poss vundo..can't do anything :(

windows XP, sp2
AVG 8.5
Have been having problems with that antivirus pro, removed a couple of times with AVG (had to fix reg a couple of times).

Earlier tonight I got pop-up warning from AVG and listed vundo.hj (?), I shut everything down and ran the AVG scan..reboot..and bam, I am infected..ugh

Now nothing works at all in normal mode, cntr-alt-del will not open program manager, and renaming .exe to .com will not open other programs.

I am in safe mode w/network and going through your read me/do me first but I am unable to run/install any of the programs in safe mode (tried renaming them, and in admin and my usual login).

I do have malwarebytes anti-malware and spybot-sear and destroy..if that helps as a starting point..

I'm usually 'okay' at searching for fix's and doing what I can to get going again..but I am totally stumped and in over my head this time :cry

 

Okay..I ran that superspy thing in safe mode, found the link to do it online instead of installing it..it found a lot..linking the file..

so i get this little box when i start win that says 'error loading c:\windows\system32\kolojebe.dll the specified module can not be found'

I ignored it and everything is fine, except the little box won't go away..I think before I was clicking it and that was starting all the virus junk..but anyways, i still have it none the less.. I am going back to see how much more I can get done from your do me first sticky.

Oh..one thing, I have old java installs..but I was unable to uninstall them in safe mode..will try in normal and hopefully be able to update that.

 

woot! moving along now, ran malwarebytes, log attached..when computer rebooted the little error didn't pop..so I feel I am making some progress lol

note: when I opened the log in mb avg opened an alert, referencing C:\windows\windows32\vsfoceqkivprae.dll

and ..\notepad.exe

well..heres the log of that:

Resident Shield detection
Infection; Trojan horse Generic14.ARLM;"C:\WINDOWS\system32\vsfoceqkiuprae.dll";"Moved to Virus Vault";"9/19/2009, 5:07:14 AM";"file";"C:\WINDOWS\system32\notepad.exe"
​

 

First..sorry for spreading this out so much, was just trying to keep things posted as I figured them out :-o

ComboFix - man that really messed up my system for a while..it locked after displaying log (at which point it should have been done?) I let it sit for about 30mins before I finally rebooted. All my icons were gone and trying to start->turn off or log off or restart would freeze everything. So I moved onto the next scans..after re-starting computer a few times, icons reappeared..strange.

Last of the log files included..so far seems to be okay, so just need to make sure I have things cleaned up - thanks in advance, and this site has been a tremendous help.

 

Sweet! Thanks for getting to me, my bad for not reading all the stickies first :-o

Ran Avenger and MGtools for logs (attached)

While first doing initial read me/do me first sticky I was in safe mode and downloaded ComboFix to desktop in Admin of safemode. I was than able to boot normally (before I ran it). So ComboFix resides on the desk top of Admin/safe mode I ran it by way of shortcut from my desktop.

Also after doing initial read/do me first sticky I have installed comodo firewall and superantispyware. I also patched to SP3 for WinXP. I also cleaned up several more old programs I don't use anymore (I even finally deleted WoW!) lol

The AVG 8.5 is the paid for version, I'm not clear on how that differs from the free one but to 'disable' it I turned resident shield and web shield off, and then right click/exit from the tray (not sure if that disables everything or not); but I couldn't find any other options to disable anything else. It is of course all back on now.

 

Great! Running cleaner and moving combo, haven't had any issues per say. However it takes several minutes for windows to start? Wasn't sure if that was because of installed programs during cleaning process? It never has taken that long before. - shutting down firefox to run cleaner (don't loose me in que..i'll brb!) lol

 

So did the previous, uninstalled everything and since I (hope) I know whats coming next I did the "If you are not having any other malware problems, it is time to do our final steps:" instructions. No signs of any virus issues. Only issue is a really long start up for which I have posted in the software section for help.

Thanks guys, if anything creeps back up I'll start all over again (with the read me and do me first) and start a new post.

/bow