Home > Vundo Trojan > Vundo Trojan Help (hijackthis Log Included)

Vundo Trojan Help (hijackthis Log Included)

Thank you! Please re-enable javascript to access full functionality. Thanks in advance, here's my log:Logfile of HijackThis v1.99.1Scan saved at 5:44:26 PM, on 6/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program One was found in my LocalSettings\temp folder while the other was found in LocalSettings\TemporaryInternetFiles\Content.ie5\x ciscg81. this contact form

scanning hidden autostart entries ...scanning hidden files ... Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump Open notepad and copy/paste the text in the quotebox below into it:File::C:\WINDOWS\~DF1CD4.tmpC:\WINDOWS\~DF35C7.tmpC:\WINDOWS\~DFC01C.tmpC:\WINDOWS\~DF7F09.tmpC:\WINDOWS\CGMINIVW.HLPC:\WINDOWS\system32\qaqwmdvf.dllC:\WINDOWS\system32\rudkwtnr.dllC:\WINDOWS\system32\RCX259.tmpC:\WINDOWS\mrofinu72.exe.tmpC:\WINDOWS\system32\L24D7.tmpC:\WINDOWS\system32\LF0B7.tmpC:\WINDOWS\system32\byxvtqp.dllC:\WINDOWS\system32\L7EE9.tmpC:\WINDOWS\system32\L552A.tmpC:\WINDOWS\system32\L7CE6.tmpC:\windows\~DF1CD4.tmpC:\windows\~DF35C7.tmpC:\windows\~DFC01C.tmpC:\windows\~DF7F09.tmpRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b0979f5-3c0c-11db-9414-806d6172696f}]RenV::----a-w 125,528 2008-01-22 19:30:12 C:\Program Files\Common Files\AOL\1157372527\EE\AOLHostManager .exe----a-w 125,528 2008-01-22 19:31:03 C:\Program Files\Common Files\AOL\1157372527\EE\AOLHOS~1 .EXE----a-w 79,448 2008-02-08 20:04:16 C:\Program Files\Common Page 1 of 2 1 2 > Topic Tools #1 September 29th, 2008, 10:57 PM InfernalRage New Member Join Date: Jun 2008 Posts: 29 Trojan HiJackThis Log

Loading... When the tool is finished, it will produce a report for you. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Then uncheck "Turn off System Restore" which will create a new System Restore Point.7.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Agent) -> Quarantined and deleted successfully. Windows 7 Pro 64 bit NSBU 22.9.0.71 IE 11 bjm_ Guru Norton Fighter25 Reg: 07-Sep-2008 Posts: 13,891 Solutions: 283 Kudos: 2,038 Kudos0 Re: HijackThis Log concerning Trojan Vundo Posted: 03-Aug-2010 | C:\Documents and Settings\User1\Local Settings\Application Data\Mozilla\Firefox\Profiles\84sf4f64.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.File delete failed. Record Number: 25993 Source Name: Service Control Manager Time Written: 20081206225920.000000-480 Event Type: information User: Computer Name: SX260 Event Code: 7035 Message: The Network Location Awareness (NLA) service was successfully sent

HijackThis can be accidently deleted if it is in a Temp folder.How to do this:Click My Computer, click C:\right click in an empty place and click, new - Folder.Now you've create That may cause it to stall 0 Advertisements #11 cocacola23 Posted 08 February 2008 - 07:55 PM cocacola23 Member Topic Starter Member 15 posts Problem solved! Back to top #4 Mieke Mieke HJT Helper Retired Staff - Helper 265 posts Posted 03 July 2007 - 08:53 AM Hi GACGustie, * Please copy and paste this post into https://forums.malwarebytes.com/topic/13863-help-with-removal-of-vundogrb-hijackthis-log-included/ C:\WINDOWS\system32\jgqhxvbr.dll (Trojan.Vundo.H) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:48:56 AM, on 6/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe Ask the experts! Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{11e02549-ad5f-462e-85df-6c555c757c8e} (Trojan.Vundo.H) -> Delete on reboot. Edited by GACGustie, 03 July 2007 - 05:36 PM.

C:\WINDOWS\system32\wexwguyf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. http://myantispyware.com/forum/trojan-vundo-strikes-again-hijackthis-log-included-t1162.html I did a System Restore, but the only one available was one from today. The McAfee is from an accidental download of a security scan included when I was downloading Adobe Reader 9 from www.adobe.com. I would appreciate it if someone could take a look at it and let me know if they see anything.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:13:03 PM, on 8/2/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Windows weblink Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List Check out the forums and get free advice from the experts. failed to deleteC:\windows\system32\fvdmwqaq.iniC:\windows\system32\hsnnkkbw.iniC:\windows\system32\ittrakkn.dllC:\windows\system32\mcrh.tmpC:\WINDOWS\system32\nkkartti.iniC:\windows\system32\qfoungnq.iniC:\windows\system32\RCX33.tmpC:\windows\system32\RCX36.tmpC:\windows\system32\RCX63.tmpC:\windows\system32\RCX6A.tmpC:\windows\system32\RCX6E.tmpC:\windows\system32\RCX6F.tmpC:\windows\system32\RCX72.tmpC:\windows\system32\RCX76.tmpC:\windows\system32\RCX79.tmpC:\windows\system32\RCX7F.tmpC:\windows\system32\RCX86.tmpC:\windows\system32\RCX89.tmpC:\windows\system32\RCX8A.tmpC:\windows\system32\RCX8B.tmpC:\windows\system32\RCX8C.tmpC:\windows\system32\RCX91.tmpC:\windows\system32\RCX9E.tmpC:\windows\system32\RCXA1.tmpC:\windows\system32\RCXA2.tmpC:\windows\system32\RCXA3.tmpC:\windows\system32\RCXCA.tmpC:\windows\system32\shyrbqij.dllC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXEC:\windows\system32\sscvcerp.iniC:\windows\system32\tmcrbrxo.dllC:\windows\system32\uktsswfe.dllC:\windows\system32\vihibrad.dllC:\windows\system32\vshndfiu.dllC:\windows\system32\vvvwa.iniC:\WINDOWS\system32\vvvwa.ini2C:\windows\system32\win32.exeC:\windows\system32\xiufytxk.dllC:\windows\system32\xlmdmblx.dllC:\windows\system32\xoeqjxwi.dllG:\Autorun.inf

 C:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXE ---> C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE ---> C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE 
..((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_NTNDIS-------\ntndis((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))).2008-02-08 15:39 . 2004-08-10 14:00

I would appreciate it if someone could help me find the files in need of removal or repair. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, danoo94, Sep 1, 2016, in forum: Virus & Other Malware Removal Replies: 1 Views: 500 dbreeze Sep 3, 2016 New help with hijackthis logs markythesparky, Aug 17, 2016, in forum: Virus navigate here Register now to gain access to all of our features, it's FREE and only takes one minute.

C:\Documents and Settings\Name\Local Settings\Temporary Internet Files\Content.IE5\XCISCG81\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. Are you looking for the solution to your computer problem? All UsersClick OKPress the CleanUp!

Only when I did a full system scan on my computer with MalwareBytes, it told me of Vundo's existence.

Stefahknee, Oct 4, 2016, in forum: Virus & Other Malware Removal Replies: 0 Views: 243 Stefahknee Oct 4, 2016 In Progress Help diagnosing Hijackthis log, thanks! Back to top #7 Mieke Mieke HJT Helper Retired Staff - Helper 265 posts Posted 04 July 2007 - 07:31 AM Hi GACGustie, * Please open notepad and copy/paste the text If CTH has helped you, please consider liking and sharing us on Facebook Search Forums Show Threads Show Posts Advanced Search Go to Page... It seems as though Trojan Vundo has made its way back onto my computer.

I'm running SUPERAntiSpyware to make sure everything is gone, and it seems to be so far. Cool ! Free Antispyware: HijackThis, AdwCleaner, JRT, Combofix, Super Antispyware, Malwarebytes Anti-malwareInstructions: Show hidden files, Reboot in Safe Mode, How to backup Windows registry------------------------------Follow us on Facebook. http://controlpanelsource.com/vundo-trojan/vundo-trojan-problems-please-help.html Back to top Back to Resolved or inactive Malware Removal 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear SpywareInfo Forum →

Success always occurs in private and failure in full view. When the PC restarts the SDFix will run again and complete the removal process It then displays Finished Press any key to end the script and load the Desktop icons. InfernalRage View Public Profile Find all posts by InfernalRage #5 September 30th, 2008, 06:49 AM InfernalRage New Member Join Date: Jun 2008 Posts: 29 OTListIT Report (Part 1)