Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think i have Vondo, please help me!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think i have Vondo, please help me!!!

Unread postby garlanchango » May 26th, 2008, 11:33 pm

Hi, I´m afraid my computer is infected with Vondo, or something like that, reinstalled everything again, but the computer still remains getting slow, it also won´t let me star autoupdates for window, tis is my hijackthis los, i will really apreciate any help,. don´t know what to do

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:25 p.m., on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security

7.0\avp.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache

Group\Apache2\bin\apache.exe
C:\Archivos de programa\Archivos comunes\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache

Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security

7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Vínculos
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky

Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [34ee0634] rundll32.exe

"C:\WINDOWS\system32\yreivitq.dll",b
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de

programa\Java\jre1.6.0_06\bin\jusched.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Archivos de

programa\Kaspersky Lab\Kaspersky Internet Security

7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel -

res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de

programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics -

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de

programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de

programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://www.update.microsoft.com/windows ... n/x86/clie

nt/wuweb_site.cab?1211851887593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/microso ... /en/x86/cl

ient/muweb_site.cab?1211852287515
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab -

C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security

7.0\avp.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache

Software Foundation - C:\Archivos de programa\NVIDIA

Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation -

C:\Archivos de programa\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA

Corporation - C:\Archivos de programa\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4533 bytes
garlanchango
Active Member
 
Posts: 3
Joined: May 26th, 2008, 11:28 pm
Advertisement
Register to Remove

Re: I think i have Vondo, please help me!!!

Unread postby garlanchango » May 27th, 2008, 10:20 pm

REinstalled everything in windows xp last night, but today it stoped working, just when starting windos it gets stucked showing the wallpaper, nothing further.... just a pretty nice desktop wallpaper, no working any longer..... so I reinstalled everything in windows vista, which i really don´t like much, but I´m afraid that if I reinstall XP it will appear again, i think tht viru is still arround... Norton didn´t find anything in a full scan, but i think that thing is still here.... is there any way look for it, an make sure it´s no here so i can reinstall XP....
Thanks!!!!!!
garlanchango
Active Member
 
Posts: 3
Joined: May 26th, 2008, 11:28 pm

Re: I think i have Vondo, please help me!!!

Unread postby garlanchango » May 27th, 2008, 10:25 pm

By the way, in a scan with a program, superantispyware or malwarebyte´s anti-malware ,there was something in the memory, which couldn´t be removed, does it have anythong to do, and if it does, can it be fixed.?
garlanchango
Active Member
 
Posts: 3
Joined: May 26th, 2008, 11:28 pm

Re: I think i have Vondo, please help me!!!

Unread postby NonSuch » June 1st, 2008, 3:27 am

This topic is now closed.

We're sorry you have not received a response to your topic. This is due to you replying to your
own topic prior to receiving a reply from a helper. Our helpers are looking for topics with zero
responses. When you post replies to your own topic, it no longer has zero responses, and so it
appears that you have received help when in fact, you have not.

If you still require help, please open a new thread in the Malware Removal forum and wait
for assistance. Do not post in that new topic until you have received a response from a helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware