infected with smitfraud and vundo

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gjprice, Jan 14, 2009.

  1. gjprice

    gjprice Private E-2

    I have tried the suggested procedures, but am still experiencing a slow computer as a result of contracting smitfraud and vundo. I think I contracted them by trying to add a new serial number to Nero. Also, my icons are all blue and the time format did not return to original state after ComboFix. My pc has been slow for about five days. I couldn't run SuperAntiSpyware. Any help would be greatly appreciated. Attached are the logs . . .
     

    Attached Files:

    Last edited: Jan 14, 2009
  2. gjprice

    gjprice Private E-2

    more logs . . .
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You said you could not run SUPERAntiSpyware, but I see the below logs from Jan 13th??? Please attach them.
    Code:
    "C:\Documents and Settings\G Price\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
    supera~1.log  Jan 13 2009        4476  "SUPERAntiSpyware Scan Log - 01-13-2009 - 19-42-24.log"
    supera~2.log  Jan 13 2009        4492  "SUPERAntiSpyware Scan Log - 01-13-2009 - 21-29-00.log"
    
    New versions of Malwarebytes and SUPERAntiSpyware are out. Let's make use of them.

    • first run Malware bytes and select the Update tab and then update it. After updating, run a new scan and attach this new log later.
    • If Malwarebytes finds anything at all, make sure your reboot immediately afterwards.
    • Now please uninstall your current version of SUPERAntiSpyware (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this new log.
    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below software:
    LiveUpdate 2.6 (Symantec Corporation)
    Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!

    Note your ssystem will always be slow since you only have 512 Mb of memory and about 106Mb free. You need at least 1 Gigabyte of memory.
     
  4. gjprice

    gjprice Private E-2

    Thanks for responding. Should I attach the SAS logs before I do anything else?
     
  5. gjprice

    gjprice Private E-2

    Also, you said to attach the Malware bytes log later, but I didn't see when to do that.

    One other thing . . . whenever you say to "attach this log (or new log)", do you mean to stop everything and post the attachment at that time and wait for a reply from you on what to do next?
     
  6. gjprice

    gjprice Private E-2

    What constitutes a "program"? For example, are these icons on my desktop programs? . . . Windows Explorer; My Computer; My Network Places; Games, Music, & Photos; and Documentation & Support.
     
  7. gjprice

    gjprice Private E-2

    I decided to go ahead and try what you suggested in post #3 and am attaching the logs as asked. Things seem to be a little better, but Firefox is still very slow loading . . . about 30 seconds.

    Thanks,
    gjprice
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds