Home > Solved Please > Solved: Please Help With Vundo

Solved: Please Help With Vundo

This site is completely free -- paid for by advertisers and donations. Xfer Windows Emai Messages... Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"O4 - HKLM\..\Run: [DefragTaskBar] If you require support, please visit the Safety & Security Center.Other Microsoft sitesWindowsOfficeSurfaceWindows PhoneMobile devicesXboxSkypeMSNBingMicrosoft StoreDownloadsDownload CenterWindows downloadsOffice downloadsSupportSupport homeKnowledge baseMicrosoft communityAboutThe MMPCMMPC Privacy StatementMicrosoftCareersCitizenshipCompany newsInvestor relationsSite mapPopular resourcesSecurity and privacy Source

Here's the log. CLick the Ok button and Notepad will open with a log of actions taken during the fix. It will create a folder named WinPFind3u on your desktop. I'm currently looking over your log. https://forums.techguy.org/threads/solved-please-help-vundo-problem.649798/

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. This is a communal computer, so someone clicked it. Record Number: 156928 Source Name: Service Control Manager Time Written: 20080829155906.000000-300 Event Type: information User: Computer Name: NEWEOK Event Code: 7035 Message: The Universal Plug and Play Device Host service was Sorry, I did not see in the prep instructions about AdwCleaner and aswMBR logs.

I'll be making a donation as soon as my boss returns with his cc (it's his machine). This applies only to the original topic starter. Check out the forums and get free advice from the experts. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

Attached Files: WinPFind3.Txt File size: 366.8 KB Views: 10 Dunkerleys, Nov 12, 2007 #6 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,017 Did you install the keylogger on your machine? The family may create the following registry entries to store data or use machine-specific information to compute where to store data on your PC: Some Win32/Vundo variants may use a list Please stay with me until the end of all steps and procedures and I declare your system clean. http://www.geekstogo.com/forum/topic/227482-vundo-help-please-solved/ Please advise me.

Full screen Firefox announcements with loud audio advising of infection which I closed right away. OTListIt.Txt and Extras.Txt. When the scan completes, a zoek-results logfile should open in notepad. Client computer: \\LORI-PC.

Try to print the document again, or restart the print spooler. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Kill Explorer] [Registry - All] *UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows OTMoveIt by OldTimer has a CleanUp! cybertech, Nov 9, 2007 #5 Dunkerleys Thread Starter Joined: Nov 6, 2007 Messages: 9 I have done as you have instructed.

Number of bytes printed: 1026899. http://bornsunsoft.com/solved-please/solved-please-help-with-vundo-log-inside.html Some variants of Win32/Vundo, such as Trojan:Win32/Vundo.KO and Trojan:Win32/Vundo.gen!AJ, are dropped by variants of the Win32/Prolaco family, such as Worm:Win32/Prolaco.gen!C, which are themselves dropped by variants of Virus:Win32/Prolaco, such as Virus:Win32/Prolaco.AW, Virus:Win32/Prolaco.AP and Virus:Win32/Prolaco.AR. Win32/Vundo may also inject its code into the following processes if they are found to be running on your computer, possibly to stop or alter the functionality of the process, which may If your antivirus detects them as malicious, please disable your antivirus and then continue.

Analysis by Jaime Wong and Jireh Sanico Prevention Take these steps to help prevent infection on your PC. If you are asked to reboot the machine choose Yes. Your PC seems clean now. have a peek here They are Trojan.Vundo.H.

If during the process you run across anything that is not in my instructions, please stop and ask. Thanks!The fixes and advice in this thread are for this machine only. We have observed the following exploits detected alongside Win32/Vundo infections: CVE-2008-5353 CVE-2009-3867 CVE-2009-3869 CVE-2010-0094 CVE-2010-0188 CVE-2010-0840 CVE-2010-0842 CVE-2010-1297 CVE-2010-4452 CVE-2011-1823 CVE-2011-3521 CVE-2011-3544 CVE-2012-0056 CVE-2012-0507 CVE-2012-1723 CVE-2012-4621 CVE-2012-4681 CVE-2012-5076 CVE-2013-0422 CVE-2013-0431 CVE-2013-1493

If you solved your problem yourself, set aside two minutes to let me know.

Variants of Win32/Vundo, such as Trojan:Win32/Vundo.AF and Trojan:Win32/Vundo.gen, might create a mutex called SysUpdIsRunningMutex to prevent multiple instances of the variant from running. Thanks. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.

Page Curl Pro 2.0 (Remove Only)"AV Bros. scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-434921721-3692691103-31646442-1008\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-434921721-3692691103-31646442-1008\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000003 Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): c:\windows\absolute key logger.lnkClick to expand... http://bornsunsoft.com/solved-please/solved-please-help-trojan-vundo.html Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads

INeedHelpFast., Jan 27, 2017, in forum: Virus & Other Malware Removal Replies: 0 Views: 152 INeedHelpFast. Record Number: 156925 Source Name: Service Control Manager Time Written: 20080829135615.000000-300 Event Type: information User: NEWEOK\Newe'ok JSAS Computer Name: NEWEOK Event Code: 7036 Message: The iPod Service service entered the running Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. Attached Files: hijackthis.log File size: 8.5 KB Views: 6 kaspersky.txt File size: 35.3 KB Views: 6 Dunkerleys, Nov 9, 2007 #3 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,017 Hi welcome

I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. I'll need a bit of time to research your log fully, so please bear with me.Before we proceed to clean your computer from malware, let's go over some points that will You may also find it at your main drive (usually C:\ drive) Post its content into your next reply. #2 TwinHeadedEagle, Oct 25, 2015 Dave McKeen New Member Joined: Oct This is a discussion on [SOLVED] Impacted by vundo!grb - Please help.

© Copyright 2017 bornsunsoft.com. All rights reserved.