Home > Need Help > Need Help - Vundo.gen Malware - Logs Posted

Need Help - Vundo.gen Malware - Logs Posted

Back to top #20 extremeboy extremeboy Malware Response Team 12,975 posts OFFLINE Gender:Male Local time:04:46 AM Posted 08 March 2009 - 02:46 PM Hello.What seems to be the problem? REG.EXE VERSION 3.0HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1 QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime cmds REG_SZ rundll32.exe C:\WINDOWS\system32\urqQgFyW.dll,c----------------------- HKLM\MSCONFIG KEY ----------------------------------- Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? True story - Barney Stinson Its gonna be legen.. useful reference

Error code: 2S136/C Contact Us Existing user? If you’re using Windows XP, see our Windows XP end of support page. If you need this topic reopened, please send a Private Message to any one of the moderating team members. This has to do with the way Vundo infects the memory. http://newwikipost.org/topic/mCfJFBb3o72dAMLsGP16SZKB97aBMtIh/Need-help-Vundo-gen-malware-logs-posted.html

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. This has to do with the way Vundo infects the memory. I will move on to the next post and see how that works Like Show 0 Likes(0) Actions 9. VirusScan will never get rid of Vundo in a month of Sundays.

This is normal please do not panic. Several functions may not work. These are all legitimate Windows programs that are injected with the virus code in attempts to replicate and protect itself. The user says they are having a hard time getting rid of Vundo, which seems to me that detection is occurring just not getting cleaned all the way.

Run 1st command as Jennifer? Reboot immediately if asked to.http://www.superantispyware.com/superantispywarefreevspro.htmlhttp://www.malwarebytes.org/mbam.phpIf that fails then download Hijackthis and post its log on one of the following forums for expert help:DOWNLOAD HIJACKTHIS Do not post the log here, we i need help TR/Vundo.Gen Started by iylegacy , Dec 16 2007 09:01 PM Please log in to reply #1 iylegacy Posted 16 December 2007 - 09:01 PM iylegacy New Member Member https://community.mcafee.com/thread/18674?tstart=0 You now appear clean!

When shown the disclaimer, Select "2"This will remove files/folders assoicated with combofix and uninstall it.Download and Run OTCleanItWe will now remove the tools we used during this fix.Download OTCleanIt by OldTimer This document was written by McAfee Labs (formerly AVERT).WHO DAT 7-0Thanks for the heads up Brit. I would suggest in addition to using a McAfee scanner to also check your computer with MalwareBytes (www.malwarebytes.org/mbam.php). However, I will still like to see a new pair of DDS logs before we cleanup and I let you go, okay?

Re: How to get rid of vundo.gen.ab Rsteven1 Nov 6, 2009 8:35 AM (in response to Peter M) Virus Scan WILL get rid of Vundo as long as it's not Sign in to follow this Followers 0 Go To Topic Listing Malwarebytes 3.0 Recently Browsing 0 members No registered users viewing this page. Don't forget to tell your friends about us and Good luck If you have no more questions, comments or problems please tell us, so we can close off the topic.Thanks With Several functions may not work.

Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, see here This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. or read our Welcome Guide to learn how to use this site. Restart your computer when prompted.Congratulations!

Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. We will move that back and it should work again Create and Run batch scriptCopy the following into a notepad (Start>Run>"notepad"). Share this post Link to post Share on other sites This topic is now closed to further replies. this page Check out the forums and get free advice from the experts.

ProxyServer = 132.145.10.9:8080 Share this post Link to post Share on other sites screen317    Research Team Moderators 19,453 posts Location: CT ID: 3   Posted July 7, 2010 Due to Oh, running Windows XP SP3 Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:19:37 AM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\Program It uses a combination of methods and heuristics to make it have a better detection rate of Vundo.

Physically power the machine off and back on (a hard reset is required as Windows will not shutdown without Winlogon.exe running, and resuming that process will revert the changes made by

Message was edited by: Ex_Brit on 11/6/09 10:25 AM Like Show 0 Likes(0) Actions 6. jmisterActiveScan.txtmbam_log_2009_01_03__14_24_54_.txtActiveScan.txtmbam_log_2009_01_03__14_24_54_.txt Share this post Link to post Share on other sites Tigger93    Forum Deity Experts 1,668 posts ID: 2   Posted January 3, 2009 Hello.Please read and follow the instructions Re: How to get rid of vundo.gen.ab Peter M Nov 6, 2009 11:25 AM (in response to Rsteven1) Rsteven1 wrote: Virus Scan WILL get rid of Vundo as long as it's Re: How to get rid of vundo.gen.ab Rsteven1 Nov 5, 2009 10:12 PM (in response to Peter M) Cleaning VundoRemoving a Vundo infection is often difficult, due to the in-built protection

Several functions may not work. If that's the case let's enable Artemis with "high sensitivity" and Virus Scan can do the same. Jump to content Resolved Malware Removal Logs Existing user? Get More Info The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms This threat is a member of the Win32/Vundo family.

Post the logs at a specialist Forum: AUMHA FORUM BLEEPING COMPUTER FORUM GEEKS TO GO FORUM MAJOR GEEKS FORUM MALWAREBYTES FORUM MALWARE REMOVAL FORUM SPYWAREHAMMER FORUM SPYWARE INFO FORUM WHAT THE When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #17 therealmrbig therealmrbig Topic Starter Members 24 posts OFFLINE Local time:03:46 AM Posted 08 March 2009 Please re-enable javascript to access full functionality.

The user says they are having a hard time getting rid of Vundo, which seems to me that detection is occurring just not getting cleaned all the way. Re: How to get rid of vundo.gen.ab Peter M Nov 6, 2009 5:58 AM (in response to Rsteven1) The person said they are new at this..Rsteven1 wrote:3. Register now to gain access to all of our features, it's FREE and only takes one minute. Show 19 replies 1.

or read our Welcome Guide to learn how to use this site. Back to top #21 therealmrbig therealmrbig Topic Starter Members 24 posts OFFLINE Local time:03:46 AM Posted 08 March 2009 - 02:46 PM Removed expand command and reran Fix.bat as Jennifer... Started by jmister, January 3, 2009 2 posts in this topic jmister    New Member Topic Starter Members 1 post ID: 1   Posted January 3, 2009 My PC has been Do not copy the word "code". @Echo off Echo [color=orange]----------------------- HKLM\RUN KEY -----------------------------------[/color] > C:\looking.txt reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" >> C:\looking.txt Echo [color=orange]----------------------- HKCU\RUN KEY -----------------------------------[/color] >> C:\looking.txt reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" >>

The virus has evolved to a point where the infections load in explorer.exe, lsass.exe, and rundll32.exe in addition to the original winlogon.exe and iexplorer.exe processes. Re: How to get rid of vundo.gen.ab secured2k Nov 6, 2009 11:40 AM (in response to marchant) Hello,Years ago I created a tool (that should not be used anymore) called VirtumundoBeGone Please re-enable javascript to access full functionality. Launch the VirusScan On-Demand Scanner (ODS), or the command-line scanner, but don't initiate the scan yet4.