malware indeed

If you followed all the steps, you would have attached the requested logs. Please do so now.

 

I seriously doubt that it fix all of your problems with Vundo. The more recent Vundo infections are depositing files all over the place and are typically not totally fixed with VundoFix. I suggest you complee the READ & RUN ME and attach all the logs so we can verify everything has been removed. Even leaving one file from it behind can cause it to respawn and it usually comes back with an even worse infection than the first time.

 

Okay you are in pretty good shape as far as Vundo is concerned but we have some other things to do.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.



Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew

Make sure you tell me how things are working now!

 

Sometimes you just need to exit the page and then re-enter the page and possibly also do a refresh. Also sometimes it helps to empty your IE cache first.

• In IE, click Tools, Internet Options, General tab and then Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

 

Did you or do you still use a program named Folder Lock? See: http://www.newsoftwares.net/folderlock/
I see the below file which has been associated with Folder Lock.

Code:

"C:\"
sccfg.sys     Mar  5 2007          20  "sccfg.sys"

Delete the below file
C:\Documents and Settings\chris\Local Settings\Temp\edhtjqii.dll


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Yes the file I listed should be deleted. That is C:\sccfg.sys

 

You're welcome. Surf safely.