Troajn.Vundo Removed?

tubbsbright · Aug 9, 2008

Hi all,

I caught a lil' Vundo virus doing something naughty (torrents) and I think I got it removed, but I'm not totally sure. My story so far...

1. Windows Defender catches and blocks "trojan:win32/vundo.gen!h"
2. I install BitDefender Trial, it blocks/deletes trojan.vundo.FEV on various instances.

(up to this time the computer has been running OK...Firefox crashes when I close it out and my screen resolution/monitor zoom is a bit funky when I reboot, but there haven't been any pop-ups or anything too weird.

3. I ran all the step in the Vista cleaning procedures...here are my logs.

Do I still have it? Did the Vista cleaning remove it? Here are the first 2 logs. 2nd 2 to follow.

THanks in advance for any help.

tubbsbright · Aug 9, 2008

2nd 2 logs.

tubbsbright · Aug 9, 2008

Try that again with the attachments this time.

TimW · Aug 10, 2008

Not seeing much of anything significant....let's clean up a few things.

Please disable the guest account in user accounts if you haven't already.

Use windows explorer to find and delete:
C:\ProgramData\BM1394a746.txt
C:\ProgramData\bm1394~1.xml
C:\ProgramData\WildTangent

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"PendingFileRenameOperations"=-
Click to expand...

Tell me what issues you are still having.

tubbsbright · Aug 10, 2008

Re: Trojan.Vundo Removed?

Thanks for writing back....

I deleted those files, and ran the fixME.reg thing.

I haven't seen anything on Bitdefender scans since I ran all those steps from the ReadMe- but the PC is still a little funky:

1. iTunes started giving me this message "ipodservice module stopped responding" ((that's OK...Im sick of itunes and ready to try Foobar))

2. Firefox still crashes when I close it sometimes (crash report window comes up.-not a big deal)

3. and the zoom on the monitor seems to be different everytime I restart. (havent tried to reinstall video driver yet)

All in all its up and running fine..just those few annoying quiggles. I'll keep you posted if I find anything more regular. Also, bitdefender is new to me and I blocked some fishy stuff: wermrg.exe, winlogon.exe, some svchost.exe's, .\system(?)

TimW · Aug 11, 2008

I'm not sure what you may have stopped with bitdefender ....some may be legit. I would suggest that you post in the software forum to explore the other issues.

If you are not having any other malware problems, it is time to do our final steps:

You can uninstall SUPERAntiSpyware now.

We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combo-fix folder from combofix.

If we had you run Avenger, you can delete all files related to Avenger now.

If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Click to expand...

tubbsbright · Aug 13, 2008

Done, done...and d--woops. I saved ccombo fix to the desktop but didnt install it there- I'll have to reset the folder settings manually.

TimW · Aug 14, 2008

You can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs

Log in or Sign up

Troajn.Vundo Removed?

tubbsbright Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 08-07-2008 - 21-17-45.log

mbam-log-8-7-2008 (22-08-14).txt

tubbsbright Private E-2

tubbsbright Private E-2

Attached Files:

MGlogs.zip

ComboFix (2).txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

tubbsbright Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

tubbsbright Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member