MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 11-16-08, 09:54
mrpickem mrpickem is offline
Private E-2
 
Join Date: Nov 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default vundo.gen.m

I installed an image editor that corrupted my acdsee pro 2.0 install. I tried to update with a 2.5 update from the newsgroups.

Now after starting with many instances of dnsredirect malware, I was able to clean them, then I found many vundo.gen.m & vundo,gen.k instances. I followed the malware removal from majorgeek (great tutorial btw) and seem to be mal-free except I still have 2 problems. My vista ultimate is constantly wanting to run ckkdsk on boot up and gave several errors about corrupt directory/file when running ComboFix. I'm not sure if this is related or not because every once in awhile the ckkdsk would run at bootup before this.(Only once a month or so though).

The other problem is this rogue ACDSEE Pro 2.5 install cannot be removed (see pic) and when I try it seems to populate instances of vundo.gen.*



Logs attached.

Any help is much appreciated. Thanks.
Attached Files
File Type: log SASlog.txt.log (871 Bytes, 3 views)
File Type: txt log.txt (16.8 KB, 2 views)
File Type: zip MGlogs.zip (103.0 KB, 2 views)
Reply With Quote
Sponsored links
  #2  
Old 11-16-08, 11:17
mrpickem mrpickem is offline
Private E-2
 
Join Date: Nov 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: vundo.gen.m

Oh I forgot the spybot log...it was clean.
Attached Files
File Type: txt SpybotSD.Report.txt (245 Bytes, 0 views)
Reply With Quote
  #3  
Old 11-17-08, 01:41
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,682
Thanks: 62
Thanked 7,793 Times in 4,227 Posts
Default Re: vundo.gen.m

Welcome to Major Geeks!

Quote:
Originally Posted by mrpickem View Post
Oh I forgot the spybot log...it was clean.
We did not ask for one anyway We did however ask for a log from Malwarebytes which you need to attach but I see you ran it multiple times so please attach all of the below files. I don't need the other two smaller logs.
Code:
mbam-l~1.txt  Nov 15 2008        2156  "mbam-log-2008-11-15 (17-08-11).txt"
mbam-l~2.txt  Nov 15 2008        1594  "mbam-log-2008-11-15 (17-32-34).txt"
mbam-l~4.txt  Nov 15 2008        3570  "mbam-log-2008-11-15 (21-20-03).txt"
According to your logs that is not a rogue ACDSee installation. It is valid. Did you install an illegal patch/upgrade?

Your logs appear to be clean.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #4  
Old 11-17-08, 15:48
mrpickem mrpickem is offline
Private E-2
 
Join Date: Nov 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: vundo.gen.m

Thanks for the reply.

I have 2 versions of acdsee installed. The 10.0 is fine but the Pro 2.5 is the one I can't remove through add/remove programs...it gives an error that it cant contact a network drive/address and then I have more instances of malware after trying to run the uninstall. I did not install an illegal patch only an upgrade I downloaded off the group a.b.comp "Portable ACDSee Photo Manager PRO 2.5.332"

Thanks again
Attached Files
File Type: txt mbam-log-2008-11-15 (17-08-11).txt (2.1 KB, 2 views)
File Type: txt mbam-log-2008-11-15 (17-32-34).txt (1.6 KB, 1 views)
File Type: txt mbam-log-2008-11-15 (21-20-03).txt (3.5 KB, 1 views)
Reply With Quote
  #5  
Old 11-18-08, 01:54
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,682
Thanks: 62
Thanked 7,793 Times in 4,227 Posts
Default Re: vundo.gen.m

Quote:
Originally Posted by mrpickem View Post
I did not install an illegal patch only an upgrade I downloaded off the group a.b.comp "Portable ACDSee Photo Manager PRO 2.5.332"
Valid leagal upgrades come from their website not from alt.binaries. You more than likely downloaded an illegal patch which included an infection. You may have to uninstall all versions to resolve your problem since you could have infected your 10.0 version now; however, first see if the below will uninstall the Pro version.

Your Uninstaller! 2008
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 11-18-08, 17:34
mrpickem mrpickem is offline
Private E-2
 
Join Date: Nov 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: vundo.gen.m

Quote:
Originally Posted by chaslang View Post
Valid leagal upgrades come from their website not from alt.binaries. You more than likely downloaded an illegal patch which included an infection. You may have to uninstall all versions to resolve your problem since you could have infected your 10.0 version now; however, first see if the below will uninstall the Pro version.
Let me say, I believe in compensation for all software developers. I do however sometimes test a piece of software in it's complete version before purchase. I either purchase it of remove it within a couple week depending on how well it meets my needs. The ACDSEE 10.0 is legit and paid for and I have bought several versions over the years.

Your Installer did remove the malfuntioning version, although it did give same error as normal removal process...it was able to get past that error message. See pic of error...



I did run malwarebytes scanner after the uninstall and it showed nothing.

I still frequently get the following message after reboot,,,including after "Your Installer" install a few minutes ago. The message is as follows...

"Checking file system on C: The type of the file system is MTFS.

One of you disks needs to be checked for consistency. You may cancel but it is strongly recommended that you continue. Windows will now check the disk."

It says hit any key to skip, but will not skip the procedure. It never finds anything, just takes about 5 minutes to run. Any ideas why this happens?

Thanks so much for your time and help. I feel much better about my PC and will follow your rules on preventing malaware.

Is there some cleanup I need to follow to uninstall combofix and others?
Reply With Quote
  #7  
Old 11-20-08, 02:08
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,682
Thanks: 62
Thanked 7,793 Times in 4,227 Posts
Default Re: vundo.gen.m

Quote:
Originally Posted by mrpickem View Post
I still frequently get the following message after reboot,,,including after "Your Installer" install a few minutes ago. The message is as follows...

"Checking file system on C: The type of the file system is MTFS.

One of you disks needs to be checked for consistency. You may cancel but it is strongly recommended that you continue. Windows will now check the disk."
I assume you meant NTFS not MTFS. Either way this is a problem that should be posted in the Software or Hardware Forum.

Quote:
Originally Posted by mrpickem View Post
Is there some cleanup I need to follow to uninstall combofix and others?
If you are not having any other malware problems, it is time to do our final steps:
  1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /u
      • Notes: The space between the combofix" and the /u, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    • Delete the C:\combofix folder from combofix (if it exists)
  3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  5. Go to add/remove programs and uninstall HijackThis.
  6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
  7. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  8. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Infected By 2 Trojans Vundo.gen!C & Vundo.gen!E Help Please soundcatcher Malware Removal 1 08-27-08 22:13
Having Fun-do with Vundo gankin247 Malware Removal 6 08-12-08 23:01
I got the Vundo too l'Anonyme Malware Removal 8 11-28-07 13:59
Vundo jp.pack Malware Removal 10 10-03-07 20:58
Vundo maybe? Hezzikiah Malware Removal 7 09-29-07 02:13


All times are GMT -5. The time now is 00:35.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger