Home > Vundo Trojan > Vundo Trojan Help (hijackthis Log Included)

Vundo Trojan Help (hijackthis Log Included)

I had downloaded superantispyware and removed the virus but my internet is still horribly slow and doesn't work like before. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{11e02549-ad5f-462e-85df-6c555c757c8e} (Trojan.Vundo.H) -> Delete on reboot. If it does not automatically open, then click Start -> Run, type notepad and press Enter. My computer beeped, but not the sound as that is off, and closed ComboFix and the file that was in My Documents was instantly erased. http://simplecoverage.org/vundo-trojan/vundo-trojan-hjt-log-included.php

Make sure that everything is checked, and click Remove Selected. Back to top #8 GACGustie GACGustie Member Full Member 6 posts Posted 04 July 2007 - 12:52 PM Complete scanning result of "EBCC9BD9FE.sys", received in VirusTotal at 07.04.2007, 19:29:05 (CET).Antivirus Version Triple6 replied Mar 17, 2017 at 3:25 PM Wired CCTV Camera Picture Fuzzy? O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1219645491577 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) http://www.bleepingcomputer.com/forums/t/224936/vundo-maybe-hijack-this-log-included/

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Thank you! www.cybertechhelp.com | home Cyber Tech Help Support Forums > Software > Malware Removal Forum Trojan HiJackThis Log Included User Name Remember Me? SO i try to enable it(i have mcafee) and it says to go to control panel and turn it on.

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey Wonder what Boot mode: Normal Log looks like ! $.02 floplot Guru Norton Fighter25 Reg: 11-Apr-2009 Posts: 22,284 Solutions: 484 Kudos: Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes Join over 733,556 other people just like you! Thank you for your patience.

Good luck. My computer is a Compaq Presario R3240US . She is being redirected to other sites from google searches. scanning hidden files ...

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:13:03 PM, on 8/2/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Windows The ComboFix file is not in my Recycle Bin either. 0 #6 Rorschach112 Posted 08 February 2008 - 02:41 PM Rorschach112 Ralphie Retired Staff 47,710 posts Once you run ComboFix.exe the scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:b9,06,18,c3,c8,ec,db,29,bd,c3,6d,86,2d ,8f,e3,f5,aa,57,5e,a8,39,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001] "a0"=hex:20,01,00,00,e7,67,d1,9f,3d,97,3c,79,b3,5c ,c1,d3,39,26,2d,da,f9,.. "khjeh"=hex:76,4c,ae,c0,42,93,b9,47,35,cf,2a,0b,29 ,89,14,eb,64,8f,57,72,fb,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40] A new HijackThis log.----------------------------------------Please let me know if you have got problems during the fix.Mieke Back to top #5 GACGustie GACGustie Member Full Member 6 posts Posted 03 July 2007 -

All rights reserved.) O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation) O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation) Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.SpywareBlasterA tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.SpywareGuardA tutorial on using SpywareGuard R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! I thought everything was fine, but then my Auto Update for Windows was disabled and the Windows Security Alerts popped up on my Taskbar.

When turning off System Restore, the existing Restore Points will be deleted. navigate here C:\WINDOWS\system32\wexwguyf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Here is the HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:10 AM, on 3/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot Please help me, i cannot afford to pay anything to fix my computer.

Back to top #10 GACGustie GACGustie Member Full Member 6 posts Posted 05 July 2007 - 05:37 PM Everything seems to be running smoothly. Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. Thnx bjm_ Guru Norton Fighter25 Reg: 07-Sep-2008 Posts: 13,891 Solutions: 283 Kudos: 2,038 Kudos0 Re: HijackThis Log concerning Trojan Vundo Posted: 03-Aug-2010 | 12:49PM • Permalink Hope my $.02 posting will Check This Out All UsersClick OKPress the CleanUp!

Place a check in the Scan All Users checkbox Click the Run Scan button When the scan is complete, two text files are produced on the Desktop: OTListIt.txt, and Extras.txt ~~~~ Please re-enable javascript to access full functionality. All rights reserved.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 -

The contents of C:\vundofix.txt 2.

Press any key to restart the PC. Staff Online Now Cookiegal Administrator Triple6 Moderator Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links Search HijackThis log included. Vundo Problems - HijackThis Log included Started by GACGustie, Jun 28 2007 05:51 PM This topic is locked 11 replies to this topic #1 GACGustie GACGustie Member Full Member 6 posts

How to do that:1. Password Register FAQ Calendar Today's Active Topics Search Notices Viewing on a mobile device? If CTH has helped you, please consider liking and sharing us on Facebook Search Forums Show Threads Show Posts Advanced Search Go to Page... this contact form Attempting to delete C:\WINDOWS\system32\tmpE4.tmp.dllC:\WINDOWS\system32\tmpE4.tmp.dll Has been deleted!Performing Repairs to the registry.Done!"McNeill" - 2007-07-03 17:37:01 - ComboFix 07-07-03.9 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\rqrrpp.dll C:\WINDOWS\urropm.dll C:\WINDOWS\pprrqr.ini C:\WINDOWS\mporru.ini C:\WINDOWS\system32\comapi.dll * *

or read our Welcome Guide to learn how to use this site. Advertisement Recent Posts News from the web #3 poochee replied Mar 17, 2017 at 3:40 PM 8.1 Upgrade? All rights reserved. Record Number: 25989 Source Name: Service Control Manager Time Written: 20081206225920.000000-480 Event Type: information User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7,

All rights reserved. go to System->Automatic Update" and turn it on from there. Back to top #6 GACGustie GACGustie Member Full Member 6 posts Posted 03 July 2007 - 05:50 PM VundoFix V6.5.4Checking Java version...Java version is versions of java are exploitable and delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos0 Re: HijackThis Log concerning Trojan Vundo Posted: 03-Aug-2010 | 3:18PM • Permalink It might be more helpful to see

Open notepad and copy/paste the text in the quotebox below into it:File::C:\WINDOWS\~DF1CD4.tmpC:\WINDOWS\~DF35C7.tmpC:\WINDOWS\~DFC01C.tmpC:\WINDOWS\~DF7F09.tmpC:\WINDOWS\CGMINIVW.HLPC:\WINDOWS\system32\qaqwmdvf.dllC:\WINDOWS\system32\rudkwtnr.dllC:\WINDOWS\system32\RCX259.tmpC:\WINDOWS\mrofinu72.exe.tmpC:\WINDOWS\system32\L24D7.tmpC:\WINDOWS\system32\LF0B7.tmpC:\WINDOWS\system32\byxvtqp.dllC:\WINDOWS\system32\L7EE9.tmpC:\WINDOWS\system32\L552A.tmpC:\WINDOWS\system32\L7CE6.tmpC:\windows\~DF1CD4.tmpC:\windows\~DF35C7.tmpC:\windows\~DFC01C.tmpC:\windows\~DF7F09.tmpRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b0979f5-3c0c-11db-9414-806d6172696f}]RenV::----a-w 125,528 2008-01-22 19:30:12 C:\Program Files\Common Files\AOL\1157372527\EE\AOLHostManager .exe----a-w 125,528 2008-01-22 19:31:03 C:\Program Files\Common Files\AOL\1157372527\EE\AOLHOS~1 .EXE----a-w 79,448 2008-02-08 20:04:16 C:\Program Files\Common cwwozniak replied Mar 17, 2017 at 3:19 PM Chrome unusable, overrun with ads kafkaesque replied Mar 17, 2017 at 3:13 PM Loading... Check out the forums and get free advice from the experts.