Vundo Virus recently removed - P.C. V Slow

Hi

Recently my p.c. went into the shop virused out. The tech guy sent it back to me thinking it was fixed. After receving it back I ran various antispyware and found and removed Vundo virus. When talking to the tech guy at the shop about this he said that was also the virus that he had removed from my p.c.

The p.c. worked a little better for awhile and then went back to real slow browsing. Corrupted downloads and generally really slow at opening and closing windows. Programs appearing to freeze. I am left with the feeling that something is not quite right still.

I have followed all the advice from the Malware removal Guide. Malwarebytes, Spybot and and SuperSpyware remover all came up with nil malware found. I ran these all in safe mode.

I tried to download Combofix.exe from the major Geeks link however got the message that the version had expired. When searching on the internet I could not find it.

I ran MG Tools.exe and am attaching the log.

Can you see if there is anything still remaining that is causing my feeling of something not being quite right.

Many thanks

 

Hi mjkohler,
Welcome to Major Geeks!

Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs. When you go through these instructions, you'll find the links you need to current versions of the software.

Thanks!
abri

 

Hi Abri

Thank you for your reply.

I am almost at a loss what to reply.

I did follow all the instructions letter for letter except for posting the logs for malwareantibytes, superantispyware and spybot. These logs were not posted as they were all clear. However I am attaching them now except for the spybot which i cannot locate.

Amazingly when I retried Combo fix today (after downloading, renaming it and attempting to load it twice yesterday) it worked!!!:-D

I do apologize if I tried to fasttrack by not posting the logs for malwarebytes, superantispyware and spybot yesterday.

I look forward to your reply.

BTW MGlogs.zip was attached to my posting yesterday.

Many Thanks

 

Hmmmmm

 

Hi mjkohler,

Your log for HijackThis shows that it was run in safe mode. We generally don't have people run the scans in safe mode, because we get a better picture of the running processes when the computer is in normal mode.

I'll give you some instructions and then have you rerun the MGtools scan in normal mode so I can see if we missed anything.

1) Please go to the following two folders and delete anything Windows will allow you to delete:

C:\WINDOWS\Temp\
C:\Documents and Settings\Owner\Local Settings\Temp\


2) Open your Windows Live Messenger, go to Help -> Customer Experience Improvement Program and turn it off. Then go to C:\ and delete all the files with this structure: sqmnoopt12.sqm and sqmdata10.sqm


3) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9} - (no file)
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - (no file)
O20 - Winlogon Notify: pmnkijKB - pmnkijKB.dll (file missing)

After you click fix, just close hijackthis.


5) Download and install Erunt. Use it to create a backup of your registry.

6) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files". Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

7) Now run CCleaner at the default setting with the Windows tab as the top one.

8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

 

Hi Abri

Thank you for your help.

P.C. seems to be back on track I will monitor it over the next couple of days. I certainly feel a lot more comfortable about it knowing that someone can advise me.

Many thanks again for your help.

I am attaching the latest MGLog.zip

 

Hi mjkohler,

I'll post you the final cleanup instructions. This will remove all the tools and logs we had you put on your computer. If there are some you might want to keep, you might wish to look through the link at the end called "How to protect yourself from malware" so you can see this site's recommendations on which combination will best protect you for the least aomount of resources. I do not advise keeping the MGTools, because they are constantly being updated, and you can get the newest version here anytime. Due to the infection you had, I do recommend resetting your restore points. The instructions for that are in those I'll post to you here:

abri