Desktop PC: Vundo.variant won't delete

Hello, again. Here's what's happening:

SAS found 3 instances of a Vundo.variant in something called URLSearchHooks.

Whenever any attempt is made, including by SAS, to get rid of these URLSearchHooks, an alert window comes up from a "WebshotsDesktop" program (I think the Webshots program is called Photo Manager on the computer itself, so there's a red flag right there) saying "We have blocked an attempt from another application to change your default search provider. Would you like to proceed with your search settings unchanged?" It then gives yes or no buttons. I used to click yes, but since I started running these scans, I've just been ignoring it, and...it lets me, even though it's one of those alert boxes with just an X, not shrink and restore buttons.

Now, about a week ago when I was browsing to download my daily allotment of 5 free photos at webshots on my laptop (I think this infection came from it from sharing a document via flash drive before the Vundo infection came out of dormancy, dammit), I came across one that was just this ugly, blurry--maybe horizontalish sorta thing that wasn't even wallpaper shape, and it definitely didn't fit its label. To me, that was a pretty obvious sign that someone had hijacked the site with nasties, so I immediately contacted webshots, then ran all the scans, etc., on the computer. They came up clean at the time. But, now, here we are. And...call me crazy, but I don't think uninstalling webshots is going to do the trick.

Anyway, other symptoms (on both, but we're dealing with the desktop [chaslang is handling the laptop, if you think it might help to consult with him/her]) are getting messages that the wireless network is now connected with excellent connection...without me rebooting the computer or the hub; me having to try 6 times to access the Windows Update site (each time getting an error about being unable to connect me to the site "at this time"); other sites taking forever to load; my medical terminology/region-specific medical clinics/homes Excel worksheet taking forever to come up (being pure white at first--EEK)--things of that nature. My last laptop started exhibiting signs of losing Internet connectivity and the virus scanner the day before I lost it. I'd really rather that didn't happen to my work computer, especially since my parents had to borrow twice on the house to pay their bills and my medical costs this month....I think it's still salvageable at this time.

So attaching the 1st 3 logs to this one (it appears I managed to get rid of one of the occurrences of vundo) and the last to the next message. Thanks so much!

HAAALP!

 

Re: Vundo.variant won't delete (Last Log)

Attached please find the MGTools log. Thanks again for your help! :wave

 

Re: Small Business Transcriptionist Has Tried All with Work Computer!

No wonder I haven't heard from you! I didn't reply the right way! DOH! I'm having issues again. Please see this response in the thread. (Sorry for the goof!)

http://forums.majorgeeks.com/showpost.php?p=1267399&postcount=22

 

First, uninstall your current versions of SAS & MBAM. Once uninstalled, reboot and download the new updated programs below. Once downloaded, install, update and run full scans with both. Attach the new logs once complete.

Also, download the newest version of ComboFix & MGTools below and once complete with the two scans above, run this once more as well.

Your next post should contain new logs from MBAM, SAS, ComboFix and MGTools.

MGTools.exe

ComboFix

Malwarebytes Anti-Malware 1.33

SUPERAntiSpyware 4.25.0.1008

 

Re: Desktop PC: Vundo.variant won't delete (Priority over my laptop please)

Okay...what I found very disturbing was when I awakened and arrived here to find MBAM finished and the Internet connection that I had disabled after I had downloaded the update re-enabled....

Thinking maybe I'd forgotten to disable it (stranger things have happened), after CF downloaded its update and came up with the Yes or No screen, I attempted to disable it again and got some error message like "You cannot disable D-Link Wireless at this time. It is being shared by other programs that do not support plug-and-play software." or something like that. That has never happened before. YIKES.

Also, when I closed the CF log, blank screen. Nada. No task bar, no icons. Hard drive was still going nuts, though. Ctrl+Alt+Del did bring up task mgr, though, so I was able to restart that way, and everything came up as left, so I said a prayer and ran MGTools.

So, I'm attaching my logs and shutting down again until I hear from you, as I did before.

I don't trust this sneaky bastard.

First set of logs attached; next to follow. Thanks! :wave

 

Re: Desktop PC: Vundo.variant won't delete (Priority over my laptop please)

Here is the MGTools attachment.

 

Your logs are clean on this machine! Have HJT fix this one entry below.

Also, did you download these files to this location? If so, I would relocate or delete them.

Finally, I would recommend running CCleaner or ATF-Cleaner to cleanup any junk files. Afterwards, reboot and let me know how things are running.

 

Oh, shoot! I missed this reply. Somehow, my instant replies from these 2 threads went away. My instant notifications in LiveJournal went away, too. I wonder if that happened while I was still infected. I'll do this tomorrow after the antivirus scan is done. Sorry! I just came on to do the thanks for these 2 threads and saw this. God, I feel like even more of a jerk! I already felt like one for forgetting to thank you!

 

It's ok and you are welcome!