Home > Yet Another > Yet Another Vundo Victim

Yet Another Vundo Victim

Register now to gain access to all of our features, it's FREE and only takes one minute. No, create an account now. Sorry for the delay in responding to your post !! That is why even for a problem that appears the same on the surface, helpers will have widely different procedures to remove it. Source

See alsoEdit VundoFix ComboFix Malwarebytes ReferencesEdit McAfee's information on the Vundo trojan Trojan.Vundo - Symantec.com Step by step for Vundo Removal Atrocities of Vundo Corrupted Explorer Disabled task manager ↑ Sun Ewido found & removed 46 nasties, so that's a step in the right direction! Categories: Pages with Multiple issues Trojan Rogue software Adware Add category Cancel Save Games Movies TV Explore Wikis Follow Us Overview About Careers Press Contact Wikia.org Terms of Use Privacy Policy I'm writing to you guys from a laptop I hooked onto the internet after disconnecting my main box from the net.

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [NvCplDaemon] The hard drive may start to be constantly accessed by the winlogon process, thus periodic freezes may be experienced. Another alarming note, on startup spybot teatimer gives me alarming messages about items being added to the registry which look very suspicious. In any event, my Hijack This and VundoFix logs are included as requested:Hijack This Log:Logfile of HijackThis v1.99.1Scan saved at 9:02:14 PM, on 10/20/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer

Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now or read our Welcome Guide to learn how to use this site. Pager] 1O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTOO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Create Account How it Works Javascript Disabled Detected You currently have javascript disabled.

Feb 7, 2008 #1 Budwhite501 TS Rookie Topic Starter I just realised that after looking at the avg antispyware log it refers to all actions being taken as being ignored. Unfortunately, I see from my HijackThis log that I have not sucessfully removed Vundo.When I ran through the steps for VundoFix (after entering c:\WINDOWS\system32\nnnmp.* in the second step), I got the Use your up arrow key to highlight Safe Mode then hit enter.Once in safe mode open the VundoFix folder and doubleclick on KillVundo.batYou will first be presented with a warning.It should Content is available under CC-BY-SA.

Powered by WordPress.com VIP oh joy. Spybot Search & Destroy is able to block generations of Vundo that are older than Trojan.Vundo.F. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\pmnnn.dllO2 - BHO: Google Toolbar Helper -

Pager] 1O4 - Global Startup: Adobe Reader Speed Launch.lnk =C:\Program Files\Adobe\Acrobat7.0\Reader\reader_sl.exeO4 - Global Startup: SBC Self Support Tool.lnk =C:\Program Files\SBC Self Support Tool\bin\matcli.exeO8 - Extra context menu item: &Google Search -res://c:\programfiles\google\GoogleToolbar1.dll/cmsearch.htmlO8 There are two main components to the Virtumonde.dll file: Browser Helper Objects and Class ID. User Name Remember Me? Contents[show] InfectionEdit Vundo infects victims' computers by exploiting a vulnerability in Sun Java 1.5.0.7 (aka Version 5.0 release 7) and earlier versions.[1] An update to Java is a necessary step in

Command Line Process Viewer/Killer/Suspender forWindows NT/2000/XP V2.03Copyright© 2002-2003 [email protected] PID 856 'explorer.exe'Command Line Process Viewer/Killer/Suspender forWindows NT/2000/XP V2.03Copyright© 2002-2003 [email protected], Cannot find a process with an image name ofrundll32.exeCommand Line Process http://popupjammer.com/yet-another/yet-another-trojan-vundo.html it might help to turn some people onto that for this savetheinformation virus before we have to run a bunch of other tricks. Unfortunately, C:\WINDOWS\system32\pmnnn.dll is still hanging around.Since somethings may have changes, I am including updated HJT and VundoFix logs:Hijack This:Logfile of HijackThis v1.99.1Scan saved at 7:02:12 AM, on 10/18/2005Platform: Windows XP SP2 Changes \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunOnce entries to start itself when Windows starts.

It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} TechSpot Account Sign up for free, it takes 30 seconds. http://popupjammer.com/yet-another/yet-another-trojan-vundo-victim.html Also, does anyone know how to PREVENT this from happening?

even if they're the same, and it's just a situation where you can provide better support with mbam, i'll happily uninstall adaware and plug mbam in...just checki Back to top #8 It'd also be great to know how to speed the system up at startup and generally as at the moment, startup is taking a seemingly long time. on to my sob story and cynicism...i trusted the consumer version of McAfee (Security Center) only to be hit with a Vundo!grb trojan...

This is a discussion on Savetheinformation claims yet another victim!

Recently added OS : after updating Dell Inspiron 15R SE to Windows 8.1, CCC will not start OS : Kb297698 will not uninstall? Companion -{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ProgramFiles\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dllO3 - Toolbar: Norton AntiVirus -{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\ProgramFiles\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google -{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiles\google\googletoolbar1.dllO4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXEC:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [AHQInit] C:\ProgramFiles\Creative\SBLive\Program\AHQInit.exeO4 - Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dllO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dllO9 - Extra 'Tools' menuitem: Yahoo! You can do this by restarting your computer and continually tapping the F8 key until a menu appears.

Please re-enable javascript to access full functionality. When I was an IE user I tended to have this problem, but this is the first time firefox failed me. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Check This Out In fact all the programs we use as a rule are a little bit different.

Performed disk cleanup. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged