Vundo Infection.

Discussion in 'Malware Help (A Specialist Will Reply)' started by bb3nn3tt, Nov 29, 2008.

  1. bb3nn3tt

    bb3nn3tt Private E-2

    Hello.
    I am new here. I read and tried to follow the (Windows XP Cleaning Procedure) steps listed in the forum.

    Yesterday I noticed a red X shield in my lower right hand task bar. It said my Automatic updates were turned off. It would not let me turn it on. I knew something was wrong then. About 20 minutes later I kept getting popups non stop. I scan my pc and my log showed I had Vundo infections and trojan-spy.vb.nb. I freaked out because I never had anything like that before.

    This morning I finished downloading all of the tools needed to scan properly from this site. I am afraid to reboot my pc, because it might not start back up. Below is my logs. Thanks.
     

    Attached Files:

    bb3nn3tt, Nov 29, 2008
    #1
  2. bb3nn3tt

    bb3nn3tt Private E-2

    Part 2 my MG log below. Thanks
     

    Attached Files:

    bb3nn3tt, Nov 29, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have run MBAM a few times and I would like to see this log:
    Code:
    C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mbam-l~1.txt  Nov 28 2008        3820  "mbam-log-2008-11-28 (22-57-51).txt"
    You need to use add/remove programs to uninstall:
    Viewpoint Media Player.

    Then use windows explorer to remove this:
    C:\Documents and Settings\All Users\Application Data\AVG8

    Now....Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now use windows explorer to find and delete:
    c:\windows\system32\drivers\cvkpicg.sys

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Nov 29, 2008
    #3
  4. bb3nn3tt

    bb3nn3tt Private E-2

    I searched and didn't see c:\windows\system32\drivers\cvkpicg.sys to delete it. Do I delete the fixME.reg from the desktop? Thanks.
     

    Attached Files:

    bb3nn3tt, Nov 29, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just one more item to find and delete:
    C:\WINDOWS\system32\setb0.tmp

    Let me know it you can delete that file and if so then we can clean up from the process:

     
    TimW, Nov 30, 2008
    #5
  6. bb3nn3tt

    bb3nn3tt Private E-2

    I deleted the file, so far I didn't have any more pop ups. Thank you so much.
     
    bb3nn3tt, Nov 30, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome...safe surfing. :)
     
    TimW, Nov 30, 2008
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds