Sticky Vundo Malware - Did I get it all?

Hello, I believe I've been infected with Vundo for a long time now, but haven't noticed it till now with constant slow downs, my hard drive grinding away, crashes and lockups when I try to shutdown. I've turned on Shut down event logging to see what the deal is, nothing so has turned up. I've read your other articles and threads about removing Vundo, I've tried to clean my system as best as I could, but I'd like to see if there is something I'm missing in my log files, thanks in advance!

I've used Counterspy, Symantec, SpyBot, and sysinternal tools to find these files already:

Code:

C:\Windows\system32\ssqrpqr.dll multiple registry entires associated with this file 
C:\Windows\system32\pmkjk.dll Killbox was able to remove this file 
C:\Windows\system32\fmqoaipn.dll 
C:\Windows\system32\vwwvw.bak1 
C:\Windows\system32\ppgru.bak1  

ssqrpqr.dll didn't want to be removed through Safemode or with Killbox software, so I used my BartPE (CD Bootable Linux) to load up, and delete the file no problem from the system. Vundofix.exe I've ran many times and each time no problems are detected. Attached is Combofix log, and HJT log files. Again thanks in advance!

 

Welcome to MajorGeeks.com!

Running VundoFix does not always remove the infection. It's best to manually remove it, doing it manually confirms you're removing everything.

Please follow the steps below and attach the requested logs.

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gifWhen you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy Log - only for Windows XP, 2K, & NT users
• AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
• Bitdefender Log - from step 6
• Panda Scan Log - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis Log

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Hello, thanks for your reply sorry it took some time to get back to you but I was away on a holiday retreat.

* CounterSpy Log - is attached
* runkeys.txt - attched
* newfiles.txt - attached
* HijackThis Log - attached next post

Panda Scan Log & Bitdefender Log, I've tired to run both of these several times overnight and each time they have locked up and not finished running their scans. I can run the again for you and try to get some results.

Everything that I found from the tutorial I've posted in the first post

 

Here is the Hijackthis.log file

Would you like me to keep trying to get the Panda and BitDefender's log files?

 

If you can yes please attach them, try to run them in Safe Mode if they do not work in normal mode.

Also, please run CounterSpy again and this time remove all found infections, attach the new log once complete.

Also, attach fresh logs from GetRunKey, ShowNew & HijackThis.

 

Here are some fresh log files for you,

Counterspy log is not attached because all it found was 4 cookies which I removed. All of the "viruses" listed by Panda and BitDefender have been removed.

 

Last 2 logs, ShowNew and GetRunKey

 

Sorry here is the bitdefender log file.

 

Wow todays not my day, heres the .html file just drop the .txt

Sorry about the excessive posts

 

Let's run ComboFix once more...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.
Once you complete the scan above, attach fresh logs from the below.

• GetRunKey
• ShowNew
• HijackThis
• ComboFix