Need help with problem (all steps recommended are tried)

Discussion in 'Malware Help (A Specialist Will Reply)' started by LordAshram, Jan 18, 2006.

  1. LordAshram

    LordAshram Private E-2

    Hello all,

    Unfortunately, a friend of mine who has dial-up spent a week at my house, with my computer with cable access. He got carried away with the porn, and now my computer is infected by something I cannot ditch.

    I have tried everything, but my computer is a mess. Here is what I know, what I have tried, and my logs.

    So far, my computer has flagged two things. McAfee has flagged something called Vundo, and also something called C:\windows\system32\ddayx.dll.

    I can see no symptoms, except for pop ups for some spy remover program and my computer tries to go to a website www.bunnyteens.com when I start up.

    I have disabled System Restore, I have run Vundofix, I have run Ccleaner, Microsoft Windows Malicious Software Removal Tool, AdAware SE, Spybot Search and Destroy, and Microsoft Antispyware. I have also run Bitdefender and Panda Activescan and HijackThis, and have attached those logs here.

    Any help would be hugely appreciated.
     

    Attached Files:

    LordAshram, Jan 18, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jan 18, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you uninstall WeatherBug in step 0 of the READ ME?

    I see the below in Bitdefender:
    C:\Program Files\AWS\WeatherBug
     
    chaslang, Jan 18, 2006
    #3
  4. LordAshram

    LordAshram Private E-2

    Hm, I missed step 0 (okay I'm an idiot) but no weatherbug showed up... just this thing called Wildtangent that Add/Remove said was already gone, and then Viewpoint Manager and Viewpoint Media Player; you list those as possible problems?

    Running removevundo or whateveritsnameis right now; will post.

    Thank you SO much, Chaslang, for looking at this for me; you are a savior.

    LA
     
    LordAshram, Jan 18, 2006
    #4
  5. LordAshram

    LordAshram Private E-2

    Okay, ran the Vundoremover, it FOUND a bunch, including my buddy ddayx.dll... here is the HJT log.

    Thanks!
     

    Attached Files:

    LordAshram, Jan 18, 2006
    #5
  6. LordAshram

    LordAshram Private E-2

    AHHH SORRY! That HJT was from a Safe loadup... here is one from a normal load...

    Sorry!
     

    Attached Files:

    LordAshram, Jan 18, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The last step of the procedure I sent you to for fixing Virtumonde said:
    Where is the log?

    Now you need to go back to the READ & RUN ME and properly follow the instructions (completely) in step 7. The version of HJT you are using is very old.

    You did not uninstall Viewpoint Manager listed in step 0. Do you use this adware crud from AOL? I never met anyone who did.

    Also answer a question, do you use Kontiki Secure Delivery? For info on it see: http://www.liutilities.com/products/wintaskspro/processlibrary/khost/
     
    chaslang, Jan 19, 2006
    #7
  8. LordAshram

    LordAshram Private E-2

    Sorry I am trying... not trying to be an idiot, tho apparently I am successful nonetheless:)

    Okay, here is the vundo read me, attached.

    I didnt catch the viewpoint thing in step 0:( I'll go back and take care of that, but does that mean I need to run through all the steps again?

    I didnt realize my HJT was that old... I only downloaded it a couple of days ago, but maybe the site that was hosting it was old:(

    As for the secure delivery, I have no idea if I use it... I am really sorry, with my friend being on here I have NO idea what he did:( And no, I am not just making that up; otherwise I would just say "I looked at porn!" and have done with it;)

    Thanks, and sorry for annoying!
     

    Attached Files:

    LordAshram, Jan 19, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That log is incomplete. What happened? Did you run it again and post a new one?

    You had mentioned them yourself in message # 4. I thought that meant you removed them. No you do not need to do the steps over again. Just uninstall it.

    You are supposed to be following our instructions and clicking on our links. This would make sure you have the proper program versions and that they are clean.

    That's okay. Most people do not use it. That is why I asked. Look for Secure Delivery in Add/Remove programs too (if not found, see if Kontiki is shown). Either way uninstall if possible.

    Just do your best to follow the directions given exactly as written! Ask questions if you do not understand something.

    After uninstalling Viewpoint and Secure Delivery, make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log (with the proper version too):

    Downloading, Installing, and Running HijackThis
     
    chaslang, Jan 19, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds