Possible Vundo infection?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Felix Felicis, Aug 6, 2008.

  1. Felix Felicis

    Felix Felicis Private E-2

    Now I'm not very computer-savvy, but I've done my best to follow all intructions.
    I think I got infected with a virus about a week ago, but only in the last few days are any real problems becoming apparent. I'm running Vista, and the biggest symptom is web pages failing to load. With increasing frequency, neither Firefox nor IE (nor Safari, actually) can find:
    Gmail (homepage)
    Paypal.com
    community.livejournal.com/whatever...

    Firefox will give me some standard error message, normally that the site cannot be found. If I try again about 15 minutes later, they're fine. Also, I have a separate Gmail notifier app on my desktop, and when my it also struggles to connect whenever my browser does.
    Google informed me that this is a symptom of Vundo or Virtumonde, but a quick scan revealed nothing. I also ran vundofix, but I understand it's pretty useless now.
    I've done the recommended scans and loggings (except combofix, which gave me an error message), and I've attached what I have here.
    Any help would be hugely appreciated.
     

    Attached Files:

    Felix Felicis, Aug 6, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Not true! And you do not have a Vundo infection. I'm not sure if your problem is due to malware or not. Let's finish fixing what I do see in your logs and see what happens afterwards.

    What exact error message did you get from ComboFix? Did you try to run it in safe boot mode if normal mode would not work?

    First you need to disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer


    Uninstall the below old versions of software:
    Java(TM) SE Runtime Environment 6

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Aug 7, 2008
    #2
  3. Felix Felicis

    Felix Felicis Private E-2

    Sorry about the duplicate thread - I'll know for next time.:)

    Anyway:
    I'm running Vista Home 32bit, and I downloaded a file which was masquerading as an mp3, and I'm now sure was a virus. There were no symptoms up until a few days ago, when suddenly I could no longer access gmail.com or some of my other frequented sites. Firefox would give me an error along the lines of "server could not be found". I also tried the sites in Safari, to no success.
    Then, some websites stopped displaying images properly, notably bebo.com.
    Next, icons and images on my desktop started disappearing. My wallpaper would go black, and files would lose their icons, becoming only a name.

    Nothing was picked up during scans, so I backed everything up on DVDs and formatted my computer, re-installing Vista. Everything seemed fine, but not, I'm intermittently forbidden access to Gmail again. I'm now worried that something malignant got backed up and then put back into my system.
    As of last night, my wallpaper is gone and icons are disappearing.
    I've attached my logs here (as I'm not allowed to reupload the same files), though I cannot run combofix - I'm given an error message about having an incompatible OS. The scans turned up pretty much clean, except for spybot finding a couple of funny cookies.

    I realise these problems aren't too serious, I just worry that they might be the only visible symptoms of a deeper problem.
     
    Felix Felicis, Aug 9, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have reinstalled your system after a format then you are not having malware problems. And your last logs in the other thread agree since they are clean. Something went wrong with your installation or you are reinstalling something that is causing a problem.

    I suggest that you clearly explain each of your problems in a new thread in the Software Forum. Also make sure you explain that you just reinstalled and also make sure you explain anything else you installed and did after installing Vista.
     
    chaslang, Aug 9, 2008
    #4
  5. Felix Felicis

    Felix Felicis Private E-2

    OK - I'll do that and hope for the best. Thanks a lot!:)
     
    Felix Felicis, Aug 10, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Aug 10, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds