vundo.gen.m

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mrpickem, Nov 16, 2008.

  1. mrpickem

    mrpickem Private E-2

    I installed an image editor that corrupted my acdsee pro 2.0 install. I tried to update with a 2.5 update from the newsgroups. :cry

    Now after starting with many instances of dnsredirect malware, I was able to clean them, then I found many vundo.gen.m & vundo,gen.k instances. I followed the malware removal from majorgeek (great tutorial btw) and seem to be mal-free except I still have 2 problems. My vista ultimate is constantly wanting to run ckkdsk on boot up and gave several errors about corrupt directory/file when running ComboFix. I'm not sure if this is related or not because every once in awhile the ckkdsk would run at bootup before this.(Only once a month or so though).

    The other problem is this rogue ACDSEE Pro 2.5 install cannot be removed (see pic) and when I try it seems to populate instances of vundo.gen.*

    [​IMG][​IMG]

    Logs attached.

    Any help is much appreciated. Thanks.
     

    Attached Files:

  2. mrpickem

    mrpickem Private E-2

    Oh I forgot the spybot log...it was clean.
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We did not ask for one anyway ;) We did however ask for a log from Malwarebytes which you need to attach but I see you ran it multiple times so please attach all of the below files. I don't need the other two smaller logs.
    Code:
    mbam-l~1.txt  Nov 15 2008        2156  "mbam-log-2008-11-15 (17-08-11).txt"
    mbam-l~2.txt  Nov 15 2008        1594  "mbam-log-2008-11-15 (17-32-34).txt"
    mbam-l~4.txt  Nov 15 2008        3570  "mbam-log-2008-11-15 (21-20-03).txt"
    According to your logs that is not a rogue ACDSee installation. It is valid. Did you install an illegal patch/upgrade?

    Your logs appear to be clean.
     
  4. mrpickem

    mrpickem Private E-2

    Thanks for the reply.

    I have 2 versions of acdsee installed. The 10.0 is fine but the Pro 2.5 is the one I can't remove through add/remove programs...it gives an error that it cant contact a network drive/address and then I have more instances of malware after trying to run the uninstall. I did not install an illegal patch only an upgrade I downloaded off the group a.b.comp "Portable ACDSee Photo Manager PRO 2.5.332"

    Thanks again
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Valid leagal upgrades come from their website not from alt.binaries. You more than likely downloaded an illegal patch which included an infection. You may have to uninstall all versions to resolve your problem since you could have infected your 10.0 version now; however, first see if the below will uninstall the Pro version.

    Your Uninstaller! 2008
     
  6. mrpickem

    mrpickem Private E-2

    Let me say, I believe in compensation for all software developers. I do however sometimes test a piece of software in it's complete version before purchase. I either purchase it of remove it within a couple week depending on how well it meets my needs. The ACDSEE 10.0 is legit and paid for and I have bought several versions over the years.

    Your Installer did remove the malfuntioning version, although it did give same error as normal removal process...it was able to get past that error message. See pic of error...

    [​IMG]

    I did run malwarebytes scanner after the uninstall and it showed nothing.

    I still frequently get the following message after reboot,,,including after "Your Installer" install a few minutes ago. The message is as follows...

    "Checking file system on C: The type of the file system is MTFS.

    One of you disks needs to be checked for consistency. You may cancel but it is strongly recommended that you continue. Windows will now check the disk."

    It says hit any key to skip, but will not skip the procedure. It never finds anything, just takes about 5 minutes to run. Any ideas why this happens?

    Thanks so much for your time and help. I feel much better about my PC and will follow your rules on preventing malaware.

    Is there some cleanup I need to follow to uninstall combofix and others?
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I assume you meant NTFS not MTFS. Either way this is a problem that should be posted in the Software or Hardware Forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds