Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vundo virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vundo virus

Unread postby Lisacoe » January 6th, 2010, 6:35 pm

Hey!

I use AVG9 and when I run it, it says it has found the vundo trojan. After restarting, and rescanning, it is done. But it always comes back later :( I also get redirected from opening google search results.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:28 PM, on 06/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\Temp\_ex-08.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weatheroffice.gc.ca/city/pages/b ... ric_e.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTFMON] C:\Windows\Temp\_ex-08.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6500 bytes

Here is my uninstall list:

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
AIM 6
AirPort
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
iTunes
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pando Media Booster
PHOTOfunSTUDIO -viewer-
QuickTime
SoundMAX
SPSS 14.0 for Windows Evaluation Version
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA HDD Protection
Toshiba Registration
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Xvid 1.1.3 final uninstall
XviD Video Codec 1.1.2-01022007

Thanks so much fro any help you may be able to give to me!!

Lisa
Lisacoe
Active Member
 
Posts: 7
Joined: January 6th, 2010, 6:19 pm
Advertisement
Register to Remove

Re: Vundo virus

Unread postby deltalima » January 12th, 2010, 7:04 am

Hi Lisacoe,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Vundo virus

Unread postby Lisacoe » January 12th, 2010, 12:46 pm

Hey deltalima,

Thanks for taking the time to look into this and help me :)

Lisa
Lisacoe
Active Member
 
Posts: 7
Joined: January 6th, 2010, 6:19 pm

Re: Vundo virus

Unread postby deltalima » January 12th, 2010, 1:28 pm

Hi Lisacoe,

Vista Advice
Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download/run Rkill:
Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Right click on Rkill & select Run as Administrator
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Malwarebytes Anti-Malware:
Please download Malwarebytes' Anti-Malware to your desktop.

  • Right click mbam-setup.exe and select Run as Administrator and then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please download DDS ... by sUBs.
Save it to your desktop. Alternate download link:here.
  • Right click the tool and select Run as Administrator
  • A black Screen will open... read the contents but do nothing.
  • When DDS finishes... Notepad will open with 2 reports... DDS.txt and Attach.txt
    Ignore the comments about zipping / attaching any of the report files. The 2 report files are not saved anywhere,
    if you close Notepad, before copying /pasting them... you will need to run DDS again.
  • Copy/paste both DDS.txt and Attach.txt reports in your next reply.
  • Once the reports have been posted, you can delete DDS from your desktop.

Please post the GMER log along with Malwarebytes log and the two logs from DDS in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Vundo virus

Unread postby Lisacoe » January 12th, 2010, 3:02 pm

Hey,

Here is the Malwarebytes' log:

Malwarebytes' Anti-Malware 1.44
Database version: 3549
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/01/2010 10:25:10 AM
mbam-log-2010-01-12 (10-25-10).txt

Scan type: Quick Scan
Objects scanned: 101462
Time elapsed: 15 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DomPlayer (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC (Trojan.Swizzor) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\wjqd.rqo (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Lisa\AppData\Local\Temp\4930.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Lisa\AppData\Local\Temp\TMP897B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\AUTHORS (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\ChangeLog (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\COPYING (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\Homepage.url (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpciconlib.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.cz.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.de.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.es.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.fr.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.hu.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.it.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.kr.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.pl.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.ru.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.sc.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.sk.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.tc.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.tr.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mpcresources.ua.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer\Media Player HC\mplayerc.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lisa\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.


I downloaded the GMER Rootkit Scanner and followed your instructions. While scanning, it said the program stopped working. If I tried to run it again after closing the program, a blue screen came up and Windows restarted. I tried again in Safe Mode and the same thing happened :(

I haven't downloaded the DDS yet in case this is suppose to be in order.

Lisa
Lisacoe
Active Member
 
Posts: 7
Joined: January 6th, 2010, 6:19 pm

Re: Vundo virus

Unread postby deltalima » January 13th, 2010, 4:59 am

Hi Lisacoe,

Backdoor Warning
Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). We can attempt to clean this machine but I cannot guarantee that it will be 100% secure afterwards.

To help you understand more, please take some time to read the following articles:
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I re-format and reinstall my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Vundo virus

Unread postby Lisacoe » January 13th, 2010, 2:03 pm

Aww that sucks. I will reformat my computer, I was thinking about getting Windows 7 anyways :)

Lisa
Lisacoe
Active Member
 
Posts: 7
Joined: January 6th, 2010, 6:19 pm

Re: Vundo virus

Unread postby Lisacoe » January 13th, 2010, 8:56 pm

Hey deltalima,

I did a default Windows reformat. Partition 1 was reformated, but partition 0 (containing the Toshiba restore was not). I now have Windows 7.

What should I do now?

Lisa
Lisacoe
Active Member
 
Posts: 7
Joined: January 6th, 2010, 6:19 pm

Re: Vundo virus

Unread postby deltalima » January 14th, 2010, 2:08 pm

Hi Lisacoe,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

The first job is to make sure you have Antivirus software installed, the AVG9 that you had previously will do fine.

Update your AntiVirus Software and keep your other programs up-to-date
It is vital that you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC.

Ensure you are registered for Windows updates
  • Click Start then Control Panel
  • Click System and Security
  • Under Windows Update click Turn automatic updating on or off
  • Under Important updates ensure that Install updated automatically (recommended) is selected
  • Repeat this process for the section entitled Recommended updates
  • Ensure the box is ticked next to Allow standard users to install updates
  • Click OK

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Vundo virus

Unread postby Lisacoe » January 14th, 2010, 3:52 pm

deltalima,

Thank you very much for the help you provided!! :)

Since I canceled by credit card, I will make a donation as soon as my new one arrives.

Thanks once again :)

Lisa
Lisacoe
Active Member
 
Posts: 7
Joined: January 6th, 2010, 6:19 pm
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware