Please help, Vundo is being a pain in my...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by forthespoils, Sep 4, 2006.

Thread Status:
Not open for further replies.
  1. forthespoils

    forthespoils Private E-2

    A recent infestation has left me stumped. As per the forum sticky, I have already run all of the prerequisite scanners. In addition, I have run ad-aware, anti-vir, and ewido, and after researching all of the info in the logs, I ran ATFcleaner, and VundoFix. I believe I have gotten most everything, but I am having serious issues with vundo. The file of primary concern is C:\windows\system32\jkkjg.dll. Vundofix did identify the file, but was unable to remove it (I tried numerous times, unsuccessfully, in normal boot mode, safe mode, and upon a fresh restart (before memory population)). I then proceeded to attempt using unlocker to unlock it from all (4) of the processes it is attached to, in order to manually remove it, but upon unlocking it kills explorer, making it impossible to delete the file. Attached are my HJT log, my bitdefender log, and my panda log. I will make a second post to add the newfiles log and my vundofix log (I am omitting the runkey log as it was empty). If I need to give more information, just let me know.

    I'm pulling my hair out with this one, so a big thank you ahead of time for any help.
     

    Attached Files:

    forthespoils, Sep 4, 2006
    #1
  2. forthespoils

    forthespoils Private E-2

    As mentioned, here are the newfiles and vundofix logs. Again, thanks for the support.
     

    Attached Files:

    forthespoils, Sep 4, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You must follow the directions given in the steps for GetRunKey and ShowNew. They are not working because you did not follow the directions. You MUST extract all the files from the ZIP file as instructed. Follow the directions and attach new logs from both of them.
     
    chaslang, Sep 5, 2006
    #3
  4. forthespoils

    forthespoils Private E-2

    Actually, I followed the instructions to a T. Both were extracted to their own folders with winrar, and run from there. Both were run a couple of times, and I even ran the XP fix attached to that page. Why they didn't produce proper logs is beyond me, but I'm no child, and I do follow directions. Regardless, this thread can be closed, as I had a major explorer crash, and a repair install has completely borked windows, requiring a reformat. Thanks for the (lack of) help.
     
    forthespoils, Sep 5, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry but no you did not! If you did, then the partial log for ShowNew would indicate the folder where the files were extracted to. You are running the batch files from inside the ZIP file using WinRAR. You must completely extract ALL the files from the ZIP file into a folder and then you must run ShowNew.bat and GetRunKey.bat by locating them using Windows Explorer and then double click on them.

    We gave you plenty of help for which you got for free! Your inability to follow directions is the cause for the lack of help!
     
    chaslang, Sep 5, 2006
    #5
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds