Vundo trojan, help needed! [RESOLVED]
Started by
yesman72
, Apr 08 2008 09:18 AM
#16
Posted 10 April 2008 - 10:00 AM
#17
Posted 10 April 2008 - 10:29 AM
OK, here's log the BEFORE items removed. I got the swedish version of the Maleware, I hope you still can figure it out or let me know otherwise:
Malwarebytes' Anti-Malware 1.11
Databasversion: 606
Skanningstyp: Fullständig skanning (C:\|D:\|G:\|)
Antal skannade objekt: 97324
Förfluten tid: 41 minute(s), 52 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 5
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 3
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\QooBox\Quarantine\C\WINDOWS\system32\qbxxfnmo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPjJCv.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ybqqgakv.dll.vir (Trojan.Vundo) -> No action taken.
Here's the final log after removal:
Malwarebytes' Anti-Malware 1.11
Databasversion: 606
Skanningstyp: Fullständig skanning (C:\|D:\|G:\|)
Antal skannade objekt: 97324
Förfluten tid: 41 minute(s), 52 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 5
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 3
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\QooBox\Quarantine\C\WINDOWS\system32\qbxxfnmo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPjJCv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ybqqgakv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.11
Databasversion: 606
Skanningstyp: Fullständig skanning (C:\|D:\|G:\|)
Antal skannade objekt: 97324
Förfluten tid: 41 minute(s), 52 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 5
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 3
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\QooBox\Quarantine\C\WINDOWS\system32\qbxxfnmo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPjJCv.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ybqqgakv.dll.vir (Trojan.Vundo) -> No action taken.
Here's the final log after removal:
Malwarebytes' Anti-Malware 1.11
Databasversion: 606
Skanningstyp: Fullständig skanning (C:\|D:\|G:\|)
Antal skannade objekt: 97324
Förfluten tid: 41 minute(s), 52 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 5
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 3
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\QooBox\Quarantine\C\WINDOWS\system32\qbxxfnmo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPjJCv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ybqqgakv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Edited by yesman72, 10 April 2008 - 10:32 AM.
#18
Posted 10 April 2008 - 10:44 AM
Perfect
Follow these steps to uninstall Combofix and tools used in the removal of malware
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
Follow these steps to uninstall Combofix and tools used in the removal of malware
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
#19
Posted 10 April 2008 - 10:56 AM
Thanks for all your help! Have a great weekend!
#20
Posted 10 April 2008 - 12:48 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users