Vundo Infection, READ & RUN Completed

Hi and welcome.

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

Kes13!

 

1. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix exit HJT.

2. Please download Pocket Killbox


Now run Pocket Killbox by doubleclicking on killbox.exe

Choose Tools > Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time.

• C:\Windows\system32\hodaluho.dll
• C:\Windows\SysWOW64\kohebona
• C:\Windows\SysWow64\bularaja.dll

Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file.

Once you get to the last one click YES and it will reboot.

3. Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day)

• C:\Windows\TEMP
• C:\Users\Larcat\AppData\Local\Temp

4. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

5. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hi Larcat -

Were you able to run steps 1-3 successfully?
Tell me what is happening when you run Getlogs.bat. Were there any errors?

 

Hi there. Your mglogs.zip should be there.

Just enter C:\MGlogs.zip into the Manage Attachments forum and click upload.

I also suggest that you update SAS to the new version and get database updates and then also update MBAM. After updating, boot into safe mode and run FULL scans (not the quick scan) and attach the logs when you come back. Obviously the full scans are going to take alot longer to run than the quick scans, but I would like for you to run the full please