Vundo and Others

gypo9999 · Sep 2, 2008

I've cleaned up various issues with the Malware Removal Guide and i'd appreciate if somone could look at my logs and make a recommendation. System is now up and running but very sluggish. Also I recieve a fatal error message while trying to remove an old version of Java. Any help would be greatly appreciated!

gypo9999 · Sep 2, 2008

attatched is mglog.zip

TimW · Sep 2, 2008

You are basically clean all for a few items to deal with:

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 3
Viewpoint Media Player

Open notepad and copy and paste the following text in the quote box into the window:

sc stop AVPWM
sc delete AVPWM
Click to expand...

Save this as fix.bat
Choose to save as all files.
Doubleclick fix.bat and let the program run.
A small black dos window will flash, this is normal.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Kazaa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\knight]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-
Click to expand...

Make sure you get a success message.

Use windows explorer to find and delete:
C:\WINDOWS\system32\ren21.tmp
C:\WINDOWS\system32\ren22.tmp
C:\WINDOWS\system32\ren23.tmp

Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O23 - Service: Windows Device Host Service (AVPWM) - Unknown owner - C:\WINDOWS\system32\mui\avpsvc.exe (file missing)
Click to expand...

Make sure the above item is not there, but if it is click Fix, and then exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.

gypo9999 · Sep 6, 2008

Thanks so much for the help...also I'm very sorry that its taken so long for me to get back with results, but I've followed the recommendations and here are the logs you requested. Thanks Again!!!

gypo9999 · Sep 6, 2008

Seems like everything works well. The only issue I have right now is the long time it takes Internet Explorer to start and load its first page. After it loads the first page the subsequent pages load rather quickly.

TimW · Sep 6, 2008

Your logs are clean......( you may wish to try a different browser ).....
If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.

If we used Pocket Killbox during your cleanup, do the below

* Run Pocket Killbox and select File, Cleanup, Delete All Backups

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combo-fix folder from combofix.

If we had you run Avenger, you can delete all files related to Avenger now.

If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Click to expand...

gypo9999 · Sep 6, 2008

Just want to thank you again for the help...computer is running better than new.

TimW · Sep 6, 2008

You are most welcome....safe surfing.

Log in or Sign up

Vundo and Others

gypo9999 Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 09-01-2008 - 21-27-25.log

mbam-log-09-02-2008 (00-21-44).txt

ComboFix.txt

gypo9999 Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gypo9999 Private E-2

Attached Files:

MGlogs.zip

gypo9999 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gypo9999 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member