeC WINDOWS system ctfmon exeC Program Files DellSupport DSAgnt exeC Program Files Symantec AntiVirus DoScan exeC Program Files The Weather Channel FW Desktop Weather DesktopWeather exeC WINDOWS system wuauclt exeC Program Files AIM aim exeC Program Files Digital Line Detect DLG exeC Program Files Windows Desktop Search WindowsSearch exeC WINDOWS system SearchProtocolHost exeC Program Files AIM aolsoftware exeC Program Files Spruce X Spruce exeC Program Files Intel Wireless Bin Dot XCfg exeC Program Files Mozilla Firefox firefox exeC Program Files iPod bin iPodService exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiapsrv exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC Program Files AIM... Read more

A:Vundo Infection

I think I may have cleaned up my system on my own, but I'm not completely sure.Here's an updated log if someone is able to just check it over for any other potential problemsThanks for your help!-------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:40 PM, on 12/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Creative\Shared Files\CTSched.exeC:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Dell\QuickSet\Quickset.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\Spruce\X_Spruce.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\... Read more

http://www.bleepingcomputer.com/forums/t/123260/vundo-infection/
Relevancy 45.58%

Hi I have run all of the tools in the startup instructions Of the three on-line products suggested Bit Defender was the only one I could get to work on my computer Ad-Aware found virtumonde and I think it was spybot that found Trogen Agentbypass E and also sniffs of vundo BitDefender also found vundo It seems to be more aware of this one than the others I have run all of these over and over sometimes in safe mode and others in regular mode In a number of cases the tools said they could fix part of the problem but usually not all Sometimes I have been able to use BCWipe on a reboot to get rid of what the anti-virus tools could not This usually results in dll load errors on re-start that I have been able to fix by disabling them in the registry I think with Autoruns or using msconfig I'm no expert so I am already scaring myself to death Because I already have McAfee which by the way has no Infection Vundo clue I have not run stinger Is it any better than what I already pay for from McAfee shouldn't be The last two times I ran Bit Defender it came up clean but I can Vundo Infection see in the startup log that some of what it complained about and said it couldn't fix is still there For example I still see uvjjiwel dll in the startup log Another item I have had problems with is mllji dll which keeps installing itself as a browser helper even after I disable it It also comes up in autoruns listed as an LSA no matter how many times I try to disable it It just keeps adding new entries as I uncheck the ones that are there after I refresh Another file I have had trouble with ispmnonmn dll but I think I tricked BCWipe into wiping it on startup It seems this vundo thing replicates itself under a new name each time it runs sometimes putting a dll in system and sometimes in the user's temporary directory I have logged into an account that has files other user's can't see only to get an error when logging into one of those other accounts saying there is a dll file that can't load from that user's temporary internet files This 'error' goes away by itself if you re-boot a couple of times I have clamped down my McaFee firewall and real-time virus protecton and it keeps complaining that somthing is trying to mess with my zones I could be doing nothing but reading a web page and this will just happen out of nowhere I was using BCWipe to wipe temporary internet files in hopes of zapping whatever this thing keeps lying around but I have stopped doing that lately The thing always seems to keep just one step ahead of me I havn't seen the pop-ups lately trying to get me to buy bogus anti-virus software however if I don't disable the mllji dll browser helper each time I boot before trying to use IE I end up being redirected and sometimes I end up with nothing on my screen except a frozen IE all my icons and the system bar dissapear Sometimes they just flash and it all comes back again Anyway here is my HJT Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files Analog Devices Core smax pnp exeC PROGRA McAfee VIRUSS mcshield exeC Program Files Java j re bin jusched exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Real RealPlayer RealPlay exeC Program Files McAfee MPF MPFSrv exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Dell Media Experience DMXLauncher exe... Read more

A:Vundo Infection

Hello FRLYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

http://www.bleepingcomputer.com/forums/t/122095/vundo-infection/
Relevancy 45.58%

Hi,
I am visiting my mom and apparently her computer has Vundo in several variations.
I am not familiar with all the steps she has gone through to try to remove it, so I am a bit in the dark here.
I know they tried AVG and it appears they then uninstalled it. They currently have Spybot search and destroy on the machine. They have run it several times and each time, it indicates that it removed it, but on reboot, it is back.

I have downloaded the Malware bytes and it is currently scanning my computer. Once I have it finish scanning and remove anything it finds, what else do I need to do to finally be rid of this?

Thanks,
Lori

A:Vundo infection

Hello bigblueogre..... First post back the MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Next run these 2 from your regular user account.ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".SASPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with SUPERAntiSpyware as follows:Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.

http://www.bleepingcomputer.com/forums/t/197126/vundo-infection/
Relevancy 45.58%

