Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

in distress: I too have a trojan.vundo.h


  • Please log in to reply

#1
sdtopdx

sdtopdx

    New Member

  • Member
  • Pip
  • 3 posts
I'm finding these postings very helpful but keep seeing specific instructions for each person's computer and don't want to further mess up my ailing computer.

Norton identified suspicious.vundo.2 on my computer about 2 weeks ago that I didn't notice until it until it interfered with my ability to access the internet from firefox (but I CAN connect to my wireless). I've tried running scans in Norton in Safe Mode with Networking, but that didn't work.

I've followed the instructions on this post: http://thecooltools....lwarebytes.html

After a full scan, malwarebyte's anti-malware was able to remove all but 1 file and 4 registry keys (I originally had 12 or so). Vundofix didn't detect anything. I know it's still on there because the scans (quick and full) keep saying there are 4 objects left.

Warnings: I can't access the internet from the infected computer but can access from another computer to download. I'm only average young adult computer savvy so I may need some dumbing down of computer terms but really would like some help.
---------------
here's the malwarebyte's log:
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

7/9/2009 12:23:49 AM
mbam-log-2009-07-09 (00-23-49).txt

Scan type: Quick Scan
Objects scanned: 93521
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7133656a-f0e9-4416-8526-0aae083f717c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zqeilriw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7133656a-f0e9-4416-8526-0aae083f717c} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)
  • 0

Advertisements


#2
sdtopdx

sdtopdx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
In an attempt to solve this without using someone's time I tried following the directions on another post and ran TFC and ComboFix. Malwarebyte isn't finding anymore vundo but I still can't access the internet.

I wasn't able to download the recovery console before running combofix due to my internet connection problems (the program had started running and I was too scared to quit it)

What should my next step be? (I know I might get busted for being impatient!)

Attached Files


Edited by sdtopdx, 09 July 2009 - 02:59 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP