Help with Trojan.Vundo

Hey everyone,
My name's Julia and I'm new here (so sorry for being ignorant), but I've read all the beginner threads before posting, done all the steps recommended, tried probably over twenty procedures and I'm still stuck with the same trojan. So here goes:

I have Norton AntiVirus and whenever I turn my computer on, after a couple minutes a message comes up, which says:
High Risk
Norton Anti Virus has detected a virus on your computer.
Object Name: C:\WINDOWS\System32\ddcca.ddl
Virus Name: Trojan.Vundo
Action Taken: Unable to repair this file.

Ever since this has been popping up, my Windows Media Player runs a lot slower, I have general problems in viewing movies (like DVDs or online clips, they won't play smoothly and frequently skip), and things have been running a lot slower. I haven't noticed any missing files. Now I have tried many procedures to get rid of this.
I've used HijackThis, KillBox, TrojanRemover, EwidoSecurity Suite, the Symantec Removal Tool, RemoveItPro, Avast Cleaner, A squared... these are just a random sample I can think of off the top of my head. Nothing seems to work, and that message always ends up coming back up. I've had Trojan.Vundo before and had that message pop, but the Symantec Removal had taken care of it (or so I thought) because my computer had gone back to normal and the message had stopped coming up.

But now it's back. Can anyone help me? Is there anything else I could try? Any help at all would be greatly appreciated.

Thanks,
Julia

 

If you have completed all of the required steps from the READ ME, please attach the Panda, Bit Defender & HJT logs.

 

I deleted past logs to avoid confusing myself and I had trouble using Panda, so I'm running a BitDefender Scan now and as soon as that's done I'll re-install Panda and do the procedure. In the mean time, I attached the HijackThis logfile, maybe there's something that can be done already with that.

 

Before we start the fix for this infection, disable Ewido and Norton.

Please see the below thread on how to install and run VundoFix.

• Virtumonde aka Trojan Vundo Fix w/ Tool ...

 

Before you attach another HJT log, please follow the below to relocate your HJT to a safer location.

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

After you have completed the above steps to relocate HJT, run it from the new location. Please save your HJT log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

Thank you SO much! I followed all the steps and ran Virtumonde and now everything works again and the message doesn't pop up. I extracted HijackThis and moved it to the location you listed. I saved as a text and attached the log file to this post.

 

To finish the cleaning please follow the below steps...

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

F2 - REG:system.ini: Shell=explorer.exe

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

I followed all the steps, ran CC Cleaner, turned system restore on and off, and attached a log file. The computer seems to be running great: DVDs play when before they wouldn't, Windows Media doesn't take a long time to load up anymore, and the internet and other programs are running much faster. Once again, the alert doesn't pop up saying the virus is there. Are there any programs that I should run periodically to clean cookies? Would it help if I ran programs like CC Cleaner often?

Thanks again,
Julia

 

Your HJT log looks good!

Yes, I would recommend running CCleaner as often as possible to keep all of the unwanted junk files from collecting.

If your not having any further problems, you should see this article on How to Protect yourself from malware!