Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vundo Trojan - still lurking?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Vundo Trojan - still lurking?

Unread postby chryssi2001 » January 5th, 2009, 8:12 am

Hello glostagal,

You said "after you run combofix" but - was I supposed to run it again? Let me know if so because I didn't. Thanks again, Glostagal

No, you shouldn't run it again. When i posted latest time to run CF-Script, i also wanted a new HijackThis log, after running CF-Script. You posted one before running CF-Script, as you wanted to ask this:
I will run the rest of the process when you confirm that disabling OAS (leaving the icon in system tray) is OK. THANKS!!!

The one you posted before running CF-Script stilll had the infection which CF-Script removed.
So i needed the new one. ;)

Does symantec still gives you warnings?
----------------------------------------------
LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
Post back:
List of programs.
Malwarebytes' Anti-Malware report.
Tell me about Symantec.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Re: Vundo Trojan - still lurking?

Unread postby glostagal » January 5th, 2009, 6:10 pm

Hi, First, about symantec, I was only getting those warnings during sdfix and combofix, so haven't seen them lately. Got something similar when trying to install antimalwarebytes. see below. But no longer getting msg about kvccvdpe.dll.

Second, here is my uninstall list
******************************************
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Agent Ransack Version 1.7.3
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bonjour
Canon MF Toolbox 4.9.1.1.mf02
Canon MF3200 Series
Client Security Solution
Compatibility Pack for the 2007 Office system
Diskeeper Lite
Easy Grade Pro
ExamView Pro
FileZilla Client 3.0.10
FirstClass® Client
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
Google Chrome
Google Earth
Google Update
Google Updater
Help Center
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Interactive Chalkboard (Mathematics Applications and Concepts, Course 3)
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KeyView for Lotus 97
Kirby Alarm v2.11
Lenovo Registration
Lotus Notes 7.0
Maintenance Manager
McAfee VirusScan Enterprise
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Office XP Standard
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
ML Algebra1TestGen
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
OmniPage SE
On Screen Display
PC-Doctor 5 for Windows
Picasa 2
Presentation Director
Presto! PageManager 7.15.11
PrimoPDF
Productivity Center Supplement for ThinkPad
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
SeaMonkey (1.1.9)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
System Migration Assistant
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
USA TODAY MileTracker
Wallpapers
Windows Installer Clean Up
Windows Live Toolbar
Windows Live Toolbar
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XP Themes
******************************************

third, I was not able to install antimalwarebytes. When I double click to install I get this

Image

click ignore then I get this

Image

click ignore and it just hangs - any ideas? tx, GG
glostagal
Regular Member
 
Posts: 24
Joined: December 25th, 2008, 7:41 am

Re: Vundo Trojan - still lurking?

Unread postby chryssi2001 » January 6th, 2009, 4:38 am

Hello glostagal,

I will send you to your Registry in an attempt to fix that error.
Please follow my steps very carefully.
In case something goes wrong, go to the folder and start ERDNT.exe as mentioned below in red.
----------------------------------------------
Backup Your Registry with ERUNT
  • Please use the following link to download ERUNT
  • Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe
----------------------------------------------
1. Click Start, and then click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers

4. In the right pane, double-click the VDD value. The Edit Binary Value dialog box opens.
5. Select the contents of the Value data box, ant then press Delete. There may be four zeros that cannot be deleted.
6. Click OK, and then Exit the Registry Editor.

After you do this, and everything is ok, reboot your pc, and retry to install and run Malwarebytes' Anti-Malware.
Let me know what happened.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Vundo Trojan - still lurking?

Unread postby glostagal » January 10th, 2009, 5:44 pm

Hi There,

I did as you said - I installed the ERDNT tool, backed up my registry, edited the key, rebooted, installed and updated the antimalware tool.

THEN when I performed the full scan, I got a blue screen of death - yikes. It said "a problem has been detected and windows is shutting down to protect your computer." What now?

Also, I am having a problem with updating macafee - when I go to update it, I get a message that says

"failed to initialize common updater system. make sure macafee framework svc is running. macafee common framework returned error 80040154 @ 1"

I recognize this error - this is what I was getting when I was FIRST infected. As I said in my very first post, before I ever contacted you, I installed and ran superantispyware, which resolved this problem - at least for a time.

Thanks, GG
glostagal
Regular Member
 
Posts: 24
Joined: December 25th, 2008, 7:41 am

Re: Vundo Trojan - still lurking?

Unread postby chryssi2001 » January 11th, 2009, 5:16 am

Hi glostagal,

So you were not able to run Malwarebytes' Anti-Malware?
If you did post the report.

Read hereabout the McAfee error you get.

Remember if something goes wrong you can use the ERUNT.exe backup you created.

I recognize this error - this is what I was getting when I was FIRST infected. As I said in my very first post, before I ever contacted you, I installed and ran superantispyware, which resolved this problem - at least for a time.

In my opinion this has nothing to do with malware.

Let me know if everything is ok after you follow those steps.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Vundo Trojan - still lurking?

Unread postby Gary R » January 16th, 2009, 4:04 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware