Can't remove TROJ_VUNDO.ANL found on my PC [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Can't remove TROJ_VUNDO.ANL found on my PC [Solved]

Options

Teddy Ted View Member Profile	May 1 2009, 05:11 AM Post #1
New Member Posts: 6 OS: Windows XP SP2	Hey guys, I've tried to remove this malware (TROJ_VUNDO.ANL) with several programs (Trend Micro housecall 6.5 online, Superantispyware, Comodo, Malwarebytes) but none worked. Therefore I decided to ask for some professional help. Here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:56:21 PM, on 5/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Software\Comodo\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Software\AsusDVD\PDVDServ.exe D:\Software\COMODO~1\BOC425.exe D:\Jocuri\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Software\RivaTuner v2.21\RivaTuner.exe D:\Software\Comodo\COMODO Internet Security\cfp.exe D:\Jocuri\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ctfmon.exe D:\Jocuri\DAEMON Tools Lite\daemon.exe D:\Software\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\svchost.exe D:\Software\ComodoBOClean\BOCORE.exe D:\Jocuri\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Firefox\firefox.exe D:\Jocuri\Java\jre6\bin\java.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Maria\LOCALS~1\Temp\Rar$EX00.032\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 86.121.4.105:80 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll F3 - REG:win.ini: load= F3 - REG:win.ini: run= O1 - Hosts: 75.125.177.50 l2authd.lineage2.com O1 - Hosts: 75.125.177.50 l2testauthd.lineage2.com O1 - Hosts: 216.107.250.194 nprotect.lineage2.com O1 - Hosts: 216.107.250.194 update.nprotect.com O1 - Hosts: 216.107.250.194 update.nprotect.net O2 - BHO: (no name) - {0140E6A5-5103-4FAD-906B-5535E0B8B10b} - C:\WINDOWS\system32\tnbijehy.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Jocuri\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Jocuri\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {6C1BE049-16A8-442F-8C8C-9D79C90820AF} - c:\windows\system32\ebqtqug.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Software\Free Download Manager\iefdmcks.dll (file missing) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Jocuri\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Jocuri\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] D:\Software\AsusDVD\PDVDServ.exe O4 - HKLM\..\Run: [BOC-425] D:\Software\COMODO~1\BOC425.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [YSearchProtection] "D:\Jocuri\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Software\RivaTuner v2.21\RivaTuner.exe" /S O4 - HKLM\..\Run: [RivaTuner] "D:\Software\RivaTuner v2.21\RivaTuner.exe" /T O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\QT\qttask.exe" -atboottime O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Software\Comodo\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Jocuri\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Jocuri\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Search Protection] D:\Jocuri\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [RGSC] D:\Jocuri\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Software\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Jocuri\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Software\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Software\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://D:\Software\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Jocuri\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188500935484 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - D:\Software\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ivujxwjz - C:\WINDOWS\SYSTEM32\ebqtqug.dll O20 - Winlogon Notify: urqQkiff - urqQkiff.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BOCore - COMODO - D:\Software\ComodoBOClean\BOCORE.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Software\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Jocuri\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 11210 bytes Should you need more information, please let me know. If there is any other post which could help me to remove the infection, please post it here the link (there are a lot and I don't know what exactly to look for on this forum). Thanks in advance for your help. TT

Posts in this topic

Teddy Ted Can't remove TROJ_VUNDO.ANL found on my PC [Solved] May 1 2009, 05:11 AM

CatByte Hi, Please do the following: Download ComboFix f... May 1 2009, 02:37 PM

Teddy Ted Thanks for the quick reply! Here it is the log... May 1 2009, 04:55 PM

CatByte Hi, Please do the following: Very Important... May 1 2009, 05:09 PM

Teddy Ted Hi again, And thank you again! I performed th... May 2 2009, 01:32 AM

CatByte Hi, Please do the following STEP #1 Please downl... May 2 2009, 04:51 AM

Teddy Ted Ok, here we go: GOOREDFIX: GooredFix v1.92 by jp... May 2 2009, 11:05 AM

CatByte Hi, Things look good, One more scan to make cert... May 2 2009, 12:13 PM

Teddy Ted It looks like it found something. Here it's th... May 3 2009, 05:22 AM

CatByte Hi, Not to worry, all those items are already in ... May 3 2009, 05:44 AM

Teddy Ted Thank you very much for your time spent with my is... May 3 2009, 06:29 AM

CatByte Hi, QUOTE just to be sure if I still have to get ... May 3 2009, 06:41 AM

CatByte Since this issue appears to be resolved ... this T... May 6 2009, 07:24 AM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Hardware, Components and Peripherals Can't get the audio working on my PC.	4 / 629	25th October 2006 - 03:43 AM Quimbly started - last by Quimbly
Windows Vista� and Windows 7� Vista- can't log in as admnistrator on my pc	2 / 2,856	5th April 2008 - 06:25 AM dbfarm started - last by dbfarm
Virus, Spyware and Trojan Removal Can't connect to the internet on my PC	1 / 590	20th June 2008 - 08:09 PM tenners started - last by tenners
Virus, Spyware and Trojan Removal Epic lag on my pc [Solved]	17 / 424	7th August 2009 - 06:17 PM ImWatchingYou started - last by JSntgRvr