Home > Hijack This > Hijack This Log- Problems With Trojan Vundo

Hijack This Log- Problems With Trojan Vundo

Everyone else please begin a New Topic. Back to top #6 Blade81 Blade81 Advanced Member Volunteer Security Advisor 6582 posts Posted 24 July 2007 - 11:34 AM Hi Clear Trend Micro quarantined files and empty recycle bin. LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Yes, my password is: Forgot your password? his comment is here

One of the first problems I encountered was not being able to access msconfig, in any way you or other sites suggested. All rights reserved. Unlike my log reports fonemike is still there =/Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:07:51 PM, on 9/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning Please re-enable javascript to access full functionality.

I need to see that log- preferably pasted in the next reply instead of being attached. BLEEPINGCOMPUTER NEEDS YOUR HELP! I chose remove, but it seems obvious this trojan is embedded deep and not going anywhere. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

after starting up for a minute or two, it would blue-screen. Using the site is easy and fun. So then I ran HijackThis, and as you can see below, some of the files that other programs have identified as trojans/virus or associated with Vundo are listed in the hijackThis Register now!

OriginalFilename : EXPLORER.EXE #:19 [prismsvr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 632 ThreadCreationTime : 7-20-2007 12:28:41 AM BasePriority : Normal FileVersion : 2.03.17 ProductVersion : ProductName : PRISM Wireless LAN CompanyName Please include a link to this thread with your request. If you don't see me write, I would recommend SpyNoMore!Thanks again for the help. Because half of the log is missing.In case the O20 won't get deleted, do next instead..Open notepad and copy and paste next present in the quotebox below in it:(don't forget to

I just saw all these other posts where people did things wrong, and thought- huh, maybe I'm a bigger *****. Location: : S-1-5-21-2985724562-2117968275-607952517-1006\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cabO16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cabO16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader by gtg858w / January 7, 2009 8:00 AM PST In reply to: You could try......

All rights reserved. Track this discussion and email me when there are updates If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and Trojan Vundo Problem Started by DarthNole , Jul 23 2007 09:42 PM This topic is locked 8 replies to this topic #1 DarthNole DarthNole Member Members 20 posts Posted 23 July Windows is a trademark of Microsoft Corporation OriginalFilename : SQLMANGR.exe Comments : NT INTEL X86 #:34 [wzqkpick.exe] FilePath : C:\Program Files\WinZip\ ProcessID : 2516 ThreadCreationTime : 7-20-2007 12:30:00 AM BasePriority :

Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion this content Next I ran Superantispyware (log attached) I ran Malwarebyte's antimalware (log attached) and encountered bad image errors. OriginalFilename : WdfMgr.exe #:21 [hkcmd.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1408 ThreadCreationTime : 7-20-2007 12:29:13 AM BasePriority : Normal FileVersion : ProductVersion : ProductName : Intel Common User Interface I've been running it in Safe Mode with Networking for a while now where I've run VundoFix (it found two entries, which it deleted), and then Trojan.vundo Removal Tool (by Symantec),

Location: : S-1-5-21-2985724562-2117968275-607952517-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! In a very basic sense, they are used to locate webpages. FileDescription : Driver Information Assist Core Module InternalName : DIAS LegalCopyright : Copyright CANON INC. 2003-2004 OriginalFilename : CnxDIAS.exe #:13 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 1840 ThreadCreationTime weblink The Mbam was run after the Hijackthis.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:35:16 PM, on 9/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft

Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:[email protected]/ Expires : 7-16-2012 8:00:00 PM LastSync : Hits:4 UseCount : Once the license is accepted, reset to 100%. (If there is any problem running the online scan, don't worry about it- I'll give ou a different one. Share this post Link to post Share on other sites psychoinhell    New Member Topic Starter Members 12 posts ID: 9   Posted September 29, 2009 Lets see where I screwed

by Marianna Schmudlach / January 7, 2009 1:08 AM PST In reply to: Vundo Trojan Problems Please download VundoFix.exe to your desktop. * Double-click VundoFix.exe to run it. * Click the

Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now Please go ahead and drop me back into the proper place in the queue. You may wish to Subscribe to this thread (Options --> Track this topic) so that you are notified when you receive a reply.Please give me some time to analyze your log, Click this button to save the log file to your PC.

However, it can slow down certain computers. Does your protection software still find something? LegalTrademarks : Copyright © Trend Micro Inc. check over here What now?

I disabled system restore, In normal mode because I cannot access safe mode). Share this post Link to post Share on other sites psychoinhell    New Member Topic Starter Members 12 posts ID: 7   Posted September 29, 2009 This is post fix.reg. I will happily correct my post, if someone will let me know what the problem is. No, create an account now.

Using definitions file:SE1R182 23.07.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):17 total references Tracking Cookie(TAC index:3):13 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible I restarted my laptop later, without getting the bad image error messages, and re-ran malwarebyte's. Before that it's better to clean some temporary files.Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open itUnder Main choose:Windows TempCurrent User TempAll Users TempCookiesTemporary Several functions may not work.

Discussions cover how to detect, fix, and remove viruses, spyware, adware, malware, and other vulnerabilities on Windows, Mac OS X, and Linux.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion Vundo Trojan Problems by