Over 1 million tech questions and answers.

Stubborn BHO (Vundo Variant) Help please

Q: Stubborn BHO (Vundo Variant) Help please

Hi, thanks for your help.I'm infected with a vundo variant according to super anti spyware (completely updated).Malwarebyte's also indicate that I'm infected by a BHO with the registry key {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}Both programs say they'll delete the file upon rebooting, so I've rebooted when they prompted me to, but when I scan again the infection is still there.When I do a google search in mozilla firefox it'll redirect me to several other links such as<hxxp://78.47.100.188/check.php?t=5922218ec0213203bacce786d975c90e&q=seltzer+recipes&bi=1487289567-2269484681-3959674531-1044314100&p=ff&a=998&s=3&e=google&v=sni06040901ff&f=income&b=0.0213&u=aHR0cDovL2MuaW5jb21lcHBjLmNvbS8/ZD1yQWI5eDhoaGZ4dE51Ty1WRUJ3ejBpR3ZLalBQVVdKWWVxd3ZNZ1lwNVA0YnR1TnJzZjVaWmNBbklTWFlkeDE5a0RiTkRnVmRQYlg2QnpIeUJibmplWldUdFBZNm02TnRMUlJUUFRQdEZ6dkE0c0pxMlMwcVNfYzhjMjRLNzY3WVh2Q040eURFeG11SUREa2pYZlVzbHZtUHBGV1BBSFdfdk11V1JITEV2bUFTeE1EVkR1bGVGZG54RkVvd0ZWa0piWGt0R3EzQlFHN0FEcWtkR2duOVpObEtYaXdYY0lSQV9TT2lTcjFBb0k5X0E1TkU3OUFMbHp1X1pWVUlnbGVJQjAwbThyM2tZLTVULXR6cTN0T1BZbFk4N1VEcGFKUjlGV3lDWi1nZ3BPMVF1NDlhUURpOGJKb19pTXdseG5OaFFaMk9KVWliMWQ5ajV3NVEtVXcya1FOVTJTcUNlcUcwaFk2c3dGMWtoaXh6LUxzOW5zYjVhUHItZFpWbzk1Wi1jWU9fR2c1OUdqVktoV1A4QUNxVnc0QTQzakhDamZQeU03ek5ldVJTQUdpS2VHWlU1NmRhUEhmS0tyLXlFNHlDbVV4NjFRb1E4dGM4LXJlaDZKeC01aG5ydVpvcXpaQTdXcUNqemRHay1ITkFMd25DaHNrdXdHRFJ1NGo5RWVXTFdDWGNyRmNsZXA3b3FhaDZQYnJ2RmVoMGJQSWVZUC1LdjloVWxWblRYUWxPZnd2MEx2eHFVMEstLWNvRmZ5dzFaRURUQmNmbDlxSmVjZXNxMjFwUzNvalV2N1dtOWF4a0NwQVd5U0JfOUc4NjBjemdJSnh3cGlOZWpLTFpaOVRHR0FxTzVxakFDVWlvUHdpa0xmaUN4ZzZvaDhHcm4tVEhPeGhDeEplUUhneE1XLS10REQxQTZEdl9yaVh3Vzd5ZW9SLWg5MUpHOTNRbW4zdDh2T1dVN3pwWHcxOFlGVm9VNlZGREFxZXdOaTBmdlZHZVAxaml3MkJKRzlmOXJETGQwNGNVQW9XZzBIS3dWaDNUVEZzZzBOT19xQTlNTFdJMEozOEhDazY0WW9BaVJtc25KLXZTRjBUOXZfbU1XM1dYX3I3NzJ4WmxGWUlfTmx2bFBMWWNlcDlGaXZfbzducXBWUDQ5ajMzelhwLU8yNEpRSEc0bWlVdk1oaFpobXl3WEpGTXNPYjdhYjlzUzV2SGdlZkpyblVfLWVTUW5OUGtodFZWMkRaR2VkZGJvSXE3OFdpTktlS0pTNmtLdlZuR2xEYW5Kc1RtcFpHZXc4XzlSUHM5ZFNzX3VZTDhvOTNhczRHWTVzSVFIYXc2Wmx4MDBfSjZ0UFJoa2RUVlpWdmxhTmI0U3dURE9aTkphQk5BTV9RcDlUSFNELT0tPS1BbUxoQkY0a0F2NGtBR3BpTGw1am5VTi9wM2psQkdwanNRQThCUU5qc1VBeW9VRTZNS1Z0cHpJd25LT3lwM2prWlFSMFpRQThBS2pqc1FFdVpHTjVMd0g0c1FINEFHSDFNUVN2c1FPOEFKUjFaMkg1TXdxOFpHdXdaSlIzQlRXOHAySXVwekFiTVQ5d3FKMXlvYURobko1em9qPT0tPS09LTJmZTcwNDkxMWExNQ==&rf=hxxp://searchdocument.info/search.php>Here's my DDS LogDDS (Ver_09-05-14.01) - NTFSx86Run by Ning at 19:13:29.96 on 05/17/2009 SunInternet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2046.1518 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\conime.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Freeware Antispy\WinPatrol\winpatrol.exeC:\Program Files\Sony\VAIO Camera Utility\VCUServe.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\Program Files\Java\jre1.5.0_07\bin\jusched.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Intel\Wireless\Bin\EOUWiz.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Ning\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://gundam.netmarble.net/uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeopleuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"mRun: [WinPatrol] c:\program files\freeware antispy\winpatrol\winpatrol.exe -expressbootmRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /StationarymRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exemRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_07\bin\jusched.exemRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNCmRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMENamemRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exemRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXEmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"mRun: [Apoint] c:\program files\apoint\Apoint.exemRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htmIE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTrusted Zone: netmarble.net\gundamDPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter25.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cabDPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.0.cabDPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cabDPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdfense8237.cabDPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabTCP: {5622F491-DB7D-4FB1-9FB7-6D639174C47A} = 24.29.103.15,24.29.103.16Notify: !SASWinLogon - c:\program files\freeware antispy\superanti\SASWINLO.dllNotify: igfxcui - igfxdev.dllNotify: VESWinlogon - VESWinlogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\freeware antispy\superanti\SASSEH.DLL================= FIREFOX ===================FF - ProfilePath - c:\docume~1\ning\applic~1\mozilla\firefox\profiles\3syfo8mt.default\FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dllFF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dllFF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dllFF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dllFF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dllFF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dllFF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dllFF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll============= SERVICES / DRIVERS ===============R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-7-22 9216]R1 SASDIFSV;SASDIFSV;c:\program files\freeware antispy\superanti\sasdifsv.sys [2008-12-4 8944]R1 SASKUTIL;SASKUTIL;c:\program files\freeware antispy\superanti\SASKUTIL.SYS [2008-12-4 55024]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-8 24652]R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-7-22 36352]R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-22 30080]R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-7-22 71961]R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-22 226304]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 SASENUM;SASENUM;c:\program files\freeware antispy\superanti\SASENUM.SYS [2008-12-4 7408]S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-3-8 1120960]=============== Created Last 30 ================2009-05-17 18:31 161,792 a------- c:\windows\SWREG.exe2009-05-17 18:31 98,816 a------- c:\windows\sed.exe2009-05-17 18:16 <DIR> --d----- c:\windows\pss2009-05-17 15:26 <DIR> --d----- c:\program files\Trend Micro2009-05-15 22:31 2,785,582 a------- c:\windows\system32\GameMon.des2009-05-15 20:39 <DIR> --d----- c:\docume~1\ning\applic~1\Malwarebytes2009-05-15 20:39 15,504 a------- c:\windows\system32\drivers\mbam.sys2009-05-15 20:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys2009-05-15 20:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2009-05-15 20:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes2009-05-15 20:26 <DIR> --d----- c:\program files\MP3+G Toolz .NET 42009-05-15 20:10 <DIR> --d----- c:\windows\system32\NtmsData2009-05-15 19:31 1,406,496 ---sh--- c:\windows\system32\utowahag.ini2009-05-15 15:56 34 a------- c:\windows\cdplayer.ini2009-05-15 15:52 <DIR> --d----- c:\program files\audiograbber2009-05-15 14:33 <DIR> --d----- c:\program files\common files\cdrdao2009-05-15 14:33 <DIR> --d----- c:\program files\Doblon2009-05-13 23:02 <DIR> --d----- c:\program files\DVD Shrink2009-05-13 23:01 <DIR> --d----- c:\program files\DVD Decrypter2009-05-12 19:21 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp2009-05-12 19:21 3,400 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat2009-05-12 19:18 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp2009-05-12 19:18 14,373 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat2009-05-12 19:13 <DIR> --d----- C:\hidownload2009-05-12 19:13 <DIR> --d----- c:\program files\StreamingStar2009-05-12 00:00 9,662 a------- c:\windows\EPISME00.SWB2009-05-09 14:51 1,306,624 a------- c:\windows\system32\msxml6.dll2009-05-09 14:51 662,288 a------- c:\windows\system32\MSCOMCT2.OCX2009-05-09 14:51 224,016 a------- c:\windows\system32\TABCTL32.OCX2009-05-09 14:51 150,528 a------- c:\windows\system32\TLBINF32.DLL2009-05-09 14:51 224 a------- c:\windows\system32\filerenamerred.sys2009-05-09 14:51 <DIR> --d----- c:\program files\Winsometech2009-05-09 13:03 <DIR> --d----- C:\8462912a81d2fcfac4ebe54c562009-05-09 13:02 <DIR> --d----- c:\docume~1\ning\applic~1\AccurateRip2009-05-09 13:02 10,890,928 a------- c:\windows\system32\SpoonUninstall.exe2009-05-09 13:02 <DIR> --d----- c:\program files\Illustrate2009-05-09 12:33 <DIR> --d----- c:\program files\AliveMedia2009-05-09 12:29 <DIR> --d----- c:\docume~1\ning\applic~1\GetRightToGo2009-05-09 12:09 <DIR> --d----- c:\docume~1\ning\applic~1\VoiceEditor2009-05-09 00:53 <DIR> --d----- c:\docume~1\ning\applic~1\GARMIN2009-05-09 00:28 <DIR> --d----- C:\CNNANT20092009-05-09 00:28 <DIR> --d----- C:\WebUpdater2009-05-09 00:27 <DIR> --d----- C:\Garmin2009-05-09 00:27 <DIR> --d----- C:\MapSource2009-05-08 12:33 <DIR> --d----- c:\docume~1\ning\applic~1\Mobile Master2009-05-08 12:15 <DIR> --d----- c:\docume~1\ning\applic~1\Jumping Bytes2009-05-08 11:42 <DIR> --d----- c:\program files\Windows Mobile Device Handbook2009-05-06 23:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avanquest Bluetooth SDK2009-05-06 23:33 <DIR> --d----- c:\program files\common files\Motorola Shared2009-05-06 23:19 <DIR> --d----- c:\program files\Avanquest update2009-05-06 23:17 24,192 a------- c:\windows\system32\drivers\OLDEBB.tmp2009-05-06 23:17 25,600 ac------ c:\windows\system32\dllcache\usbser.sys2009-05-06 23:17 25,600 a------- c:\windows\system32\drivers\usbser.sys2009-05-06 23:16 <DIR> --d----- c:\program files\Motorola Phone Tools2009-05-01 12:21 4,682 a------- c:\windows\system32\npptNT2.sys2009-05-01 12:21 5,174 a------- c:\windows\system32\nppt9x.vxd2009-05-01 12:20 <DIR> --d----- c:\program files\common files\INCA Shared2009-05-01 12:04 <DIR> --d-h--- c:\docume~1\ning\applic~1\netmarble2009-05-01 11:54 <DIR> --d----- c:\windows\system32\Adobe2009-05-01 11:38 66,082 ac------ c:\windows\system32\dllcache\c_20833.nls2009-05-01 11:38 66,082 a------- c:\windows\system32\c_20833.nls2009-05-01 11:36 57,398 ac------ c:\windows\system32\dllcache\imjpdadm.exe2009-05-01 11:31 159,744 a------- c:\windows\system32\kdfmgr.exe2009-05-01 11:31 73,728 a------- c:\windows\system32\kdfapi.dll2009-05-01 11:31 47,104 a------- c:\windows\system32\Kdfhok.dll2009-05-01 11:31 61,440 a------- c:\windows\system32\kdfmod.dll2009-05-01 11:30 373,248 a------- c:\windows\system32\kdfinj.dll2009-05-01 11:30 <DIR> --d----- c:\windows\kdefense2009-05-01 11:16 <DIR> --d----- C:\Netmarble2009-04-27 23:44 30,592 -------- c:\windows\system32\drivers\rndismpx.sys2009-04-27 23:44 12,800 -------- c:\windows\system32\drivers\usb8023x.sys2009-04-27 23:43 <DIR> --d----- c:\program files\Microsoft ActiveSync2009-04-21 12:33 <DIR> --d----- c:\documents and settings\ning\Tracing2009-04-21 12:31 <DIR> --d----- c:\program files\Microsoft2009-04-21 12:31 <DIR> --d----- c:\program files\Windows Live SkyDrive2009-04-21 12:24 <DIR> --d----- c:\program files\common files\Windows Live2009-04-17 22:11 1,409,571 ---sh--- c:\windows\system32\uguzazir.ini==================== Find3M ====================2009-03-26 12:03 374,256 a------- c:\windows\NMAutoUpdateXModule.dll2009-03-19 21:17 78,054 a------- c:\windows\War3Unin.dat2009-03-13 17:21 2,829 a------- c:\windows\War3Unin.pif2009-03-13 17:21 139,264 a------- c:\windows\War3Unin.exe============= FINISH: 19:13:37.89 ===============Also attached the "Attach.txt" here.Thanks again

RELEVANCY SCORE 200
Preferred Solution: Stubborn BHO (Vundo Variant) Help please

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Stubborn BHO (Vundo Variant) Help please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

Read other 21 answers
RELEVANCY SCORE 82

hi i need help in clearing a stubborn trojan in my registry i have ran superantispyware and malwarebytes anti-malware programs they found and cleared many infections but i rebooted the computer and ran a scan on malwarebytes again but it found 1 infection in the registry i have posted the log below. i also ran superantispyware again it found 22 infections mostly they were tracking cookies which are removed easily but the trojans keep coming back with each scan i have removed system restore and tried the scan in safe mode aswell, i have aslo rebooted the system after each scan on several occasions these are the most recent logs from each program i will reboot after posting this topic so the tracking cookies should be gone they have only appeared since being online looking for help. i would appreciate any help that you can offer thanks in advance.Malwarebytes' Anti-Malware 1.31Database version: 1501Windows 5.1.2600 Service Pack 312/15/2008 4:49:57 PMmbam-log-2008-12-15 (16-49-57).txtScan type: Quick ScanObjects scanned: 69912Time elapsed: 3 minute(s), 52 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.Regis... Read more

A:help needed with stubborn trojan.bho in registry and adware vundo variant

Let's see what SDFix may reaveal. Scan and post it's log.Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 15 answers
RELEVANCY SCORE 71.2

hi other day used pc and the IE browser got infected, now it doesnt work, there are adverts all the time and cant search for anything without being redirected to other websites. Ive tried using superantispyware but wont scan completely as it restarts the pc, tried avg , norton an a few others and nothing. Here are the logs as follows.Deckard's System Scanner v20071014.68Run by steve on 2008-07-17 19:05:07Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as steve.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:05: VIRUS ALERT!, on 17/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:&#... Read more

A:Adware.vundo Variant/resident And Trojan.vundo-variant/small-gen

Hmm wondering if i posted this in the correct forum section

also if wondering why it say steve i am posting here on my clean comp, the dell is the infected one and belonged to my m8 called steve lol

Read other 11 answers
RELEVANCY SCORE 70.4

Hi my pc has become infected, keep on getting annoying pop ups. Superantispyware finds the following but does not remove them.1 - adware vundo variant; 2 - adware vundo variant/HAL; 3 - rootkit Haxdoor Variant;any help would be much appreciated.log of hijackthis as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:29, on 2009-01-20Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\VTTimer.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\S3trayp.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Belkin\F5D9050&... Read more

A:help pc infected; adware vundo variant; adware vundo variant/HAL; rootkit Haxdoor Variant;

hi, We will get a download to use. Its called combofix. There is a guide you can read first before using it. It will explain what you need to know. Read through the guide, download combofix and follow the prompts. Dont forget to disable any of your Antivirus and antimalware applicatons so they dont interfere. Also your firewall so the recovery console can be downloaded and installed and combofix updated if needed. Post the combofix log in your replythe guide:http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Read other 3 answers
RELEVANCY SCORE 64.4

This all started this afternoon with what I believe was a compromised site that I got redirected too installed Spyware Guard 2008, which unloaded a -large- amount of spyware and malware on my computer. A combination of Avast, Adware 2008, and SuperAntiSpyware managed to find and destroy SG2008 and most of what it brought with it, although it forced a reinstall of Firefox. However, Smitfraud and Vundo both reappear when I run SuperAntiSpyware no matter how many times. Avast hasn't detected anything, though it occasionally tells me that the computer is trying to take me to a infected site and stops that. I've noticed some intermittent popups, nothing like SpywareGuard's however. Any help to rid myself of this is -greatly- appreciated.

DDS (Version 1.1.0) - NTFSx86
Run by Kyle at 4:09:58.75 on Wed 12/24/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1477 [GMT -6:00]

AV: avast! antivirus 4.8.1296 [VPS 081223-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32&... Read more

A:Vundo Variant/Rel & Smitfraud Variant-Gen/Bensorty Infection

Hi Fastburn,

Sorry for the long delay, this forum is always a busy place and we do our best to
keep up. Give me some time to look over your log and i will get back to you as
soon as possible, if you no longer require my help please let me no.

Thanks

Syler

Read other 4 answers
RELEVANCY SCORE 63.2

Out of the blue my computer started playing some head-banger hip-hop. I knew this was a Very bad sign so I ran
ATF Cleaner, Registry Mechanic and Super-antispyware (all updated today supposedly)

I have a SONY VAIO with
Windows XP-home, use
Internet Exporer 6.0.299
Medium computer skills.

SuperAntiSpyware keeps identifying the following every time I reboot & run it

Vundo/Variant-2009
Vundo/Variant-UX
Trojan.Agent.FakeALert
Rootkit.Agent/Trace
Rootkit/Gen-FraudLoad
Please help me with this persistent mess. HJT log below.
Thank you, Susan
Logfile of HijackThis v1.99.1
Scan saved at 4:47:29 PM, on 2/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platf... Read more

A:Please Help Persistent Vundo Variant 2009 /Variant UX

Read other 16 answers
RELEVANCY SCORE 63.2

Referred from here: http://www.bleepingcomputer.com/forums/t/272591/i-am-infected-antivirus-plus-vundo;-i-need-help-please/ ~ OBGreetings!One of the moderators "Boopme" has adviced me to m ove into this step. Here are the main issues:* A Vundo Variant will keep reapearing* Google and Ask.com searches re-directed to other links, * None of these products, McAFee, Stopzilla, SuperAntiSpyware have successfully removed infected dll called c:\windows\system32\zowiyari.dll * I have also been unsucessful dowloading Malawarebytes Anti-Malware due to some code errors that state the following: "Unable to execute file c:\programfiles\malwarebytes' anti-malware 2\mbam.exe Create process failed: Code 2 The system cannot find the file specified" Also: error code: 707 (3,0)* I am currently not been bombarded with the annoying advertising pop-ups* My wallpaper would change from my selected background to a plain black background* Computer is still running a bit slow* and Finally at the end of running the RootReal Log I received an error message that stated: "Could not read system registry, Please contact the author" - Device Io Control Error ! Error Code 0xc0000001Here are my log reports:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-10-26.01)Microsoft Windows XP ProfessionalBoot Device: \Device\Harddisk... Read more

A:Infected: Vundo Variant, Antivirus Pro Variant

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 36 answers
RELEVANCY SCORE 63.2

Like others who post - HELP PLEASE
I have attempted several times to remove the Trojan Vondu virus - including the remove vondu exe stuff......and multiple spyware programs and
I even spent $129 (wasted money ) to pay the service in Boston plumchoice.com to remove this and after two technicians and 4 hours of work - STILL THERE......
Plumchoice told me this was a "new" variant - I have no clue.
Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:49 AM, on 9/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gikonpdr.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS... Read more

Read other answers
RELEVANCY SCORE 62.4

Well, I'm almost ready to reformat and start over, but thought I'd check in here first because you seem to have lots of great info.

Still getting occasional IE hijacks, despite running Vundofix and updating my Java Runtime to the latest version. Have run several anti-spyware programs which consistently identify Virtumonde and/or Vundo, but quarantining doesn't keep them away for long. Amusingly, the pop-ups usually take me to an anti-virus web site, promoting a product that sells for $39.95 and will "get rid of all PC nasties".

System is an AMD 2ghz with 1gb RAM, running XP Sp 2.

Any suggestions?

Here's a current Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:35:36 AM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NVATray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\pathpro\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Mai... Read more

A:Very stubborn IE Hijacker - Virtumonde variant? Need help.

.. bump ..
 

Read other 3 answers
RELEVANCY SCORE 61.2

I have been having repeated/reoccurring infections of Adware. Vundo Variant, Adware.Vundo Variant / Small-A, Adware. eZula, Trojan. Downloader-NewJuan/VM, Trojan. Downloader-Gen/DDC., and Adware. Tracking Cookie. The infection originally started when trying to fix my son's computer which was infected mainly with a Trojan Vundo (can't remember exact name). I download fixes (programs) to my laptop computer and then transferred them to his computer since it was offline. I apparently downloaded/ran something that immediately infected my computer. Trojan Vundo was immediately picked up by McAfee, and supposedly removed.My laptop is protected by McAfee Security Center (always updated and running). I am using Windows XP (always updated). I use IE (always updated/latest version).I have used Ad-Aware 2007, Spybot S&D, SUPERAntiSpyware, and others I can't remember in attempts to remove. I have also used other Anti-virus programs, Advast!, etc. since I was told that different programs pick up different infections. I have also followed many links and suggestions from this and other sites to remove the problems. I have also used SmitFraudFix and RogueFix , which have picked up problems, which were then removed. I have run all the programs in both normal and safe mode.When I run the various programs, it will pick up the infections and I go through the process of removing them. The computer seems to work great w/o any problems until I get on the internet and then the popups, redire... Read more

A:Adware. Vundo Variant, Vundo Variant / Small-a, Ezula; Trojan. Downloader-newjuan/vm, Trojan. Downloader-gen/ddc, Adware. Track...

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved.Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter.Use fluffybunny.exe from now on.Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.Thanks,Charles

Read other 10 answers
RELEVANCY SCORE 59.2

Hi My system is ifected with spyware ,windows xp,sp2Intially i was unable to search google and yahoo then i installed auperantispyware,then Mcafee after i restated after installing both ,the desktop items and task bar disappeared,then i installed the malware anti bytes ,then i gor desktop and icons back but i got an error dll is missing,when i restated again i didnt get error,but pops increasedi have installed superantispyware,Malware antibytes,hijackthisPlease find the logsSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/18/2008 at 07:37 PMApplication Version : 4.15.1000Core Rules Database Version : 3483Trace Rules Database Version: 1474Scan type : Complete ScanTotal Scan Time : 00:31:29Memory items scanned : 466Memory threats detected : 1Registry items scanned : 6572Registry threats detected : 6File items scanned : 19162File threats detected : 34Adware.Vundo Variant/ResidentC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLTrojan.Vundo-Variant/Small-GENHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32#ThreadingModelAdware.Tracking CookieC:\Documents and Settings\kiran\Cookies\k... Read more

A:Please Help Infected With Adware.vundo Rel/variant And Trojon.vundo

Hello newmember123 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addi... Read more

Read other 10 answers
RELEVANCY SCORE 58.4

Hello. For the past week I have been getting constant notifications that I'm infected with the Vundo trojan virus. I booted into safe mode, ran scans, and deleted parts of it (once the scan was over it would tell me to reboot so that it could delete the rest on boot up, but it hasn't every time) but it keeps coming back. I've read up a little on vundo and found that it is a registry virus but I have no idea what that means. I use AVG Free 8.5, SUPERAntiSpyware, and Malwarebytes' Anti-Malware but even with using these it still comes back. So could I please have a little help with getting this thing off of my computor once and for all?

Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 5:23:40 PM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\Viewpoin... Read more

Read other answers
RELEVANCY SCORE 58.4

Hello, I read your rules and tried running everything you said. I removed viewpoint media player myself and installed the ie spyad.txt file as described. Pandascan and Deckard however wouldn't work for me. Panda's site wasn't responding and dss.exe crashes when it tries to clean my temporary files. I made sure nothing else was running when running DSS as well. As for the updates, unless they're critical to removing this virus, I can't even download them in a timely manner to keep up with you as I'm on 56k. Enough rambling, I ran your Vundo removal tool and it DID remove the Vundo virus, but I still have random popups in Firefox linking back to adult sites. It's not creating the IDKFA file it was before since I ran your Vundo tool, only popups are left. Sorry for rambling so much, here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:55 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Co... Read more

A:[SOLVED] Another Vundo Infection, Vundo.N variant

Just wanted to be sure you've intentionally marked this as solved.

If you still need help, or just want to be sure....

To run DSS, do this:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please run Deckard's System Scanner once again, this time using these instructions (this assumes dss.exe is on your desktop):

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config UnTick Temp Cleanup on the left side, UnTick Event Logs on the right side.

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

Read other 2 answers
RELEVANCY SCORE 56.4

I have tried to use SUPERAntiSpyware to remove this and each time I remove it and then reboot windows will not start...So I have to start windows from its last good configuration. My norton has also picked it up and tried to fix it doesn't seem to work either. I tried Vundofix as well..it found it and then fixed but still its there. I think there is also alot more going on besides that. My computer is running very slow..the background has changed to a antispyware add and I'm getting tons of popups as well as a rund.dll error message and my homepage has been changed. Thanks for reading hope you can help.Hijackthis log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:39:05 AM, on 4/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdat... Read more

A:Adware.vundo, Adware.vundo-variant/small A, Vundo Trojan..need Help

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt, rapport.txt and a new HijackThis log in your next reply.

Read other 21 answers
RELEVANCY SCORE 56.4

Hello Gracious Folks,I have been struggling with some bad computer infections that my tools can't seem to remove. It is characterized by browser hijacks, redirects, ads for hoax anti-malware, etc. I offer my humble thanks in advance for the assistance.Here is my DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Tony Oliva at 20:44:56.51 on Thu 04/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.515 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\alg.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exeC:\Progra... Read more

A:Vundo/Variant-Nx and Variant-EC

Hi builderboy, and welcome to Bleeping Computer.Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Post the log from ComboFix when you've accomplished that.

Read other 19 answers
RELEVANCY SCORE 56

Have worked at least 24 hours over the past few days to rid computer of multiple Trojans. Cannot get rid of Vundo. Have run Webroot Spy Sweeper, Lavasoft AdAware, SuperAntiSpyware, and McAfee. Only SuperAntiSpyware detects anything, but even after cleaning, it comes back with a vengeance. At this point, I'm getting multiple popus/security alerts/and such decreased performance that this post is difficult to type as it doesn't take all letters entered. I also ran Hijack This and Combofix. I failed to save the Combofix log, but I'll be glad to run it again, if need be. Any help would be GREATLY appreciated!!!!!!!Hijack this (ran moments ago) . . . Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:22, on 2007-10-16Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft SQL Server\MSSQL$MI... Read more

A:Vundo/vundo Variant Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum dgm My name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Now go to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

Read other 22 answers
RELEVANCY SCORE 55.6

I have been trying to rid my home computer of these virus/trojans, for over a week now. I have run the following scans - Norton 2007, McAfee 2007, Windows Defender, Windows Live One Care, Spybot, Adaware, SUPERAntiSpyware, Bit Defender, FixVundo and VundoFix all in normal and safe mode. As recommended by Norton, I have turned the system restore off. All of these scans have turned up something, which the program has been deleted. However, Norton, Windows Live One Care, Windows Defender, and SUPERAntiSpyware continue to provide notices of the infections, and despite being deleted they reappear!
So I am asking for anyone's help on removing these nuisances. I performed a Hijackthis scan and the results are below. I hope someone can look this over and suggest further steps.
Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:35:48 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\V... Read more

A:Trojan.Downloader, Adware.Vundo Variant, Trojan.Vundo and Win32/Fotomoto Infections

Anyone have any suggestions? I'm thinking of just backing up my data and reformatting my hard drive but this is my last resort obviously. Please help...
 

Read other 1 answers
RELEVANCY SCORE 55.2

I've had Vundo on my computer for about a month now, Every antivirus and Antispyware I've used have only stopped it temporarily, because it keeps on coming back.

Any assistance in getting rid of this menace will be most appreaciated. Thanks for helping.
-Albert

Here's a HJT Log in case it will prove useful.

Logfile of HijackThis v1.99.1
Scan saved at 8:20:00 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn... Read more

A:Need help getting rid of this stubborn vundo

Read other 8 answers
RELEVANCY SCORE 55.2

EDIT: Unfortunately, I thought it had worked, but it popped back up. Well, somehow I ended with popups galore and my antivirus going nuts. It had trouble moving/deleting it. I used my Spybot and Adaware, it still is there. then, I tried Vundofix and Virtumundo, neither have been successful. I'm totally frustrated with this and wondering if you good people would mind helping me out! I'd greatly appreciate it! OH, and I also realized that my Sun Java was not updated and all ready did that. Logfile of HijackThis v1.99.1Scan saved at 11:55:41 PM, on 5/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Intel\Intel Application Accelerator\iaanotif.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeC:\Program Files\Crea... Read more

A:Stubborn Vundo

Welcome to the BleepingComputer HijackThis Logs and Analysis forum lunashock Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. Now go to: C:\Program Files\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

Read other 7 answers
RELEVANCY SCORE 55.2

Hi...

I have a possible vundo infection that refuses to leave even after using Malwarebytes. It detects it at first and claims to remove it (only after reboot); however after the reboot, another scan finds vundo again. I can pull up my hijackthis log if there's anyone kind enough to help. Thank you so much in advance.

A:Stubborn Vundo

Hello AndyAndy, I have moved this from XP to Am I Infected as you are.Please post your MBAM log..Now Run ATF and SAS:From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan w... Read more

Read other 7 answers
RELEVANCY SCORE 54.4

I have managed stupidly to get a trojan.vundo virus on my computer at work. My OS is Windows NT and I have tried vundo fix and something with begone in the title, both while in safe mode, neither got rid of the virus. My computer finds new files and quarantines some and fails with others each day. I need to get this off my computer before I get fired. Can you please help? Below is my HijackThis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:58:59 AM, on 11/29/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\hidserv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\SOUNDMAN.EXEC:\WINNT\system32\VTTimer.exeC:\WINNT\system32\VTtrayp... Read more

A:Stubborn Trojan.vundo

Hello!Nice to see that you atleast have your Java uptodate ;)Now:Please download Combofix to your desktop.Double click on Combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next replyNote: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 17 answers
RELEVANCY SCORE 54.4

I would much appreciate your help. I have tried my best to remove this virus from my laptop, including trying SuperAntispyware, smitfraudfix, vundofix but it seems i'm dealing with a particulary strong variant. I have tried to follow some of the instructions found on this forum and tried all possible combinations but to no avail.A HijackThis log is posted below, I would much appreciate if anyone can help figure out what I'm doing wrong!!ThxsmeckerLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:43:14 PM, on 6/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network... Read more

A:**stubborn Vundo Virus? Need Help, Tried Everything I Can**

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

Read other 12 answers
RELEVANCY SCORE 54.4

Hello, I have been battling a very stubborn vundo trojan variant that seems to pop back up after every attempt that I make to remove it. I've been reading the forum on Bleeping Computer and it seems that your staff has a good track record with removing this type of threat. Any help would be greatly appreciated. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:38 PM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\Curr... Read more

A:stubborn vundo infection

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download random's system information tool (RSIT) and save it to your desktop.Double click on RSIT.exe to run it.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 15 answers
RELEVANCY SCORE 54.4

This machine has a stubborn installation of Vundo.H (and a few other miscellaneous spywares) that continually regenerates, even with System Restore points turned off (please tell me if I should enable System Restore before we begin). There is some good news: I have been able to circumvent its uninstalling of mbam.exe and I do have both MalwareBytes and HijackThis installed. Also, while Trend Micro could not pick the virus up, it has thus far checked most of what it is trying to do (e.g. blocking pop-ups), and there have been no redirects so far. Please help me thwart Vundo once and for all.Here is my HijackThis (made by DDS) system log. I also have a RootRepeal log, tell me if it is needed.DDS (Ver_09-11-24.02) - NTFSx86 Run by mkrieger at 12:25:03.40 on Fri 11/27/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1467 [GMT -5:00]AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_... Read more

A:Stubborn Vundo.H, Cannot Remove

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 2 answers
RELEVANCY SCORE 54.4

Hey, I appear to be having some problems with what I think is Vundo. I usually use Firefox 3 and up untill quite recently it was working fine, when I type an address into the url bar the page loads fine but when I click a link on the page the other page does not load and it just stays on a blank white screen. The odd time a page may load but when it does all the images appear to have been changed by the virus and are advertisments for malware removers, which I think is a common trait of malware, possibly not vundo. Internet Explorer seems to load links alot better although not 100% of the time, but it also is incredibly slowed down and has the images changed to malware advertisments. I have the latest first of Mcafee Security Centre and regularly it comes up with Trojan found, naming it Vundo and telling me it cannot be cleaned. I have used the virus scan with Mcafee and it comes up nothing, I have tried Vundofix.exe which on the first time using found something and removed it but after around 5 minutes the same problem arose, I again scanned with Vundofix.exe which this time found nothing. I then tried VirtumundoBeGone.exe which again showed no results, although mcafee regularly shows the same trojan found naming it Vundo.EDIT: Also sorry I forgot to mention that I am unable to turn Windows Automatic Updates on because when I do it automatically turns it back on, even when I do it through services.msc.Here is my logs from HijackThis, thankyou in advance to anyone that can he... Read more

A:Stubborn Vundo/virtumonde

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

Hi

Not sure how to get rid of this - typical symptoms - re-occurring Pop Ups for WinAntivirus, Loans, Dating etc. Hijacking of Home Page ( to MSN but set to Google). McAfee Internet Security Suite 8.0 installed but can't deal with some e.g. 'C:\ Documents.......... is infected by vundo trojan & cannot be deleted' - other McAfee warnings that vundo infections have been detected and deleted. Also use 'XoftSpy.SE' which is constanly identifying and removing Vundo after internet use. Don't know how it got in - suspect MSN Messenger and Music Downloads!

Have tried 'Vundofix', 'Fixwareout' (log below), and scanning in Safe Mode with Restore Disabled. It refuses to 'go'! Any ideas how to get rid of this?

ixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\... Read more

A:Solved: Stubborn Vundo

Read other 16 answers
RELEVANCY SCORE 54.4

I have been on another forum going through guided help Topic referenced is here: http://www.bleepingcomputer.com/forums/t/196445/vundogeneric-infection/ ~ OB and it seems all standard attempts are not working, so i've been redirected here. we have scanned and scanned using mbam, superspyware, sdfix, etc... i'm getting the pop up saying that symantic is disabled, firewall is disabled... mbam also was never able to update. symantec will not disable either.Here is my dds log:DDS (Ver_09-01-18.01) - NTFSx86 Run by Jason Morrell at 16:21:49.62 on Tue 01/20/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1586 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Ja... Read more

A:Vundo virus - very stubborn

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

The computer I am using suffered from a Vundo infection back in 2005, but with the help of Vundofix and similar programs, it appeared to be gone. A little over a month ago, seemingly out of the blue, I began getting popups. Some Java-based content on the web started taking a very long time to load or stopped being displayed altogether. So I downloaded Malwarebytes? Anti-Malware, which showed that my computer was suffering from another Vundo infection. When I tried to use system restore, I found that all my restore points had been deleted. The trojan also routinely turns off my automatic updates. Malwarebytes? Anti-Malware seems to clean the computer, but hardly a day passes before I start getting the popups again. I tried Vundofix, but that didn?t find anything. I also tried updating Java and IE, but that didn?t seem to have any effect.In the last few days, Firefox has also become affected. I?m not sure if this is related to the Vundo infection, but I cannot use the program at all. Upon trying to open it, sometimes Firefox immediately announces it has encountered a problem and needs to close, without so much as the browser window opening up. If that doesn?t happen, the browser window doesn?t appear, but I can see Firefox running in the processes section of the Task Manager. So now, I?ve gotten a little desperate. I hate having to use IE, where I know I am more vulnerable to further infection. I would greatly appreciate any help.Here is my most recent HijackThis log:DDS (Ver_0... Read more

A:Stubborn Vundo infection

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Read other 11 answers
RELEVANCY SCORE 54

Last weekend I decided to renew and upgrade my Mcafee subscription. After renewing, I updated the DAT files, and ran a full system scan, then she poop hit the fan. All sorts of pop ups, and adds directing me to downlaod and run a spyware cleaner tool. I ran MCafee and it found Vundo, but cant seem to remove it. I've also tried SUPERantispyware,, and they find a "Adware.Vundo Variant /Rel", but cant seem to get rid of it.

Any help you can give would be greatly appreciated.

EDIT: Also to note, because I'm working on the PC from work, I cant connect to the internet, so I'm moving cleaners over to the laptop from my work PC via a usb drive

Here is the DDS.txt log file.
DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 13:10:59.00 on Fri 01/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.593 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Des... Read more

A:Vundo Variant

Hello Nevermore507 and welcome to Bleeping Computer,1. Download LSPFix and extract it to your desktop.Don't use it yet.A tutorial on the use of thsi tool can be found here : http://www.bleepingcomputer.com/tutorials/using-lsp-fix-to-remove-spyware/2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!3. Run LSPFix.Close all windows on your computer.Double click on Lspfix to run it. Put a checkmark in the 'I know what I'm doing' checkbox.Now move any instances of "ntdll64.dll" into the remove box using the >> button. Press the Finish button.Greetings,Thunder

Read other 10 answers
RELEVANCY SCORE 54

I've scanned for two days now with everything I can think of, but I'm still getting browser hijacked. Super AntiSpyware finds a Vundo Variant, but won't remove it. Yes, I've run Vundofix.Anyway, for you amazing fighters of malware, here's the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:39:15 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exec:\program files\lenovo\system update\suservice.exeC:\WINDOWS\System32\T... Read more

A:Vundo Variant?

Hi Robynsleo

Yes indeed looks like Vundo.

Rename HijackThis.exe to Robynsleo.exe and post back a fresh HijackThis log, please

Read other 10 answers
RELEVANCY SCORE 54

Computer running extremely slow. Sometimes hangs during logon. Constant popups. Uploaded tulcysrh.dll to virustotal, flagged as Vundo and/or rootkit. Vundofix is unable to detect. DSS extra.txt attached. DSS main.txt log:Deckard's System Scanner v20071014.68Run by Becky on 2008-05-15 11:46:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --73: 2008-05-15 15:46:26 UTC - RP85 - Deckard's System Scanner Restore Point72: 2008-05-15 15:09:35 UTC - RP84 - Last known good configuration71: 2008-05-15 15:09:29 UTC - RP83 - Restore Operation70: 2008-05-15 15:09:29 UTC - RP82 - Last known good configuration69: 2008-05-15 15:09:28 UTC - RP81 - ComboFix created restore point-- First Restore Point -- 1: 2008-05-15 15:09:20 UTC - RP13 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Becky.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:49:18 AM, on 5/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WI... Read more

A:Vundo Variant?

Malware has also disabled microsoft/windows updates, please help.

Read other 3 answers
RELEVANCY SCORE 54

Background: This is a Dell Dimension desktop computer with XP Home and Service Pack 3. The owner of the computer is visually impaired and uses JAWS screen reading software and perhaps other accessibility software. The computer has a new version of McAfee Internet Security Suite, upgraded from a previous McAfee version about a week ago.

We started noticing constant pop-ups and inability to complete purchases online about two days ago. McAfee virus scan did not find anything wrong. I tried to go to majorgeeks.com to obtain malware scans, but the majorgeeks page would not fully load. At CNET.com, Malwarebytes Anti-Malware appeared to download but then showed an error saying that the file could not be found.

I was able to download Superantispyware, which found about 20 to 30 files labeled Vundo Variant and Vundo Variant-T, in addition to numerous tracking cookies.

Upon reboot after cleaning, we got an error message saying that the zesupoma.dll file was missing.

After cleaning with Superantispyware, I was able to download Malwarebytes successfully from the CNET website. Malwarebytes also found a few infected files, but I can't remember if they were labeled Vundo or not; we cleaned the system too quickly.

We rescanned everything. A new Malwarebytes scan was clean, but Superantispyware still reported about 6 Vundo Variant files.

I tried to reboot into safe mode to scan again, but got a blue screen saying the computer had shut down to protect the system. Another try ... Read more

A:Please help with Vundo Variant

Update: I still get the blue screen when I try to boot into safe mode. Both the Superantispyware and Malwarebytes scans are completely clean now.

Thanks very much for looking at the HJT log for remaining problems. I would also appreciate any advice to prevent re-infection.

Thank you!
 

Read other 1 answers
RELEVANCY SCORE 54

What happened originally about a month ago, I picked up the WinAntiVirus 2006 (which is actually a virus itself). Not sure where it came from, but I followed some instructions I found at the lavasoft support forums, and got rid of it, or so I thought. That involved running SuperAntiSpyware and Smitfraudfix. That seemed to stop the pop-ups and WinAntiVirus. The other day, Avast! turned this up for me:--------------6/18/2007 6:11:46 PM 1182204706 Stu 1772 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\FPTKVDHG.DLL" file.6/20/2007 9:07:47 PM 1182388067 Stu 3068 Sign of "Win32:VB-TGS [Trj]" has been found in "C:\System Volume Information\_restore{CC29C7CA-B154-4ADA-AD0F-A0385D8DB0E5}\RP602\A0090457.exe" file.6/20/2007 9:09:41 PM 1182388181 Stu 3068 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{CC29C7CA-B154-4ADA-AD0F-A0385D8DB0E5}\RP602\A0090465.exe" file.6/20/2007 9:11:54 PM 1182388314 Stu 3068 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{CC29C7CA-B154-4ADA-AD0F-A0385D8DB0E5}\RP603\A0090577.dll" file.6/20/2007 9:12:18 PM 1182388338 Stu 3068 Sign of "Win32:Agent-HJG [Trj]" has been found in "C:\System Volume Information\_restore{CC29C7CA-B154-4ADA-AD0F-A0385D8DB0E5}\RP603&#... Read more

A:Vundo Variant

Hello SDB8,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 10 answers
RELEVANCY SCORE 54

Hey all, i got this issue with A dell Inspiron 6400.

i will randomly freeze on some bootups, iTunes installs but errors on startup and shuts down, then asks me to send an error report. i have used superantispyware numerous times and each time it seems to find more Vundo crap. i have formatted this drive already and it still seems to find its way in.

anyone have a regimen for this lil critter?

A:Vundo Variant?

Any Ideas anyone?

Read other 2 answers
RELEVANCY SCORE 54

Have run FixVundo and VundoFix. VundoFix acts as if it deletes it, but vturp.dll still shows up. Vundofix has also caused me to not start msconfig from the "Run" box. I have to manually go to msconfig and start from icon. I have done everything in the "preperation guide"Adaware found virtumonde, removed it, and did not see it again after reboot.Spybot sees virtumonde, removes it, and it finds it again after every reboot.Housecall found items, and removed themHere is my HiJackThis Log - any help greatly appreciatedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:15:23 AM, on 1/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Progr... Read more

A:Believe I Have Variant Of Vundo

Now I have lost the ability to run msconfig from the run menu, have spent $25 on spy sweeper, and have lost all of my desktop icons. Any help would be greatly appreciated.

Read other 42 answers
RELEVANCY SCORE 54

Greetings all,I seem to have some variant of the vundo bug, or maybe something else entirely. I've got a HJT log as well as a combofix log. I've run CCleaner, Spybot a half dozen times, as well as Combofix. I think I'm still quite infected.Here's the HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:51:10 PM, on 4/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Jay Adler\Desktop\support.exeC:\DOCUME~1\JAYADL~1\LOCALS~1\Temp\7zS2.tmp\winvnc.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\Jay Adler\Desktop\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/f... Read more

A:Vundo Variant?

Hello Zoddie and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 2 answers
RELEVANCY SCORE 54

Hi I have some sort of malware. I run malwarebytes & superantispyware and it finds the virus but can't remove it. Any help would be greatly appreciated.

A:Vundo Variant

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V c... Read more

Read other 2 answers
RELEVANCY SCORE 54

Im sure everyone has seen this one. here is my hijack this log, my superantispyware detected it. i think i got rid of the bulk of it. my google is searching now. i turned the sys restore off and it cleared but when i turned it back on it found it again. any help would be really great.

hjt...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:07 PM, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:/... Read more

Read other answers
RELEVANCY SCORE 54

I've been infected with Vundo again and this time it is completely different than before.Here is my HijackthisLog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:07:15 AM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\lxctcoms.exec:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exeC:\oracle\product\10.2.0\db_1\jdk\bin\java.exec:\Pro... Read more

A:Vundo Variant and more

Hello.Not only do you have a Vunods but also a file infector.Unfortunately you have the file infector Virut infection. The only way to proceed is to Format the whole computer and start over.Virut File Infector WarningYour system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state. Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can p... Read more

Read other 5 answers
RELEVANCY SCORE 54

O.K so while I am waiting for help here is what I have done:
1) Installed and ran Ewido
2)Installed and ran SuperAnti Spyware
3) Installed and ran NOD32
4) Installed and ran SDFix
5) Installed and ran ComboFix
6) Installed and ran ATF Cleaner
7) New HJTHIS scan and log.

Hope this helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:16 PM, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:... Read more

A:Vundo Variant

Read other 6 answers
RELEVANCY SCORE 54

need help removing it =xheres the logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:01:47 AM, on 3/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre1.5.0_10\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Common Files\AOL\Loader\aolload.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Bat\X_Bat.exeC:\Program Files\A... Read more

A:Vundo Variant

Hello Paul31, Before we start, you need to realize that you are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer. I recommend you download the free Avast or AntiVir orAVG antivirus Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously! Post what the antivirus program finds, as well as a fresh Hijackthis log.

Read other 3 answers
RELEVANCY SCORE 54

I delete offending files, registry keys and values and searched through the registry for the names of infectious dll and exe processes reciding in my c:windows\system32 folder. I have used automatic removal antispyware programs such as malwarebyts and superantispyware. Tried VundoFix too. To no avail, the virus keeps regenerting itself. I believe it's changed names again.

Bad files included the following:
KLSFLX
AFISICX
MABIDWE
TPSZXYP
ZUWONOWO
EC43E3FD... [registry]
FOTUWUTU
jasisaji
hozahisiro
wamofuma
sopidkc
I also have a comsa32.sys file that I delete and delete but keeps coming back

MABIDWE.exe was in a new folder called c:\avenger before the folder was deleted.

This thing downloads tons of cookies and will make my computer play short blurbs of hip hop.

I could not delete some MABIDWE registry values. It wouldn't let me.

My dds scan is below. I would greatly appreciate any help.

I also attached one of my malwarebyte scans.

Thanks.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Dee Dee at 21:23:13.59 on Wed 03/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1521 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32&#... Read more

A:Vundo Variant

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.] Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that yo... Read more

Read other 6 answers
RELEVANCY SCORE 54

Hi there,I'm a newbie around here and hopefully someone will help me with this problem.My McAfee has quarantined a Trojan virus yesterday, but few minutes ago I scanned the SuperAntiSpyware Professional and the result it's that I still have this 3 of this virus called Vundo Variant/Rel, and scanning the Spybot - Search & Destroy, it appears names like Virtumonde, Rogue.Antivirus Pro 2008. The only bad thing that I notice so far, it seems be causing unwanted popups, with advertisings, sometimes my desktop just get frozen, sometimes the icons disappear... I've tried to remove it thousand times, but it keeps appearing. Here's the logs:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 07/08/2008 at 07:12 PMApplication Version : 4.15.1000Core Rules Database Version : 3499Trace Rules Database Version: 1490Scan type : Quick ScanTotal Scan Time : 00:30:46Memory items scanned : 651Memory threats detected : 0Registry items scanned : 398Registry threats detected : 4File items scanned : 15585File threats detected : 2Adware.Tracking Cookie C:\Users\Aninha\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txtAdware.Vundo Variant/Rel HKU\S-1-5-21-2436521394-2054999305-2939065773-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Aninha\AppData\Local\Temp\iifgFUkJ.dll,#1 ] HKU\S-1-5-21-2436521394-20549... Read more

A:Vundo Variant/rel

Hello! Welcome to Bleepingcomputer!You are infected!"Antivirus XP 2008 is a new rogue anti-spyware program that is advertised through Trojans and other malware. It is advertised in the form of fake security alerts and warnings on web sites that state you are infected with malware or are being attacked in some manner. When you click on these ads, it will automatically download the installer for Antivirus XP 2008 and install it on your machine. In some cases, this program is installed without any intervention at all from you."Removal Instructions here: http://www.bleepingcomputer.com/malware-re...tivirus-xp-2008==========Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will ... Read more

Read other 18 answers
RELEVANCY SCORE 54

I'm not entirly sure which version i have, and so far doesn't actually seem to be doing anything other then slowing my computer down a bit and causing my browser to flicker up with urls before actually sending me where i want to go, no redirects though.

I ran avast last night and it found nothing, spy bot returned something and i forgot to note it down, i removed it but am still seeing symptoms, and vundo fix found nothing.
I had utorrent installed to download a set of hubble images which i'm sure had the virus in it, utorrent has since been uninstalled, next time i'll just put the load on the servers instead of using p2p sad face.

Here is a copy of dds and i have attached the gmer logs also

DS (Ver_10-11-10.01) - NTFSx86
Run by Administrator at 9:41:10.15 on 25/11/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1362 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j... Read more

A:vundo variant.

3 day bump.

Read other 2 answers
RELEVANCY SCORE 54

I've run SuperAntiSpyware and some other things and it helped my situation a lot. However, my main problem is that now when Windows starts up, I get two run dll errors telling me that those modules can't be found. One is for bkshgkxx.dll and the other is wvuvv.dll. Both of these files have been quarantined by SuperAntiSpyware. Because of this I'm assuming I still have some issues with my registry. Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:29:46 AM, on 2/2/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Windows\System32\hkcmd.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\sttray.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Camera Assistant Software for Gateway\traybar.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Spare Backup\SpareBackup.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Camera Assistant Software for Gateway\... Read more

A:Need Help Getting Rid Of Vundo Variant

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 1 answers
RELEVANCY SCORE 54

This thing always open random pop-ups while surfing the net. Even though I quarantine it with superantispyware then reboot it, it appears again and again. Here's the HijackThis data:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:05:00 PM, on 10/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trend Micro\BM\TMBMSRV.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\Program Files\Trend Micro\Internet Security\TmProxy.exeC:\Program Files\Lo... Read more

A:Vundo Variant

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Regards

Read other 3 answers