Can't get rid of vundo.gen.1 trojan

clemsonstudent · Jan 15, 2009

When running spybot I discovered I had been infected with the trojan vundo.gen.1 Spybot was unable to remove the virus. I use McAfee antivirus and it has been unable to remove the virus as well. It detects it but can do nothing with it. I am going to attach the log files that you have requested.
Please help.

clemsonstudent · Jan 15, 2009

Here is the 4th log file.

dr.moriarty · Jan 17, 2009

Welcome to Majorgeeks

We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first

Thanks for your patience.
dr.m

dr.moriarty · Jan 24, 2009

Sorry the delay in getting back to you, clemsonstudent.

The below fixes are specific to your problem and should only be used for issue(s) on this machine. Also, please do not install any other software while we are still working with you unless instructed. Once we have given you the all clean and final instructions you will be free to install what you want.

I strongly recommend that you clean up your Desktop immediately leaving only links. Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware, and last but not least it can have an effect on your PCs performance.

Step 1:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 2:
Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Files to delete:
c:\windows\Tasks\qvwflqdi.job
c:\windows\qlftuvxb
c:\windows\mjzylcjr
Click to expand...

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Step 3:
Run Ccleaner

Step 4:
Now install the latest Sun Java Runtime Environment

Step 5:
Be sure to run SAS and MBAM on each Adminstrator's account. <--- with updated definition databases.

Step 6:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below logs to your next reply:

C:\MGlogs.zip

C:\avenger.txt

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

clemsonstudent · Jan 26, 2009

I have done everything you told me to and am posting the two requested files

dr.moriarty · Jan 26, 2009

clemsonstudent

A Cautionary note: It's a very bad idea to store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware, and last but not least it can have an effect on your PCs performance.

Your logs look good! If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan. NOTE: Move SAS from your desktop to its own folder under C:\Program Files.

If we had you use ComboFix, uninstall ComboFix (=This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

If we had you run Avenger, you can delete all files related to Avenger now.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware

Click to expand...

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

Log in or Sign up

Can't get rid of vundo.gen.1 trojan

clemsonstudent Private E-2

Attached Files:

SAS.txt

mbam-log-2009-01-15 (16-05-03).txt

combofix.txt

clemsonstudent Private E-2

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

clemsonstudent Private E-2

Attached Files:

avenger.txt

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member