|
|
|||||||
|
 Trojan Vundo. H (Hijackthis/malwarebytes)
|
|
|
|
I have ran malare anti-malware but it is not getting rid of all the viruses/memory modules/registery keys
I also ran hijack this and removed some .dll's found by malwarebytes but not all went.
Malwarebytes' Anti-Malware 1.37
Database version: 2216
Windows 5.1.2600 Service Pack 2
02/06/2009 22:04:31
mbam-log-2009-06-02 (22-04-31).txt
Scan type: ...
|
 |
|
|
Thread Tools |
|
#1
3rd Jun 2009, 01:39
|
|||
|
|||
|
Trojan Vundo. H (Hijackthis/malwarebytes)
I have ran malare anti-malware but it is not getting rid of all the viruses/memory modules/registery keys
I also ran hijack this and removed some .dll's found by malwarebytes but not all went. Malwarebytes' Anti-Malware 1.37 Database version: 2216 Windows 5.1.2600 Service Pack 2 02/06/2009 22:04:31 mbam-log-2009-06-02 (22-04-31).txt Scan type: Quick Scan Objects scanned: 89008 Time elapsed: 3 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 13 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 2 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\dwkljtof.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\becbn.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\xanyzwy.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{936182df-5f7a-4d1e-a86f-a6d0f061e70a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\feuyhaok (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{936182df-5f7a-4d1e-a86f-a6d0f061e70a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0e8459fd-af07-48f1-8cd1-3884d15eaf47} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e8459fd-af07-48f1-8cd1-3884d15eaf47} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{0e8459fd-af07-48f1-8cd1-3884d15eaf47} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b mbgzbpm (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\b mbgzbpm (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\bmbgzbpm (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{936182df-5f7a-4d1e-a86f-a6d0f061e70a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{10c0b0c0-fc01-473b-8ebb-4376353f96e4} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{10c0b0c0-fc01-473b-8ebb-4376353f96e4} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{10c0b0c0-fc01-473b-8ebb-4376353f96e4} (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\xanyzwy.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dwkljtof.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\becbn.dll (Trojan.Agent) -> Delete on reboot. c:\WINDOWS\system32\zfmhjbu.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\bekbn.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\drivers\jcnfgawt.sys (Rootkit.Agent) -> Delete on reboot. c:\WINDOWS\system32\drivers\sjbxdggg.sys (Rootkit.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:52:36, on 02/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\windows\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe C:\windows\system32\carpserv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system32\ctfmon.exe C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe C:\windows\SYSTEM32\astsrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\windows\system32\oodag.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\windows\System32\svchost.exe C:\windows\system32\wscntfy.exe C:\windows\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE c:\program files\common files\mozilla shared\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiny.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {936182df-5f7a-4d1e-a86f-a6d0f061e70a} - c:\windows\system32\xanyzwy.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: feuyhaok - C:\windows\SYSTEM32\xanyzwy.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\windows\SYSTEM32\astsrv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\windows\ O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: gearsec - GEAR Software - C:\windows\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire (threatfire) - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\windows\ -- End of file - 7951 bytes Any help please, computer is going mad locking task manager, browsing is a pain with constant pop ups, some programs are disabled. I am thinking of a complete re-install. But just want system stable to back-up files. |
|
#2
3rd Jun 2009, 10:31
|
|||
|
|||
|
Trojan Vundo. H (Hijackthis/malwarebytes)
Download DDS by sUBs and save it to your desktop. Alternate DDS download link
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.
__________________
 |
|
|
|
| Bookmarks |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Trojan Vundo.H Will Not Go Away. | jbrac25 | Virus, Spyware & Security | 6 | 15th May 2009 13:12 |
| Need Help... Can't Get Rid of TROJAN.VUNDO.H. | sukun | Virus, Spyware & Security | 1 | 2nd May 2009 16:27 |
| I Can't Get Rid of TROJAN.VUNDO.H from my PC | theprodigycmb | Virus, Spyware & Security | 13 | 16th Mar 2009 16:40 |
| Trojan.vundo.h , trojan.agent , adware.mirar + MORE! :( | sillyarfer | Virus, Spyware & Security | 1 | 14th Dec 2008 09:59 |
| Whatever I do I can't get rid of TROJAN.VUNDO.H | redsowwer | Virus, Spyware & Security | 25 | 3rd Nov 2008 18:10 |
| Thread Tools | |
|
|
