virus

having trouble with virus (Vundo) comes up in windows defender also had virtumonde virus i think i my have sorted that been through your forum done the scans and other things now done a combofix please help as i am new to this!
i have attached a log from combofix hope you can help.[/ATTACH] log.spybot txt was the first log then log.txt 1 was the second.
:cry:cry

 

Hi evomit,
Welcome to Major Geeks!

Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs. Since you've already run Spybot and Combofix, you do not have to run these again, however, be sure that Spybot's Teatimer is disabled or it will prevent any changes from being made to your computer. When you finish and post us the remaining three logs (SuperAntiSpyware, MalwareBytes and MGlogs.zip), then we can give you some instructions specific to your computer.

Thanks.
abri

 

hi abri
how do you disable teatimer i cannot seem to find it on spybot, when you say post us the three remaining logs do you mean the two i have already done and a new one when i run combifix again


Yours Faithfully Evomit

 

Hi evomit,

In the READ & RUN ME link I posted to you in post 2, you'll see that the instructions continue on at the bottom of the page where you are asked to follow the procedures which are specific for your operating system. When you click on those instructions for your operating system, you will find the scans you are missing.

Teatimer will only be in Spybot if it got installed during the installation. Here are two different ways to diable it. If it's not installed, then it's not a problem:

To disable Spybot's TeaTimer:
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

 

hi i have only been able to malwarebytes and MGlogs, when i loaded superantispyware kept locking up when it was scanning left it for 5 hours and nothing had to keep going into windows task manager to close it down so i have run the other programs and attached the logs hope this is ok, if you want me to keep trying superantispyware i will.please let me know.

View attachment mbam-log-6-23-2008 (17-36-29).txt

View attachment mbam-info.txt

View attachment MGlogs.zip

Evomit:cry

 

Hi evomit,

Several things. First of all, it's likely that the reason you have malware is because you have an illegal copy of Nero. Please find some solution to this, because any work we do here will be negated by your using a keygen. It is the logic of keygen distributors to place vulnerabilities into the keygen so that they can break into your system knowing you won't go to the police. You might save a little money on the software, but your broken equipment and identity theft will cost you more in the end. It's not worth the money, but Nero is. After you finish here, please start a thread in the Software Forum and ask for suggestions for free alternatives or pay for the software.

Your MGTools didn't run. I will have you try them again, after you do the following:

Now I'm going to have you use ComboFix to remove some files.

• Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

DRIVER::
ljJBttTk
fccaxXrr


FILE::
C:\WINDOWS\system32\fccaxXrr.dll
C:\WINDOWS\system32\ljJBttTk.dll

REGISTRY::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BE7E4CE1-8CBA-44A6-956F-462A667D3286}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBttTk]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B17C485-FF77-40DF-ADED-F710DEA1FC5D}]

[-HKEY_CURRENT_USER\Software\Kazaa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\knight]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run CCleaner at the default setting with the Windows tab as the top one.

Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip along with the Combofix log. Be sure to let GetLogs.bat run all the way to the end. Run it by double-clicking on the GetLogs.bat file.


Let me know how things are running now?

abri

 

hi abri

im glad you found that keygen i didn't know they where dogie i bought it of e bay came in box and disk from now on i will not buy any software of ebay.or come to think of it anywhere else.

it seams to be running again properly here are the logs you have asked for hopefully that will be it if it is many thanks!!!

[/ATTACH] ps did you say you have a software forum?

 

hi abri

just to update you on the speed it seems to be slower than when i last started it after i ran all the tests and sent you the logs i also tried too run superantispyware and it froze when it found some problems and i had to close it down again the problems where 4 and it said registry cleaner trial which i download from www.downloads.com i also ran malwarebytes and didn't find any problems so i think im getting somewhere with your help that is i was also wondering would the ram i have be a problem do you think i sholud put some more in as because my laptop has 1Gb of ram and i think this has 512.

evomit:confused

 

hi abri

just to let you no another follow up after the other post i sent you scanned again with malwarebytes and something came up again i have attached the files its that dreaded Vundo again thought they'd gone don't know how they are getting in only turning on pc when i do the scans you ask for then turn it off and wait for your next instructions, I'm using my laptop to correspond what should i do next

View attachment mbam-log-6-27-2008 (14-00-03).txt

View attachment mbam-log-6-27-2008 (14-11-00).txt
:cry:cryconfused


Evomit

 

yes i am getting errors when i run it MGTools what should i be doing i thought what i was sending was ok what do you suggest sorry for being a pain in the butt!!!!

 

hi there

when i run the program mgtools analyze .exe it says on the screen its not recognized as internal or external comm:confusedand,operative program or batch file

 

download it from you do you think i should download it again and start again and it does fix things but it finds somthing else when i do a nother scan later on the last one was called a Trojan.Agent in System Volume Information:confused

 

sorry to last question where sholud it have gone mgtools that is

 

sorry timw i had saved it somwhere else download it onto the c drive no will start again

 

i seemed to work View attachment MGlogs.zip hope this helps

 

do you mean that my pc is clean?

 

or that its not run properly again?

 

hi to all at major geeks i like to say a big thankyou for helping me with the problems i had,and i think i have learnt alot at the same time!!!
thanks again and keep up the goo work if it wasnt for you people i dont no wher we wolud be probably by new pc and laptops every day hopefully thats it from me :major:wave