WiredWX Hobby Weather ToolsLog in

 


4 Trojan.Vundo.H and 1 Trojan.Vundo

2 posters

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled\ deleted successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_191722


Also, Internet Explorer seems to run a bit slow, but not very. Im wondering, could it be because how old this computer is? We got it back in uh... 02 or 01 I believe.

However then again, on my computer I run with Firefox, so maybe im just seeing the difference.

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyWait, what?

more_horiz
Slight problem, whenever I go to run to input that command, "ComboFix /uninstall" I get an error reading the following: Windows cannot find ComboFix. Make sure you typed the name correctly, and then try again.

I also tried "Combo-Fix /uninstall" and got the same error.

Edit: I just noticed, Combofix is no longer on my desktop. Whoa! But then again, earlier, I recieved a notification from McAfee saying it successfully removed a trojan, I didnt get to see it all, but I saw the word Artemis and ComboFix in it. Could McAfee have removed it? I know on my computer it didnt. I dont think theres much to worry about then, right? Its gone either way. Let me think

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Hello.
Yeah, Mcafee doesn't like Combofix, it's just a false positive, ignore it.

Can you run the ESET scan now?

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyOne last thing...

more_horiz
:smile2: Heh, sorry again for the delay, but can you recommend a good anti-virus? The subscription for McAfee just ran out on his computer, and we were talking about leaving it and possibly going to Kapersky? I havent heard much about that anti-virus, I know AVG is good, and I even saw you recommend Avira.

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Avira is much better than AVG to be honest, AVG is known for lots of false positives and has worst detection rates.

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8c1751e5c7574445a47f659febf9bd74
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-08-07 06:43:36
# local_time=2010-08-07 02:43:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776533 100 96 0 33211278 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93686
# found=5
# cleaned=5
# scan_time=4059
C:\Downloads\ArmyMenRTS-dm[1].exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\Downloads\ArmyMenRTS-dm[2].exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0775082.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0775083.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\WINDOWS\SYSTEM32\DRIVERS\lqfbwgno.sys Win32/Delf.NFO trojan (cleaned by deleting - quarantined) 3F47956275EFDD2556BB20C6FDD70721 C

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


How is the machine running now?

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Better! Much better! However just 10 minutes ago, I ran a malwarebytes quick scan and it came across a Trojan.Vundo. Suspect I removed it ( as far as I know ) and I was prompted to restart my computer, which I did.

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Can you post the log please? I'd like to know where it detected it.

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2010 9:41:21 PM
mbam-log-2010-08-09 (21-41-21).txt

Scan type: Quick scan
Objects scanned: 155236
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\clbaclb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyDid a second scan, its gone?

more_horiz
Its gone? Let me think

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4417

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/10/2010 10:43:15 PM
mbam-log-2010-08-10 (22-43-15).txt

Scan type: Quick scan
Objects scanned: 155841
Time elapsed: 11 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Yup, just a leftover file. Smile...

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Alright.

Also, what would you make of this? Today I turned on my computer ( my XPS 420, Vista ) and I was prompted to restart my computer because of windows updates. After the restart, I was unable to bring up Firefox, so I restarted again. I then tried bringing up MBAM, but it wouldnt come up, even though my cursor was at -busy- when on my desktop. After a while I got impatient and restarted again. I then came back on to have to fix my McAfee security settings, (because things were disabled, it randomly does that) and I brought up MBAM again to do a quick scan. Mid-scan however, MBAM froze. The scan took an overall 21 minutes and 16 seconds, however nothing was found. Roger that This is abnormal because updated quick scans finding nothing usually take 6-8 minutes.

Stutter maybe? Or.. what? Let me think

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
Can you run Combofix?

description4 Trojan.Vundo.H and 1 Trojan.Vundo - Page 2 EmptyRe: 4 Trojan.Vundo.H and 1 Trojan.Vundo

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum