Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo... [RESOLVED]


  • This topic is locked This topic is locked

#46
Cathy J

Cathy J

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
back in safe mode. would not work in normal mode. Since winsock wont run do you want me to go ahead with the Kasperky scan in safe mode?
  • 0

Advertisements


#47
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes just try to run it in Safe Mode and post that log.
  • 0

#48
Cathy J

Cathy J

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
2008-01-27 14:57
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534224


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 65569
Number of viruses found 17
Number of infected objects 50
Number of suspicious objects 0
Duration of the scan process 00:36:23

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\btmrpiaw .exe.bac_a01012 Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\btmrpiaw.exe.bac_a01012 Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\gamadril20071203[1].bac_a01012 Infected: Backdoor.Win32.Agent.dbm skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\geebx.exe.bac_a01012 Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\m.bac_a01012 Infected: Trojan-Downloader.Win32.Agent.hvx skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mrofinu572.exe.bac_a01012 Infected: Trojan-Downloader.Win32.Agent.hvx skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mrofinu572.exe.tmp.bac_a01012 Infected: Trojan-Downloader.Win32.Agent.hvx skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\urqpoop.dll.bac_a01012 Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\windows.bac_a01012 Infected: Trojan.Win32.Zapchast.dt skipped

C:\Documents and Settings\Administrator\Desktop\[4][email protected]/geebx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

C:\Documents and Settings\Administrator\Desktop\[4][email protected]/xyzhcuog.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped

C:\Documents and Settings\Administrator\Desktop\[4][email protected] ZIP: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

C:\Documents and Settings\Cathy Smith\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Cathy Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Cathy Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Cathy Smith\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Cathy Smith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Cathy Smith\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Cathy Smith\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\23.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2924.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2925.tmp Infected: Trojan.Win32.Zapchast.dt skipped

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\backup\TMP2.RB0 Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan.Win32.Scapur.k skipped

C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir Infected: Trojan.Win32.Agent.edq skipped

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.hvj skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\p33.sys.vir Infected: Rootkit.Win32.Agent.to skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jivnkktf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cge skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP26\A0001841.exe Infected: Trojan-Downloader.Win32.Agent.hvx skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP27\A0001914.exe Infected: Trojan-Downloader.Win32.Adload.pr skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003004.exe/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003004.exe/data0003 Infected: Trojan-Downloader.Win32.Small.hsg skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003004.exe/data0005/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003004.exe/data0005 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003004.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004294.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005312.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005316.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005330.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005340.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006351.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006372.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006387.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006400.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0007400.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008412.exe Infected: Trojan-Downloader.Win32.Agent.hvx skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008413.exe Infected: Trojan-Downloader.Win32.Agent.hvx skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008415.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009651.exe Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009681.exe Infected: Trojan-Downloader.Win32.Agent.hvj skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009683.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009686.exe Infected: Trojan.Win32.Agent.edq skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009744.exe Infected: Trojan-Downloader.Win32.VB.cge skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009745.sys Infected: Rootkit.Win32.Agent.to skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#49
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok a little left to go. :)

Go to these locations and delete everything present there :
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine

After that delete this folder off of your desktop>C:\Documents and Settings\Administrator\Desktop\[4][email protected]
====================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that are left over.
========================================================
And as far as malware you are clean after that. :)


As for the other problem let's try this
Go to Start Right Click on the My computer icon and then choose manage
Then in the left hand pane that comes up choose Device Manger
Then click on the plus sign next to Network Adapters.
Right click on the network adapter that you use (not the 1394 one) and then choose uninstall.
Click yes at the prompt then reboot into normal mode (it should reinstall the network controller or Ethernet adapter) then after it does that try to connect to the internet again let me know how it goes.
  • 0

#50
Cathy J

Cathy J

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
After doing it all....I still cant connect to internet in normal mode. :) I still have faith. By the way, hope your day is going well with family! Will wait for the next post from you on what you want me to do next.... :)
  • 0

#51
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Try to disable your firewall and see if that helps.
  • 0

#52
Cathy J

Cathy J

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
WOW.....I had to disable my pc cillin and now am using the windows firewall in order to connect in normal mode....IM on but with no virus protection at the moment.....HELP....any suggestions there?? Avast??????? I am not sure how to do it. But you Mr Geek Guy Hero seemed to have fixed the problems!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! :)
  • 0

#53
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Awesome.
I had a feeling that was it. :)

In My opinion I would get rid of PCCillin.
You can download AVG free or Avast .
Ad if you want another firewall you can download the Comodo Firewall


This link will explain how to use firewalls to better understand them, Firewall tutorial

After that you are good to go. :)
  • 0

#54
Cathy J

Cathy J

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
What can I say here.....I am not even sure words can say it! The work and time that you put in here to help me and so many others is just amazing. To me it was a major thing...you made me feel so at ease through fixing it all..... All I can add to that is THANK YOU FROM THE BOTTOM OF MY HEART! To you, :) I think many good things will always be returned!!!!! Hugs to you and your precious family!!!!!!! MY NUMBER ONE GEEK HERO!
  • 0

#55
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are kind it was my pleasure and I enjoy killing malware as it comes.

Safe surfing and God bless you and yours. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements


#56
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP