Vundo help please

Alright I ran all of the scans and stuff posted on the "read me first" page and I couldn't get rid of the Virtumonde thing. I keep getting a ton of pop-ups and now I can't even open my homepage. If anyone could help me I would really apprecaite it! Thanks

 

sorry it's taken me so long to get back to you. I tried using the symantec trojan.vundo tool but when I ran the scan it told me that it couldn't find any trace of virtumonde on my computer. However I ran Microsoft Antispyware later and it said that it still found it on my computer. I'm really confused. Here are the logs from when I ran the symantec thing in safe mode:

Symantec Trojan.Vundo Removal Tool 1.4.0
The process "winlogon.exe" contained a viral thread (0000023C). The thread was terminated.
The process "winlogon.exe" contained a viral thread (00000248). The thread was terminated.
The process "winlogon.exe" contained a viral thread (0000024C). The thread was terminated.
The process "explorer.exe" contained a viral thread (00000300). The thread was terminated.
The process "explorer.exe" contained a viral thread (00000304). The thread was terminated.

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir: (not scanned)
C:\System Volume Information: (not scanned)

Trojan.Vundo has not been found on your computer.

And here's the log from when I ran it in normal mode:

Symantec Trojan.Vundo Removal Tool 1.4.0
The process "winlogon.exe" contained a viral thread (000003BC). The thread was terminated.
The process "winlogon.exe" contained a viral thread (000003C8). The thread was terminated.
The process "winlogon.exe" contained a viral thread (000003CC). The thread was terminated.
The process "explorer.exe" contained a viral thread (00000578). The thread was terminated.
The process "explorer.exe" contained a viral thread (0000057C). The thread was terminated.

C:\System Volume Information: (not scanned)
registry: HKEY_CLASSES_ROOT\MSEvents.MSEvents (key deleted)
registry: HKEY_CLASSES_ROOT\MSEvents.MSEvents.1 (key deleted)


Trojan.Vundo has not been found on your computer.



If I'm doing something wrong let me know.

 

Post a HijackThis log as an ATTACHMENT.

 

Here are the logs that I posted as attachments. Sorry about that.

 

Please post a HijackThis log not the Vundo logs.

 

Here's the Hijackthis log

 

Please follow the instructions in the following thread: thread:
Running Ewido Security Suite

Then post the Ewido log and a fresh HJT lig when completed with the above.

 

Alright here are the logs you asked for. The first one is for ewido and the second one is for hijackthis.

 

You have HijackThis installed incorrectly, please reinstall HijackThis to C:\HJT.

Also that log appears to be from Safe Mode. After you have reinstalled HijackThis post a fresh log from Normal Mode.

 

urg, thanks for your patience. I'm trying to get this right. Here's the hjackthis log form normal mode.

 

Please follow the instructions in the following threads:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Please make sure System Restore is OFF.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files

• This will create a VundoFix folder on your desktop.

• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

• You will first be presented with a warning and a list of forums to seek help at.
  
  it should look like this

• At this point press enter one time.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\mljgf.dll​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\fgjlm.*​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• The fix will run then HijackThis will open.

• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.

• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

• Once your machine reboots please attach a fresh HJT log from normal mode.

 

Ok here's the new hijackthis log

 

You can unistall Viewpoint Manager and Symantec Security Center using Add or Remove Programs in the Control Panel.

If there is no entry for Symantec Security Center then do the following:

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to SymWMI Service or SymWSC ... right-click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press "OK":

SymWMI Service or SymWSC (Whichever you found above)

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Reboot your system and post a fresh HijackThis log.

 

here's the new hijackthis log

 

Your log is clean. How is your computer running?

 

It's running great! Thank you so much for your help.