360 AntiVirus to Vundo et. al.

First of all, I just want to say thanks for making such useful information available!

My problem started with some mildly strange behavior (a few popups whereas before 2 weeks ago there were none) and culminated with the 360 Antivirus onslaught.

I ran a trend micro scan and it got rid of a few things but when I deleted the quarantined files my system went into an automatic log off loop (I would login and it would immediately 'save settings' and 'close connections' and log me off).

I was able to find the replace userinit fix somewhere on the web to stop this madness. But then it was on to finding the rest of the critters.

I ran a malwarebytes scan on my own (before I was aware of this forum) and it found and got rid of Vundo and some other baddie (so I thought) only to have it reappear a few reboots later.

The search for a more thurough solution brought me here.

I've completed the 'Read this and Run' seemingly successfully but there was this flicker (matrix black cat event) that has me wondering. (As tempted as I was to do the whole 'Read This and Run' again, I did not ). I googled .net and when I clicked on the link for Microsoft, it took me to some other no-name site. Also when I start Firefox, my cd rom drive starts spinning as if I've sent a request to access it (but I HAVEN'T! strange).

So here I am posting my log files hoping to get the all clear but thinking there's still something lurking somewhere.


For starters, there were a few things I did before starting.

I uninstalled .net (it was old anyway, not updated)
Uninstalled Java (same thing)
Uninstalled Firefox (i had printed these instructions and downloaded all the files to another system and burned them to CD)

Super Anti-Spyware completed as documented. It found and irradicated things

SpyBot S&D needed to restart because 1 out of the 9 items could not be remedied without a scan after reboot because it was resident in the memory. Upon shutdown, I received a memory error (didn't document it) clicked ok booted back up and it proceeded to scan and complete without further incident.

Malwarebytes completed as documented seemingly without incident

ComboFix let me know that trend micro was running in the background (there were two entries for it, kinda weird). I uninstalled it but it still showed up in the combofix window (one of the two entries). I let it run anyway, it found a few things (i think) and had to reboot to finish. Upon reboot it launched but so did every other start up app I had so I don't know how this impacted it.

MG tools ended with a type 4 error so after it finished I reinstalled .net

I disabled and re-enabled my restore points and then started to delete some of the apps installed during this process.

When I uninstalled Super Anti-Spyware, it asked if I wanted to delete the logs and items that were quarantined. I clicked yes (had already saved the logs elsewhere). It was a short while after this that I opened my browser window and had that unexpected result from clicking on the Microsoft link.

That's the whole story.

Thanks again for your time and all that MG's does to combat the forces of darkness!

 

Thanks for the response. I was waiting for the thread to be approved, sorry for the delay.

Here it is.

I think I also may have some type of clickbot or redirector on the system that I do NOT want.

Anyway, here's the log...

 

I removed the files you specified.

I thought everything was ok but this symptom let's me know it's not.

When I perform a google search and try to click on the results, instead of the browser opening to the page selected, it's redirected to some other search site or web site.

I'm using Firefox on an XPsp2 Intel Dual Core laptop

I've checked the list of undesirable apps that should be uninstalled and none of them are on my system.

Thanks

 

Oh, I also checked to see if this was happening in IE8 but so far nothing. This appears to just be happening in Firefox (3.0.6)