My antispyware programs keep Vundo Possible Infection finding the Vundo virus on my system Occasionally the system slows down and either a strange pop-up appears or Explorer opens to a blank page On one occasion Malewarebytes quit loading and I had trouble Possible Vundo Infection redownloading it it works at Possible Vundo Infection this point Malwarebytes and SuperAnti only seem Possible Vundo Infection to temporarily take care of the problem Any advice or help in permanently removing this will be greatly appreciated Thanks in advance jkDDS File DDS Ver - - - NTFSx Run by jkoziol at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exesvchost exesvchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC PROGRA AVG AVG avgrsx exeC Program Files Common Files Intuit Update Service IntuitUpdateService exeC Program Files Intel Wireless Bin ZcfgSvc exeC PROGRA Intel Wireless Bin XConfig exeC Program Files Java jre bin jqs exeC WINDOWS system Ati evxx exeC Program Files CDBurnerXP NMSAccessU exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Intel Wireless Bin ifrmewrk exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS System DLA DLACTRLW EXEC Program Files Adobe Acrobat Distillr Acrotray exeC WINDOWS System spool DRIVERS W X RPDFLchr exeC PROGRA AVG AVG avgtray exeC WINDOWS Domino exeC Program Files Lexmark Series lxcrmon exeC Program Files Lexmark Series ezprint exeC WINDOWS system LVCOMSX EXEC Program Files Logitech Video LogiTray exeC Program Files Common Files Java Java Update jusched exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system ctfmon exeC Program Files DNA btdna exeC WINDOWS system lxcrcoms exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files TechSmith SnagIt TSCHelp exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS explorer exeC Program Files Mozilla Firefox firefox exeC My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp cnn com uURLSearchHooks Freecorder Toolbar b d - c - f-a f -b f a - c program files freecorder tbFre dllBHO HelperObject Class c d-c - c - -fce ad c - c program files techsmith snagit SnagItBHO dllBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO Freecorder Toolbar b d - c - f-a f -b f a - c program files freecorder tbFre dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO C D FE-E D- -BB - C E E C E - No FileBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB Adob... Read more

A:Possible Vundo Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/289687/possible-vundo-infection/
Relevancy 45.58%

Pop ups keep happening about working from home or making money from google I also have no use of some of the items on my desktop or some programs I cannot get into DDS Ver - - - NTFSx Run by Monica at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch SVCHOST EXE C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe SVCHOST EXE SVCHOST EXE C WINDOWS system spoolsv exe C Program Vundo Infection Files AVG AVG avgcsrvx exe SVCHOST EXE C PROGRA COMMON AOL ACS AOLacsd exe C Program Files AVG AVG avgwdsvc exe Vundo Infection C WINDOWS system CTsvcCDA exe C Program Files Java jre bin jqs exe C WINDOWS system svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C Program Files AVG AVG avgnsx exe C WINDOWS wanmpsvc exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C Program Files Java jre bin jusched exe C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Real RealPlayer RealPlay exe C Program Files Dell Photo AIO Printer dlbxmon exe C WINDOWS system igfxpers exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Creative Creative ZEN ZEN Media Explorer CTCheck exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Fisher-Price Computer Cool School FPCCSMiddleware exe C PROGRA AVG AVG avgtray exe C Program Files DellSupport DSAgnt exe C Program Files AIM aim exe C Program Files Google Google Desktop Search GoogleDesktop exe C WINDOWS system dlbxcoms exe C Program Files Microsoft IntelliType Pro dpupdchk exe C Program Files Creative Sync Manager Unicode CTSyncU exe C Program Files PayPal Payment Wizard PaypalOE exe C Program Files Common Files Intuit QuickBooks QBServerUtilityMgr exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files OpenOffice org program soffice exe C Program Files OpenOffice org program soffice bin c program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exe c program files common files aol ee aolsoftware exe C Program Files AIM aolsoftware exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Monica Desktop dds scr Pseudo HJT Report uStart Page hxxp today ask com frostwire o amp l dis uSearch Page hxxp www google com uDefault Page URL hxxp www dell me com myway uSearch Bar hxxp bfc myway com search de srchlft html mDefault Page URL hxxp www dell me com myway mStart Page hxxp www dell me com myway uInternet Connection Wizard ShellNext iexplore uSearchURL Default hxxp www google com keyword s mSearchAssistant hxxp www google com ie uURLSearchHooks AOLSearchHook Class eb ea-e be- cfd- f f-c a c eafa - c program files aol search AOLSearch dll uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll uURLSearchHooks H - No File uURLSearchHooks H - No File uURLSearchHooks H - No File uURLSearchHooks H - No File mURLSearchHooks AIM Toolbar Search Class f - dc - -bc - e fefafe - c program files aim toolbar aimtb dll mURLSearchHooks AOLSearchHook Class eb ea-e be- cfd- f f-c a c eafa - c program files aol search AOLSearch dll mURLSearchHooks H - No File mWinlogon Userinit c windows system vvgeowbv exe c windows system userinit exe uWinlogon Userinit c windows system vvgeowbv exe c windows system userinit exe BHO Yahoo Companion BHO d -c f - efb- b - eca - c program files yahoo companion installs cpn ycomp dll BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AOLSearchHook Class eb ea-e be- cfd- f f-c a c eafa - c program ... Read more

A:Vundo Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/268110/vundo-infection/
Relevancy 45.58%

I have a troj vundo bco infection and would Infection Vundo like some help Below is my hijackthis report Thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Vundo Infection Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode with network supportRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system igfxsrvc exeC hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www dell comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main First Home Page http www dell comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride O - BHO MyWebSearch Search Assistant BHO - A FAF - E- cf- - F A D - C Program Files MyWebSearch SrchAstt bin MWSSRCAS DLL file missing O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dllO - BHO mwsBar BHO - B EA -A - -B BB- DE CCA - C Program Files MyWebSearch bar bin MWSBAR DLLO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO no name - C C -F F- C F- BB- B E C - C WINDOWS system ddcyx dll file missing O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - Toolbar My Web Search - B EA -A - -B BB- DE CCA - C Program Files MyWebSearch bar bin MWSBAR DLLO - HKLM Run Apoint quot C Program Files Apoint Apoint exe quot O - HKLM Run Document Manager quot C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exe quot O - HKLM Run DLA C WINDOWS System DLA DLACTRLW EXEO - HKLM Run ISUSPM Startup quot C PROGRA COMMON INSTAL UPDATE ISUSPM exe quot -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run MVS Splash quot C Program Files McAfee Managed VirusScan Agent Splash exe quot O - HKLM Run McAfee Managed Services Tray quot C Program Files McAfee Managed VirusScan Agent myagttry exe quot O - HKLM Run SigmatelSysTrayApp stsystra exeO - HKLM Run igfxtray C WINDOWS system igfxtray exeO - HKLM Run igfxhkcmd C WINDOWS system hkcmd exeO - HKLM Run igfxpers C WINDOWS system igfxpers exeO - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet WirelessO - HKLM R... Read more

A:Vundo Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum 1bighairywookie My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.*NOTE*In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/113695/vundo-infection/
Relevancy 45.58%

Running Windows XP version service pack Antivirus Software Running McAfee Spybot S amp D HijackThis Teatimer WinPatrol Problem multiple dll files are bing generated and trying to ad themselves Infection Vundo as auto Vundo Infection Startup Programs plagued by popups and link hijacks sample winpatrol alert A new auto Startup Program has been detected This program will run each time you login or restart your machine Do you approve the addition of this program startup setting Press YES if this program is expected and acceptable c windows system dulojeni dll a No Description found Company name not included in this program DDS text log DDS Ver - - - NTFSx Run by Owner at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system brsvc a exe C WINDOWS system LEXBCES EXE C WINDOWS system brss a exe C WINDOWS system LEXPPS EXE C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C WINDOWS system agrsmsvc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files Norton SystemWorks Norton Utilities NPROTECT EXE C WINDOWS system nvsvc exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C PROGRA NORTON SPEEDD nopdb exe C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C WINDOWS system svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C WINDOWS system SearchIndexer exe c PROGRA mcafee com agent mcagent exe C WINDOWS system dllhost exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files BillP Studios WinPatrol winpatrol exe C Program Files DriveIcon DriveIcon exe C Program Files Java jre bin jusched exe C Program Files QuickTime QTTask exe C Documents and Settings Owner Serenity Local Settings Application Data Google Update GoogleUpdate exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system ctfmon exe C Program Files Windows Desktop Search WindowsSearch exe C Documents and Settings Owner Serenity Local Settings Application Data Google Update GoogleCrashHandler exe C Program Files Java jre bin jucheck exe C Program Files Common Files Adobe Updater AdobeUpdater exe C Documents and Settings Owner Serenity Local Settings Application Data Google Chrome Application chrome exe C Program Files Common Files Real Update OB realsched exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system NOTEPAD EXE C Documents and Settings Owner Serenity Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Owner Serenity Local Settings Application Data Google Chrome Application chrome exe C WINDOWS system SearchProtocolHost exe C Documents and Settings Owner Serenity My Documents Downloads dds scr Pseudo HJT Report uSearch Bar hxxp www google com ie uSearch Page hxxp www google com uInternet Connection Wizard ShellNext hxxp www gateway com g startpage html Ch Retail amp Br GTW amp Loc ENG US amp Sys PTB amp M MX uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Spybot-S amp D IE Protection - f - d - - d f - c p... Read more

A:Vundo Infection

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%systemdrive%\*.exe
%systemroot%\system32\drivers\*.sys


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.

http://www.bleepingcomputer.com/forums/t/269617/vundo-infection/
Relevancy 45.58%

Hi last week my Norton Vundo Infection Antivirus subscription expired and I was a couple of days slow replacing it with Norton Internet Security I had assumed that the Norton Antivirus virus would keep me protected but in those days by coincidence or not I picked up the Vundo Virus I am getting loads of nuisance Rundll missing dat file error messages at start-up and when I go to Firefox I ve run a full Norton scan and it doesn t detect it and yet it throws up Vundo alerts during a session which I have to remove and reboot but they keep coming back again It has turned off my email scanning and won t let Norton fix it I ve been to the Norton help desk and they reinstalled Norton INS times but still the Vundo Infection Norton comes back contaminated as soon as I reboot My main machine is a PC Dell Dimension c running Windows XP SP I also have wireless laptops running of the IN hub These seem to be OK I read you wanted background I hope I haven t rambled on I can t thank you enough for your help Here s my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA exe C Program Files Google Update GoogleUpdate exe C Program Files Intel Intel Matrix Storage Manager Iaantmon exe C Program Files Java jre bin jqs exe C Program Files Kontiki KService exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Program Files Norton Internet Security Engine ccSvcHst exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS System PAStiSvc exe C WINDOWS system svchost exe C WINDOWS system wdfmgr exe C WINDOWS System alg exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files iPod bin iPodService exe C WINDOWS Explorer EXE C Program Files Norton Internet Security Engine ccSvcHst exe C Program Files Intel Intel Matrix Storage Manager Iaanotif exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS stsystra exe C Program Files Caere OmniPagePro opware exe C Program Files iTunes iTunesHelper exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Logitech QuickCam Quickcam exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD PDVDServ exe C WINDOWS system ctfmon exe C WINDOWS system ntvdm exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files Mozilla Firefox firefox exe C WINDOWS system uWDF exe C Program Files Outlook Express msimn exe C Program Files Messenger msmsgs exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http google com R - HKLM Software Microsoft Internet Explorer Main Start Page http google com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext quot C Program Files Outlook Express msimn exe quot O - BHO Adobe PDF Reader Link He... Read more

A:Vundo Infection

Hi, I noticed there are a lot of Vundo infection issues here, there's one being addressed on page 1 right now with Tiger lky, should I follow the instructions given in that thread as well, or are solutions specific to each machine? I could make a start on this ComboFix thingy.
 

https://forums.techguy.org/threads/vundo-infection.822875/
Relevancy 45.58%

Hello in the past few days my computer have been acting strange I have been getting this pop-up http go cmp ntvrsrgk AE F amp affid amp lid av amp rid mmph which doesnt even work but opens by itself Sometimes it is only one sometimes it can show times in minutes I have done some research through the internet and it seems like a possibly have Trojan Vundo I get all the symptoms mentioned and also my screen gets fully black and my desktop possible a Vundo infection with Help dissapears so I need to use the task manager ctrl alt del window to open or use anything I come here requesting for some help and heres my hijack log ogfile of Trend Micro HijackThis v Scan saved at p Help with a possible Vundo infection m on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows System smss exe C Windows system csrss exe C Windows system wininit exe C Windows system csrss exe C Windows system services exe C Windows system lsass exe C Windows system lsm exe C Windows Help with a possible Vundo infection system winlogon exe C Windows system Help with a possible Vundo infection svchost exe C Windows system svchost exe C Windows System svchost exe C Windows System svchost exe C Windows system svchost exe C Windows system SLsvc exe C Windows system svchost exe C Windows system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C Windows system Dwm exe C Windows System spoolsv exe C Windows system svchost exe C Windows RtHDVCpl exe C Windows system taskeng exe C Program Files Java jre bin jusched exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Grisoft AVG Anti-Spyware avgas exe C Program Files QuickTime QTTask exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files McAfee com Agent mcagent exe C Program Files iTunes iTunesHelper exe C Program Files Windows Sidebar sidebar exe C Program Files Windows Media Player wmpnscfg exe C Windows System rundll exe C Windows System rundll exe C Program Files Digital Line Detect DLG exe C Windows system igfxsrvc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Grisoft AVG Anti-Spyware guard exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C Windows system svchost exe C Program Files Enigma Software Group SpyHunter SHService exe C Windows system svchost exe C Windows System svchost exe C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C PROGRA McAfee MSC mcmscsvc exe C Windows system taskeng exe C Program Files Windows Media Player wmpnetwk exe C Program Files iPod bin iPodService exe C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe C Program Files Internet Explorer IEUser exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C PROGRA McAfee VIRUSS mcsysmon exe c program files common files mcafee mna mcnasvc exe C Windows system Taskmgr exe C Program Files Mozilla Firefox firefox exe C Program Files SpyNoMore SNM exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Messenger usnsvc exe C Program Files Security Task Manager taskman exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www la dell com content default aspx c co amp l es amp s gen R - HKLM Software Microsoft Internet Ex... Read more

A:Help with a possible Vundo infection

bump and help please
 

https://forums.techguy.org/threads/help-with-a-possible-vundo-infection.702426/
Relevancy 45.58%

Hello My husband picked up a nasty vundo infection last night I have been caught in Vundo Infection Need with Help an endless loop with Malwarebytes which it disabled but I worked around and Ad-Aware trying Need Help with Vundo Infection to get rid of it Of course it keeps returning I haven't done a lot of surfing Need Help with Vundo Infection since but I did have a couple Window pop-ups My Automatic Updates keeps getting disabled as well I know this is going to take some professional knowledge to deal with I appreciate any help you can give me DDS Ver - - - NTFSx Run by Lisa Vitali at on Thu Internet Explorer Microsoft Windows XP Professional GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Seagate SeagateManager Sync FreeAgentService exe C WINDOWS system hphmon exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C WINDOWS system dla tfswctrl exe C Program Files Intel Intel Application Accelerator iaantmon exe C Program Files Java jre bin jusched exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files McAfee com Agent mcagent exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Seagate SeagateManager FreeAgent Status StxMenuMgr exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Documents and Settings Lisa Vitali Application Data Smilebox SmileboxTray exe C Program Files Comcast Universal Caller ID Comcast Universal Caller ID exe C Program Files Java jre bin jqs exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files McAfee MPF MPFSrv exe C Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Canon CAL CALMAIN exe C WINDOWS system HPZipm exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Outlook Express msimn exe C Documents and Settings Lisa Vitali Desktop dds scr Pseudo HJT Report uStart Page hxxp www cnn com uSearch Page hxxp www google com uDefault Page URL hxxp www dell me com myway uSearch Bar hxxp www google com ie uInternet Settings ProxyServer actsvr comcastonline com uInternet Settings ProxyOverride cdn local BHO D -C F - efb- B - ECA - No File BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dll BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetecto... Read more

A:Need Help with Vundo Infection

Please close this topic - the problem has been resolved. Thank you!

http://www.bleepingcomputer.com/forums/t/270934/need-help-with-vundo-infection/
Relevancy 45.58%

I'm working on a computer that had a bad Vundo infection Spyware Doctor was able to remove enough Vundo Infection to get to the point where I could use other tools Malware Bytes Anti-Malware Spybot S amp D and Ad-Aware all removed different bits It seems to be gone but I'd like one of the experts to help me make sure I had ran Deckard early on so I don't think the extra txt is relevant anymore But here is the main Vundo Infection txt and the Kaspersky scan Deckard's System Scanner v Run by Bruce on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis run as Bruce exe -----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM Vundo Infection on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows System smss exeC Windows system csrss exeC Windows system wininit exeC Windows system csrss exeC Windows system services exeC Windows system lsass exeC Windows system lsm exeC Windows system winlogon exeC Windows system svchost exeC Windows system svchost exeC Windows system Ati evxx exeC Windows System svchost exeC Windows System svchost exeC Windows system svchost exeC Windows system SLsvc exeC Windows system svchost exeC Windows system Ati evxx exeC Windows system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC Windows system WLANExt exeC Windows System spoolsv exeC Windows system svchost exeC Windows system svchost exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Common Files Creative Labs Shared Service CreativeLicensing exeC Windows system CTsvcCDA exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Dell Network Assistant hnm svc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exeC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC Program Files Nero Nero Nero BackItUp NBService exeC Windows system IoctlSvc exeC Windows system svchost exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Dell Support Center bin sprtsvc exeC Windows system svchost exeC Windows System svchost exeC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Program Files Spybot - Search amp Destroy SDWinSec exeC Windows system taskeng exeC Program Files Windows Media Player wmpnetwk exeC Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Program Files Dell Support Center bin sprtcmd exeC Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exeC Program Files Java jre bin jusched exeC Program Files Spyware Doctor pctsTray exeC Program Files Windows Sidebar sidebar exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Creative MediaSource Go CTCMSGoU exeC Program Files XPC Tools Driver Updater Pro DriverUpdaterPro exeC Windows System mobsync exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Digital Line Detect DLG exeC Windows system wbem unsecapp exeC Windows system wbem wmiprvse exeC Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Users Bruce Desktop dss exeC PROGRA TRENDM HIJACK Bruce exeC Windows system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http www myhughesnet comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink L... Read more

A:Vundo Infection

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Thank you for your patience.

http://www.bleepingcomputer.com/forums/t/154688/vundo-infection/
Relevancy 45.58%

Howdy I have been fighting what appears to be a Vundo virus off and on for a while now A couple months ago I was able to follow some of the posts in this forum and get it cleaned up but now it s back and it s mad Any time I open a web browser window Firefox I immediately get multiple pop up windows many of them for WinProVirus or other bogus stuff I am running Windows XP on an Intel Core Processor I have AdAware installed and even thought it thinks it can find problems it never really clears them out I also just tried installing Windows Defender but same thing it finds problems but never Infection with Help Vundo really fixes anything I also tried running VundoFix exe and VirtumundoBeGone exe with no success Any help you can give me in getting this cleaned up and keeping me safe for the future is greatly appreciated Below is my HijackThisLog and just let me know what additional information you might want or need Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe Help with Vundo Infection C WINDOWS Help with Vundo Infection System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE Help with Vundo Infection C WINDOWS system nvraidservice exe C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C WINDOWS system RUNDLL EXE C Program Files Hewlett-Packard OrderReminder OrderReminder exe C Program Files Portrait Displays Pivot Software wpctrl exe C Program Files iTunes iTunesHelper exe C WINDOWS tsitra exe C Program Files Windows Defender MSASCui exe C Program Files Portrait Displays Pivot Software floater exe C Program Files Common Files TiVo Shared Transfer TiVoTransfer exe C Program Files TiVo Desktop TiVoNotify exe C Program Files Insider Insider exe C Program Files Messenger msmsgs exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Common Files Portrait Displays Shared DTSRVC exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system svchost exe C Program Files Common Files TiVo Shared Beacon TiVoBeacon exe C Program Files Canon CAL CALMAIN exe C Program Files iPod bin iPodService exe C WINDOWS system wbem unsecapp exe C PROGRA MOZILL FIREFOX EXE C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www midgetlink com t php O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - CA A - DD - - A - AB B A D - C WINDOWS system jkhhe dll file missing O - BHO no name - B AA D -E E - D - - ED F C - C WINDOWS system ssqrq dll O - BHO no name - D EAC -CD - B -B A - F DD EE - C WINDOWS system geeby dll file missing O - BHO no name - FDD B - D - ffb- - B AD ACC - C Program Files Microsoft Money System mnyviewer dll O - HKLM Run NVRaidService C WINDOWS system nvraidservice exe O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exe O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run SoundMAX quot C Program Files Analog Devices SoundMAX Smax exe quot tray O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exe O - HKLM Run MoneyStartUp quot C Program Files Microsoft Money System Activation exe quot O - HKLM Run OrderReminder C Program Files Hewlett-Packard OrderReminder OrderReminder exe O - HKLM Run PivotSoftware quot C Progr... Read more

Relevancy 45.58%

Hi and thank you in advance to the kind person that helps me with this The first symptom I had of an infection was that I got a message on my task bar saying that Windows Automatic Updates was turned off and I was unable to turn it back on Having searched the net for this problem I discovered that Vundo was a possible cause I use Norton Internet Security Infection Vundo and Norton Antivius and had run a full system scan earlier in the day which came back clean I downloaded and ran Nortons Vundo Removal Tool but that did not help I noticed online that several people were recommending SUPERAntiSpyware to get rid of Vundo So I downloaded and ran the free Version of that and it did detect several Vundo Files and registry entries However it did not get rid of them - they were still there when I ran the scan again The files that SuperAS reports as Vundo Variant are Vundo Infection C WINDOWS SYSTEM DDCYROH DLL and C WINDOWS SYSTEM FHXBZP DLL as well as several Vundo Infection registry entries I tried running Vundofix which said it detected a problem with the file C Windows System divx dll but again the software seemed unable to remove the problem so I manually deleted that dll file I looked at what divx dll was before I deleted it and it was created in and said it was a divx codec file so I figured it was probably redundant now Vundo Infection anyway I also ran VirtumundoBeGone in Safe Mode - this said it had fixed a problem but again it had not SO now I have run McAfee Stinger and then HiJackThis to generate the log below I hope somebody is willing to help me sort this out Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS SOUNDMAN EXEC Program Files Java jre bin jusched exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system rundll exeC WINDOWS system RUNDLL EXEC Program Files iTunes iTunesHelper exeC Program Files Napster napster exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system ctfmon exeC Program Files Windows Live Messenger msnmsgr exeC Program Files DAEMON Tools Lite daemon exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Norton AntiVirus navapsvc exeC WINDOWS system nvsvc exeC WINDOWS system slserv exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Common Files Symantec Shared Security Center SymWSC exeC Program Files iPod bin iPodService exeC WINDOWS system wscntfy exeC Program Files Messenger msmsgs exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www pinkun com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - Toolbar Web assistant - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared Ad... Read more

A:Vundo Infection

Whilst waiting for somebody to take up my case I have done a little PC 'housekeeping' and performed some actions based on advice that I have read on other threads. What I have done is as follows:Deleted some programs from the desktopRemoved NapsterRemoved Java™ 6 Update 7Removed Java™ 6 Update 5Removed Java™ 6 Update 3Installed Java™ 6 Update 10Installed Malwarebytes' Anti-MalwareRan MBAM Quick Scan - Objects infected 16, mostly Trojan VundoAllowed MBAM to remove items and reboot to remove other itemsRan MBAM Quick Scan again - No malicious items detectedAfter performing these actions I still had Windows Security Center on my Task Bar telling me that Automatic Updates are OFF. However, now it let me turn Automatic Updates back on! This seems like good news but I would still really like for somebody to run through my logs and make sure my PC is fully clean.Below are the 2 logs I got from MBAM plus a new HiJackThis log. I hope somebody will take on my case and get back to me soon.MBAM Log 1:Malwarebytes' Anti-Malware 1.30Database version: 1411Windows 5.1.2600 Service Pack 319/11/2008 13:31:57mbam-log-2008-11-19 (13-31-57).txtScan type: Quick ScanObjects scanned: 57411Time elapsed: 5 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 7Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\ddcYrrOh.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\fhxbzp.dll (Trojan.Vundo) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db082c23-fc73-4216-9dda-f1d5eb635f5e} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{db082c23-fc73-4216-9dda-f1d5eb635f5e} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db082c23-fc73-4216-9dda-f1d5eb635f5e} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcyrroh -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcyrroh -> Delete on reboot.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ddcYrrOh.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\hOrrYcdd.ini (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\hOrrYcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\fhxbzp.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.MBAM Log 2:Malwarebytes' Anti-Malware 1.30Database version: 1411Windows 5.1.2600 Service Pack 319/11/2008 13:41:52mbam-log-2008-11-19 (13-41-52).txtScan type: Quick ScanObjects s... Read more

http://www.bleepingcomputer.com/forums/t/180786/vundo-infection/
Relevancy 45.58%

Hi Infection Vundo all i Vundo Infection was hoping someone could take a look at this and let me know if i'm still infected--i did a scan with S amp D and Vundo showed up as an infection--i cleaned the files but i know it can be hard to get rid of Any help would be appreciated thank you Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Acronis Schedule schedul exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS System DRIVERS CDANTSRV EXEC Program Files Common Files EPSON EBAPI SAgent exeC WINDOWS System nvsvc exeC WINDOWS system oodag exeC Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exeC WINDOWS System svchost exeC Program Files Canon CAL CALMAIN exeC WINDOWS Explorer EXEC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Adobe Acrobat Distillr Acrotray exeC Program Files Sony VAIO Action Setup VAServ exeC Program Files Kaspersky Lab Kaspersky Anti-Hacker KAVPF exeC Program Files Last fm LastFMHelper exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www sony com vaiopeopleR - HKCU Software Microsoft Internet Explorer Main Local Page O - BHO HelperObject Class - C D-C - C - -FCE AD C - C Program Files TechSmith SnagIt SnagItBHO dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - C B A - DB - A -A CB-D BBFEB - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO WebAssist - B D-D D- -A - B EA F - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO ST - EDE -C B - E- - BF AF E - C Program Files MSN Apps ST en-xu stmain dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO MSNToolBandBHO - BDBD DAD-C - A -ADC - B B FF D - C Program Files MSN Apps MSN Toolbar MSN Toolbar en-us msntb dllO - BHO no name - BECF A-A A- E - A- AE D D A - no file O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar SnagIt - FF E -ABDE- EB-B E-D AAB CABE - C Program Files TechSmith SnagIt SnagItIEAddin dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run NvCplDaemon RUNDLL EXE NvQTwk NvCplDaemon initializeO - HKLM Run ZTgServerSwitch c program files support com client lserver server vbsO - HKLM Run EPSON Stylus CX Series Copy C WINDOWS System spool DRIVERS W X E FATIAFA EXE P quot EPSON Stylus CX Series Copy quot O quot USB quot M quot Stylus CX quot O - HKLM Run kav quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKLM Run DAEMON Tools quot C Program Files DAEMON Tools daemon exe quot -lang -noiconO - HKLM Run WinampAgent C Program Files Winamp winampa exeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quo... Read more

A:Vundo Infection

Hello beccajane,We will run ComboFix. You need to disable your Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running. To disable Kaspersky Antivirus: Please navigate to the system tray on the bottom right hand corner and look for a sign.right click it-> select Pause Protection.click on -> By User Requesta popup will claim that protection is now disabled and a sign like this: will now be shown.You succesfully disabled the Kaspersky Antivirus Guard.I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. How to disable TeaTimer during HijackThis Cleanup Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Be sure to install the Windows XP Recovery Console in case you have not installed it yet. <== IMPORTANT Post the ComboFix log.

http://www.bleepingcomputer.com/forums/t/128846/vundo-infection/
Relevancy 45.58%

I have to apologize for posting this in your topic but I can t seem to create a new topic for some reason I have a problem and it may be Vundo related I ve been getting a few Vundo alerts recently Ones which involve my computer trying to connect to a computer in Germany However I haven t experienced any problems Until of course about ten minutes ago The taskbar started flashing on and off for little bits at a time Something was killing Explorer because everyime it popped back up the system tray was reloading It got to a certain number of icons and BAM dead again I though it was infection Vundo Possible rather odd naturally It soon setteled on staying on with no system tray and not letting me open anything on the stary menu or any shortcuts So I killed Explorer fromt he Task Manage Now lucky me I have RK Launcher a dock from which I can run things such as Explorer So I used that Now we re back to endless flashing but at least I can click on things However it never lasts long enough for Possible Vundo infection me to do well anything Opening anything like My Documents just makes it flash off again taking that with it So I killed it once again and used RK Launcher to open Opera I had tried to run a Vundo tool from Symantec earlier but it gave nothing Also after that the alerts stopped This all seems like malware related behavior but I haven t seen anything Vundo-related like quot Click here to scan for spyware quot pop up yet Also a couple root kits have been blocked by Norton Now my computer ran fine all day and ran fine for a half hour before this I haven t done anything in that time that would aggrevate malware or anything out of the ordinary Also it might be good to mention I have a hacked uxtheme dll and have for quite some time I have not installed any new themes within months however so I doubt that s it What I need to know is How can I cause Explorer to remain stable Would a restart help I m afraid to because I m not sure if I ll lose control of it completely Is there any way I can get Norton to run even without Explorer Also does this strike you as Vundo another malware or something else entirely Again I appologize for commandeering your topic but I can t get a new topic to work and I m fairly freaked out right now Also here s a picture of the original log http img imageshack us img ss gg jpgAnd this is where I first discussed the problem before it actually became a problem http www zuneboards com forums tech-help html post A speedy reply would be immensely good because I don t know what to do On a good note I managed to beat Explorer s kill time in order to run Norton so now both the tool and a full system scan are running Is it safe to install another scanner and give it a quot second opinion quot Sometimes multiple scanners can pick up each others slack but I m not sure if it s wise to install anything while the computer is acting like this Also files is there a way I can access my files and copy them to my external hard drive I have some pretty important stuff that s not backed up and I d like to be able to save it if possible Oh and just so you know I m using XP Home

A:Possible Vundo infection

Hello and welcome. That Vundo tool is a bit dated.Please run this Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/163350/possible-vundo-infection/
Relevancy 45.58%

Hello

my computer has recently become infected with the Vundo trojan. I have run Anti-malware, VundoFix and VirtumondoBegone. The computer is supposed to be virus free, but I thought I should post a HijackThis log here and get your feedback just to be sure. I am not convinced that all files have been removed. Any help you could provide would be much appreciated.

A:Vundo infection

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/215468/vundo-infection/
Relevancy 45.58%

This is a Toshiba Satellite laptop running Windows Vista Home Basic It seems to have the Vundo infection as there are multiple popups and some unusual files in the startup area of the registry I attempted to run the panda virus scan and it was taking forever over hours so I stopped an only did the DSS Possible Infection Vundo scan as well as following all of the other steps The logs from the Possible Vundo Infection DSS follow Deckard's System Scanner v Run by Holly on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- Last Restore Point s -- - - UTC - RP - Windows Defender Checkpoint - - UTC - RP - Windows Update - - UTC - RP - Windows Update - - UTC - RP - Restore Operation - - UTC - RP - Installed Google Earth -- First Restore Point -- - - UTC - RP - Installed Google Earth Backed up registry hives Performed disk cleanup Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows Vista MSIE Internet Explorer Boot mode Normal Running processes C Windows System dwm exe C Windows System taskeng exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Windows Defender MSASCui exe C Windows RtHDVCpl exe C Program Files ltmoh ltmoh exe C Program Files Toshiba ConfigFree NDSTray exe C Program Files Synaptics SynTP SynToshiba exe C Program Files Toshiba Utilities KeNotify exe C Program Files Toshiba Power Saver TPwrMain exe C Program Files Toshiba SmoothView SmoothView exe C Program Files Toshiba FlashCards TCrdMain exe C Windows System wpcumi exe C Program Files Toshiba TOSCDSPD TOSCDSPD exe C Users Holly svchost exe C Program Files Toshiba ConfigFree CFSwMgr exe C Windows System wbem unsecapp exe C Windows System cmd exe C Windows System cmd exe C Windows System wuauclt exe C Windows explorer exe C Users Holly Desktop dss exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www toshibadirect com dpdstart R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www toshibadirect com dpdstart R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google GoogleToolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - C Program Files Google GoogleToolbar dll O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run HotKeysCmds C Windows system hkcmd exe O - HKLM Run Persistence C Windows system igfxpers exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run LtMoh C Program Files ltmoh Ltmoh exe O - HKLM Run NDSTray exe NDSTray exe O - HKLM Run HWSetup C Program Files TOSHIBA Utilities HWSetup exe hwSetUP O - HKLM Run SVPWUTIL C Program Files TOSHIBA Utilities SVPWUTIL exe SVPwUTIL O - HKLM Run KeNotify C Program Files TOSHIBA Utilities KeNotify exe O - HKLM Run TPwrMain ProgramFiles TOSHIBA Power Saver TPwrMain EXE O - HKLM Run HSON ProgramFiles TOSHIBA TBS HSON exe O - HKLM Run SmoothView ProgramFiles Toshiba SmoothView SmoothView exe O - HKLM Run TCr... Read more

Relevancy 45.58%

Edit Forgot to mention that I also ran VundoFix and VundoBeGone and neither found any traced of Vundo I Infection Vundo have a Vundo infection that I though I had taken care of with SuperAntiSpyware and Malwarebytes Nothing is showing up when I run those programs and Adaware but I am still getting some browser redirects Any help would be greatly appreciated Here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at PM Vundo Infection on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exeC Program Files Carbonite Carbonite Backup carboniteservice exeC Vundo Infection Program Files eBLVD ebhost exec program files event inventory eibox office server eiboxofficeserver exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Java jre bin jqs exeC Program Files LogMeIn x RaMaint exeC Program Files LogMeIn x LogMeIn exeC Program Files LogMeIn x LMIGuardian exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exec PROGRA mcafee com agent mcagent exeC WINDOWS System svchost exeC WINDOWS system nvsvc exeC WINDOWS System svchost exec Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Viewpoint Common ViewpointService exeC PROGRA McAfee VIRUSS mcsysmon exeC WINDOWS system ctfmon exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system rundll exeC Program Files Java jre bin jusched exeC WINDOWS system rundll exeC WINDOWS system WLTRAY exeC Program Files Dell QuickSet Quickset exeC WINDOWS stsystra exeC WINDOWS system KADxMain exeC Program Files Roxio Drag-to-Disc DrgToDsc exeC Program Files LogMeIn x LogMeInSystray exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP Digital Imaging bin hpqSRMon exeC Program Files Carbonite Carbonite Backup CarboniteUI exeC Program Files LogMeIn x LMIGuardian exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC Program Files Siber Systems AI RoboForm RoboTaskBarIcon exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Internet Explorer iexplore exeC WINDOWS system dllhost exeC Program Files Internet Explorer iexplore exeC Program Files Mozilla Firefox firefox exeC Program Files Adobe Acrobat Reader AcroRd exeC WINDOWS system calc exeC WINDOWS system rundll exeC Program Files Microsoft Works WkDStore exeC Program Files Microsoft Works wksss exeC Program Files Internet Explorer iexplore exeC WINDOWS explorer exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http chicago cubs mlb com chc ticketing seasonopp R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - ef... Read more

A:Vundo Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/210054/vundo-infection/