Vundo Trojan... and possibly some others? Help needed please!

Discussion in 'Malware Help (A Specialist Will Reply)' started by shleesh, Apr 29, 2008.

  1. shleesh

    shleesh Private E-2

    Hi all,

    I've been fighting with this pesky problem for about 2 weeks. I first noticed the popups when using Internet Explorer. The popups were for "Winfixer." Since about a week ago, my Internet Explorer doesn't work at all. I am unable to connect to any webpage. Right now, I'm using Firefox, which seems to be working fine (no popups even). I use Spysweeper and Norton 360. Norton has picked up trojan.vundo and vundo.b -- but doesn't seem to do anything with them. I also downloaded and ran the vundo fix, and it found nothing. I'm also getting an error message when booting up that says, "Error loading C:\Windows\system32\rujgptbx.dll - The specified module could not be found." The computer is also running quite sluggish, but I guess that's to be expected when there are viruses infecting the computer, eh?

    I've did all the steps in the READ & RUN ME FIRST and Vista Cleaning procedure files, with pretty much no problems except for the fact that I could not update virus definitions automatically. I had to resort to manually installing them except for Malwarebytes; I could not find anywhere to download just the definitions. I was wondering if that had something to do with my IE being disabled?

    Anyhow, I've attached the logs. Any help is MUCH appreciated. Thanks.
     

    Attached Files:

    shleesh, Apr 29, 2008
    #1
  2. shleesh

    shleesh Private E-2

    ...and here's the last one:
     

    Attached Files:

    shleesh, Apr 29, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Looks like you did not get all of MGtools to run properly. Did you follow the instructions properly? Especially the part mentioning HijackThis? Did you accept the TrendMicro license agreement when it popped up?

    Is your copy of Spy Sweeper a paid version or free trial?

    Now we need to use ComboFix as given below.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 29, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds