Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please with Vundo infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help please with Vundo infection

Unread postby chryssi2001 » August 16th, 2008, 2:31 pm

I'm afraid I'm struggling here

Sorry about that. :(

Can you log in as Tom?

If yes, uninstall HijackThis, and re downoad it as Tom.
Try to run it.

Update and run Malwarebytes' Anti-Malware as Tom, also.
If both don't work, and you still get the message, run DSS.
----------------------------------------------
Run Windows Cleanup.
Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Right click the Recycle Bin icon and Empty the Recycle Bin

Now, in Windows Explorer, delete all the files in the following folders. Please do NOT delete the folders themselves, just all the files that they contain.
C:\Windows\Prefetch\
C:\Windows\Temp\
C:\Documents and Settings\<Your Username>\Local Settings\Temp\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temp\
C:\Documents and Settings\<Your Username>\Local Settings\Temporary Internet Files\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temporary Internet Files\
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Re: Help please with Vundo infection

Unread postby ColBla » August 16th, 2008, 2:54 pm

It's been a long day & the ol' brain's starting to slow down:

Yes I can login as Tom, but I can't uninstall from there because that's not an admin account. If I try from my account (the only admin account on the PC) I can't uninstall from there either - HJT itself doesn't have an uninstall option, and if I try from the Windows Add/Remove programs screen I get an error message saying it's already gone (except it hasn't, because I can still run it). I recall you had me rename it - does that have something to do with it ? If so, how do I uninstall it ?

What is "DSS" ?

Can do the Windows clean up routines, but which accounts should I do this in - mine, Tom's or all of them ?
ColBla
Active Member
 
Posts: 12
Joined: August 12th, 2008, 1:40 pm

Re: Help please with Vundo infection

Unread postby chryssi2001 » August 16th, 2008, 4:01 pm

Colin,

I can understand you are tired, because we've tried too many things today. You can do this step tomorrow. Get some rest.

Sorry DSS is another tool, i would give you to run, but then i removed that part. It's roughly the same like Combofix, but it runs as Administrator.

and if I try from the Windows Add/Remove programs screen I get an error message saying it's already gone (except it hasn't, because I can still run it). I recall you had me rename it - does that have something to do with it ? If so, how do I uninstall it ?

If you can't from Add/Remove programs maybe right-click on the icon and delete would remove it.
No renaming it doesn't prevent you from removing it.

Can do the Windows clean up routines, but which accounts should I do this in - mine, Tom's or all of them ?

All, and each time use each user name in all these:
Just replace the <Your Username> and <All other Usernames> each time with each user name like, Colin, Tom etc.
C:\Documents and Settings\<Your Username>\Local Settings\Temp\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temp\
C:\Documents and Settings\<Your Username>\Local Settings\Temporary Internet Files\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temporary Internet Files\


Did you reboot anytime your pc after Combofix rebooted it?

If not please reboot your pc and then do these steps.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Help please with Vundo infection

Unread postby ColBla » August 17th, 2008, 4:51 am

Hi Chryssi2001

Back for round two - hope we're on the home straight now !

Firstly, HJT. I was able to uninstall it from Add/Remove programs only by renaming the .exe file back to "Hijackthis.exe" (you will recall we renamed it to "Scanner.exe"). Having done that it went easily. But it would not instal in Tom's account. I suspect this is because his account is an ordinary user account, not administrator, therefore he cannot instal new programs. I thought about changing his account to admin in order to run HJT from within it, but I wasn't sure whether this might encourage any dormant malware, so I didn't. Perhaps you could advise whether this would be sensible ?

Secondly, I've done all the temp file cleaning you suggested. Some of the folders contained files that could not be deleted (eg temp internet files contains something called "desktop.ini"), so I've left these in.

Thirdly - and I hope this is encouraging - I ran MBAM from within Tom's account. This found four infections - log file is attached below. I had already run MBAM from within Colin's account last week, so this has interesting implications - it suggests that MBAM must be run individually on each account, you can't run it once from one account and expect to have scanned the whole machine.

Even better, having fixed these, and rebooted the machine, the DLL error no longer appears in Tom's account.

MBAM Log (run from within Tom's account)
Malwarebytes' Anti-Malware 1.24
Database version: 1060
Windows 5.1.2600 Service Pack 2

09:23:01 17/08/2008
mbam-log-8-17-2008 (09-23-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 93463
Time elapsed: 23 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Latest HJT log (run from within Colin's account)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:35, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ACTIV Software\ACTIVdriver\ActivControl2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\ACTIV Software\ACTIVdriver\ActivControl2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2541208045-1205507034-200785320-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Tom')
O4 - HKUS\S-1-5-21-2541208045-1205507034-200785320-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Tom')
O4 - HKUS\S-1-5-21-2541208045-1205507034-200785320-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tom')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1112586796
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10376 bytes
ColBla
Active Member
 
Posts: 12
Joined: August 12th, 2008, 1:40 pm

Re: Help please with Vundo infection

Unread postby chryssi2001 » August 17th, 2008, 5:04 am

Hello Colin :) ,

You did very well :cheers: .

The log looks good. :flower:

I am glad you don't have that error message anymore.

As usuall i run Malwarebytes' Anti-Malware before Kaspersky scan to clean any infection remainants, i didn't in this case as you said you run it recently.

My mistake we would avoid all the frustration created, i apologise for that :( .

You are good to go now!
----------------------------------------------
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
----------------------------------------------
Congratulations you are clean! :)

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing!
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Help please with Vundo infection

Unread postby ColBla » August 17th, 2008, 5:45 am

Chryssi2001

Many thanks for your help & persistence in the face of dumb questions ! I will certainly be visiting the "Support us" page to make a donation.

Just a few remaining queries though:

1. I've got various downloads littered over my desk top now - HJT, JavaRa, ATF, JRE update. Can I delete or uninstal these as appropriate ?

2. Can you clarify about MBAM please ? As I said, I had already run it from within one account but it found other instances when I ran it from within another account. I note, for example, that when I open it in my account I have the three logfiles from when I ran it last week, but not the one that I ran this morning from Tom's account (I only see that logfile when I open from within his account); that implies to me that it only operates within one account. It seems to be quite a useful tool so I would propose to keep it, but do I have to run it from within each account individually in future ?

3. I will certainly look at all your recommended programs and the further reading. But I'm still a bit grumpy that I've had all this trouble despite having what I thought was a good, regularly updated, AV program (McAfee), but I've now found out the hard way that that was able to neither identify nor deal with those infections. I recognise that you probably have to be careful about making comments about commercial products like McAfee, but would you recommend a change to something else ? If so would you have any particular recommendations ?

Cheers and huge thanks

Colin
ColBla
Active Member
 
Posts: 12
Joined: August 12th, 2008, 1:40 pm

Re: Help please with Vundo infection

Unread postby chryssi2001 » August 17th, 2008, 6:19 am

ColBla wrote:Many thanks for your help & persistence in the face of dumb questions ! I will certainly be visiting the "Support us" page to make a donation.

You are welcome and thanks.
Donations are always appreciated. :)

1. I've got various downloads littered over my desk top now - HJT, JavaRa, ATF, JRE update. Can I delete or uninstal these as appropriate ?

You can remove JavaRa and JRE update installer, since you've installed the newer version of Java.
ATF can stay on your pc, use it frequently to remove/clean temporary files.

2. Can you clarify about MBAM please ? As I said, I had already run it from within one account but it found other instances when I ran it from within another account. I note, for example, that when I open it in my account I have the three logfiles from when I ran it last week, but not the one that I ran this morning from Tom's account (I only see that logfile when I open from within his account); that implies to me that it only operates within one account. It seems to be quite a useful tool so I would propose to keep it, but do I have to run it from within each account individually in future ?

To be honest i wasn't aware of that.
If mbam can locate and search each time different user on a pc, that's a lot better for you.
Yes keep it, it's a very good scanner update it often, scan your C:\ drive, and occassionally scan the other accounts too.

3. I will certainly look at all your recommended programs and the further reading. But I'm still a bit grumpy that I've had all this trouble despite having what I thought was a good, regularly updated, AV program (McAfee), but I've now found out the hard way that that was able to neither identify nor deal with those infections. I recognise that you probably have to be careful about making comments about commercial products like McAfee, but would you recommend a change to something else ? If so would you have any particular recommendations ?

No Anti-Virus can catch up everything.

Anti-Virus programs remove Virusses.
Spyware is removed by other tools, nowadays there are so many infections, one must be very well protected using additional software than an Anti-Virus.

Your Mcafee has also Firewall, and that is an add.

Spybot S&D from my All clean speech, cleans Spyware.
Give it a try.

Above all, try to surf the Internet carefully, do not visit suspect sites, open emails from unknown persons, do not click suspicious links, and keep your protection programs updated.

Check your pc often, let's say once a week with mbam, & Spybot, additional with the Mcafee which should scan your pc daily.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Help please with Vundo infection

Unread postby Gary R » August 18th, 2008, 11:43 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 487 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware