VundoFix V6.7.7 didn't remove all infected files

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by espy, Jan 23, 2008.

  1. espy

    espy Private E-2

    I got infected with some trojans and virus from MSN. I had installed Spybot, AdAware 2007 and AntiVir, but they only found some and didn't manage to remove them completely. I tried Kaspersky which found more but could only delete some of them temporary until I restarted the computer.

    I found your page and have run Ccleaner, Kaspersky again, Spybot, VunduFix and TweakNow RegCleaner. It helped, but VunduFix could not remove all files and the laptop is still infected. I don't dare to connect it to Internet because the trojan tries to connect all the time to do more harm.

    This is the viruses and trojans the different program has found:

    TR/Drop.Agent.* or Trojan-Dropper.Win32.Agent.dgo
    Virtmondu or Vundo

    MSN was infected so I have uninstalled all MSN and deleted all files from MSN. That was Win32!Traits or something similar.

    Can someone help me get rid of this trojan/virus?
     

    Attached Files:

    espy, Jan 23, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!


    As you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just running Vundofix will likely not remove all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    DavidGP, Jan 23, 2008
    #2
  3. espy

    espy Private E-2

    Combofix found rootkit/stealth malware detector by Gmer

    Thank you.

    I read this article and did what it said. That's why I run Vundufix, because I knew what some of the virus I got, not all. Now I have completed all steps and combifix found and deleted the file vundufix didn't. But it found a rootkit/stealth malware detector by Gmer - catchme 0.3.1344 W2K/XP/Vista. SpyBot, AVG Anti-Spyware and Kaspersky don't find anything more, but this rootkit, I don't know if it's removed or not.

    I got the virus, trojan all the stuff Saturday 19th of January by accidently clicking a link from a friend on MSN about facebook. The computer was on internet for a little while before I disconnected it. First I ran online scanners from Symantic Norton and Kaspersky which both found virus and trojans. Unfortunately they uses IE explorer and you have to be online for a while which can give the trojan time to download things. After these to scans I have only been online for few seconds a time to only update Kaspersky or transfer files to my desktop over the network.

    I have not attached any log from AVG Anti-Spyware since it did not find anything.

    Can you help me get rid of the last part or maybe the root of the problem?

    Thank you so much for your help.
     

    Attached Files:

    espy, Jan 24, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I'm not seeing any malware.
    C:\WINDOWS\system32\ddcdeeb.dll ---> no longer in your logs/system.
    In ComboFix:
    Gmer - catchme 0.3.1344 W2K/XP/Vista. That just the process...not a rootkit.

    You need to uninstall your old Java thru add/remove programs:
    J2SE Runtime Environment 5.0 Update 10"
    "J2SE Runtime Environment 5.0 Update 2"
    J2SE Runtime Environment 5.0 Update 6"
    Java(TM) 6 Update 2"
    Java(TM) SE Runtime Environment 6 Update 1

    Are you still having problems?
     
    TimW, Jan 24, 2008
    #4
  5. espy

    espy Private E-2

    No more problem so far.

    Thank you for your information and help. You are a blessing! Thank you for your work!
     
    espy, Jan 25, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are quite welcome .....If you are not having any other malware problems, it is time to do our final steps:

    1. If we used Pocket Killbox during your cleanup, do the below
    * Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    7. If we had you run Avenger, you can delete all files related to Avenger now.
    8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    10. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    11. After doing the above, you should work thru the below link:
    * How to Protect yourself from malware!
     
    TimW, Jan 25, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds