Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan horse Vundo.GO


  • Please log in to reply

#1
TinaG

TinaG

    New Member

  • Member
  • Pip
  • 1 posts
Hi.
I went through your cleaning guide before posting.
Issue: trojan horse Vundo.GO
I have noticed pop-up windows when online in the last week. Then today I got three warnings from AVG about the trojan noted above being blocked. I scanned with AVG, it found nothing. Scanned with AdAware: nothing. Spybot found 2 things that it removed.
I have XP, Service Pack 3.
Browsers: Firefox 3.5.7 and IE8 (I primarily use
Antivirus: AVG 9
I also use SpyBot and AdAware

I could not scan with Malware Bytes, even after renaming it several times (you'll see it's final name is "Screw You" in the info I've posted--that was aimed toward this trojan garbage!) and trying again. It just wouldn't work. So I found and used a program called Hitman Pro 3.5 instead. It found several instances of trojans and one sort of rootkit. I didn't see a way to generate a log or report from this program or I'd paste it for you. It's a free version, which may be why.

I ran AVG again, still nothing. Ran Hitman Pro again, this time, nothing. But since I wanted to be sure my laptop was clean, I completed the rest of your steps in the cleaning guide. I figured if there was something still there, you would see it in the reports. So I'm posting them for you.

Contents of my GMER Log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 04:05:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tina\LOCALS~1\Temp\agaorfoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 atapi_restored.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 atapi_restored.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 atapi_restored.sys (IDE/ATAPI Port Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

I've attached the 2 OTL reports. Wasn't sure if I should copy/paste...the one is rather long. Please forgive me if I've left anything out. I believe I followed all the steps in the cleaning guide before posting. Thanks in advance for any help.

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP