Vundo/combofix problems / Win2000 Pro

Welcome to Major Geeks!

I'm not sure why ComboFix would not run properly for you. Yes it is possible that some protection software caused a problem. Let's ignore it for now and see if we can resolve any malware problems you have without ComboFix.

It is not telling you anything at this point other than the fact that it never finished running. Whic is also the reason for your clock being changed to military time. Here is a fix for that:

You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.

No we do not want you to run HijackThis because it is already part of MGtools.

I see you copied MSconfig from another Windows OS to your Windows 2000 system which does not normally have MSconfig; however you ignore the instructions in step 1 of the READ ME that specified that MSconfig must not be used to control startups and you are using it to control both normal startup processes and also a bunch of services. You must not use MSconfig like this. It was only meant to be used as a temporary debugging tool. See this link: Dealing with Startup Processes


We only have a little malware remnants to cleanup.


Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {80C1BE10-F9C8-4E53-A106-90683FC52A57} - C:\WINNT\system32\vturp.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [combofix] C:\WINNT\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O20 - Winlogon Notify: fccaxwx - fccaxwx.dll (file missing)

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

No!! This actually makes things worse and does not remove all the items stuck in the MSconfig registry keys. Rename it back to msconfig.exe and follow the steps below. Basically you just need to run MSconfig and select Normal Startup then reboot.

The below is a direct quote from step 1 of the READ ME. Normally it does not apply to Windows 2000, but since you put a copy of MSconfig on your Windows 2000 PC it does apply to you.

• You should be able to follow the instructions for Windows 98, 98SE, ME and XP Users

How are things currently working? Any problems?