Home > Help > HELP - Persistent Vundo Infection

HELP - Persistent Vundo Infection

However, none of those has been completely able to kill the virus. more... At this point, I'm not even sure I'd know when my system is clean - it seems to be gone, but keeps popping back up when I least expect it. C:\Documents and Settings\TCS\Local Settings\Temp\xsomwrcnea.tmp (Trojan.Downloader) -> No action taken. check over here

Thank you so SO much. I'm assuming, from what I've read online, that it has infected my core system files, but none of the removal methods suggested have worked for me (including using Process Explorer in Sign In All Activity Home Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? https://forums.techguy.org/threads/help-persistent-vundo-infection.779591/

Attached Files: hijackthis.log File size: 11.2 KB Views: 1 VundoFix.txt File size: 3.9 KB Views: 1 MJPByron, Dec 28, 2007 #1 TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member Welcome Attach the new Log.txt to your next reply. It is probably just wasting your time with unnecessary information about files that you are creating.

If you do not get a success message, it definitely did not work. i did.EDIT:logs got cut offavenger:Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, Now Copy the bold text below to notepad.

Are you looking for the solution to your computer problem? thandamilk, Dec 18, 2008 #3 This thread has been Locked and is not open to further replies. I would also search the entire registry for each of those file names and delete any entries found containing them. https://forums.malwarebytes.com/topic/43829-trojanvundoh-persistent-infection/?do=findComment&comment=217246 I have a Vista64 disc from the Windows Feedback Program and my system has 4GB of RAM.

KB issue came back, next to un\usable, anything further will be done in safe mode w/network Help Attached Files: MGlogs.zip File size: 55.8 KB Views: 2 ComboFix.txt File size: 23.3 All Rights Reserved Theme designed by Audentio Design. After doing the above, you should work thru the below link: How to Protect yourself from malware! They managed to detect the vundo trojan, removed it, but the trojan came back after reboot.

Cherish the pain, it means you're still alive Back to top #21 nca2003 nca2003 Topic Starter Members 29 posts OFFLINE Local time:06:20 AM Posted 08 January 2009 - 04:37 AM http://www.geekstogo.com/forum/topic/232413-persistent-vundo-infection-solved/ persistent vundo infection Started by nca2003 , Jan 02 2009 04:57 PM Prev Page 2 of 2 1 2 This topic is locked 25 replies to this topic #16 fenzodahl512 fenzodahl512 HELP - Persistent Vundo Infection Discussion in 'Virus & Other Malware Removal' started by thandamilk, Dec 14, 2008. Learn More.

I'm going to try that if the symptoms persist in normal mode. check my blog If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry. dary! Current Boot Mode: NormalScan Mode: All usersOutput = MinimalFile Age = 30 DaysCompany Name Whitelist: Off ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)PRC - C:\Program Files (x86)\Intel\Intel Matrix

I get the following error message: "SpyGuard detected a known threat attempting to run: Name: Win32.Trojan.Vundo.B...", and my TrendSecure (I've been using TransactionGuard to avoid keylogging) occasionally catches malware attempting to I think it's better you take your necessary backup and go for a fresh install of Windows. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. http://zuneuser.com/help/help-winreanimator-vundo-problem.php Useful Searches Recent Posts Menu Forums Forums Quick Links Search Forums Recent Posts Menu Log in Sign up AnandTech Forums: Technology, Hardware, Software, and Deals Home Forums > Software > Security

wait for it.. These are all suspect files to my mind. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password?

Click on the Execute selected scripts. 4. Short URL to this thread: https://techguy.org/779591 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? Save it as fixme.reg to your desktop. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\Y4RSPC6S\divx[1] (Trojan.Vundo) -> No action taken. Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it! Attached Files: SASlog.txt File size: 465 bytes Views: 2 MBAMlog.txt File size: 900 bytes Views: 2 COMBOFIXlog.txt File size: 16.7 KB Views: 1 SliceDiamond, Aug 3, 2008 #1 SliceDiamond Private E-2 have a peek at these guys I manually wiped out as many of the files and registry items as I could find, which at least opened up the use of Malware Bytes, SuperAntiSpyware and Spybot for me.

Your logs are clean! Cherish the pain, it means you're still alive Back to top #19 nca2003 nca2003 Topic Starter Members 29 posts OFFLINE Local time:06:20 AM Posted 08 January 2009 - 03:44 AM Tech Support Guy is completely free -- paid for by advertisers and donations. Error - 3/15/2009 4:09:04 PM | Computer Name = Med-Station | Source = Application Error | ID = 1000Description = Faulting application TrueImageMonitor.exe, version, time stamp 0x4727649a, faulting module MSVCR71.dll,

HJT and VundoFix logs are attached, I know it said not to post HJT logs on the main rules, but the Vundo removal thread said to do so, so I have. Advertisements do not imply our endorsement of that product or service. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{772e3f02-6d6f-4142-94f6-2c016bab630d} (Trojan.Vundo.H) -> No action taken. The mouse is not affected.

I happened to read that Mozilla FF 3 is unaffected by the trojan's .dll file. #5 Sam25, Nov 14, 2008 DSF Diamond Member Joined: Oct 6, 2007 Messages: 4,902 Likes