We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help!!! Pleeeeaaaaaaseeeee!!!! Trojan Virus - Very Destructive!!!
Options
hibsdibs
Posts: 4 Newbie
in Techie Stuff
Hi guys,
I've somehow managed to download a seriously bad Trojan onto my Vista Home pretty much brand new laptop.
I got a notice up saying something about Trojan:Win32/Vundo.gen!P
I tried to run AVG but i dont think it really fixed anything and then I tried to restore my system to a previous point but it said that it wasn't possible to do.
Since then, Internet Explorer which I don't even use (I use Mozilla Firefox) keeps opening about 45-50 windows in seconds!!
Also, most of the usual websites I try to use are not working... such as facebook and my google homepage loads but if I try and search something, the results page never shows up. Certain websites work, but most others don't! :mad:
PLEASE can somebody help me and give me some simple instructions to follow? I don't really want to re-format though. :eek:
Thank you!
I've somehow managed to download a seriously bad Trojan onto my Vista Home pretty much brand new laptop.
I got a notice up saying something about Trojan:Win32/Vundo.gen!P
I tried to run AVG but i dont think it really fixed anything and then I tried to restore my system to a previous point but it said that it wasn't possible to do.
Since then, Internet Explorer which I don't even use (I use Mozilla Firefox) keeps opening about 45-50 windows in seconds!!
Also, most of the usual websites I try to use are not working... such as facebook and my google homepage loads but if I try and search something, the results page never shows up. Certain websites work, but most others don't! :mad:
PLEASE can somebody help me and give me some simple instructions to follow? I don't really want to re-format though. :eek:
Thank you!
0
Comments
-
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2- Make sure you are connected to the Internet.
- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
- If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Quick Acan" option is selected.
- Then click on the Scan button.
- The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
Ex forum ambassador
Long term forum member0 -
AVG fails again........0
-
Interested to know quite what was on there at the time.0
-
you cannot allow for the "click yes to the download pop-up" on any antivirus
Ex forum ambassador
Long term forum member0 -
some people will click on YES regardless of how many warnings flash up....Ex forum ambassador
Long term forum member0 -
Funny, was just talking to the girlfriend about this a couple of days ago, whilst I was removing Trojan Zlob from her laptop remotely.
0 -
Thank you SOOOOOO much Browntoa!!!
I followed all of your instructions and it seems to be all better now!
Here's what was written in the log report that came up:
Malwarebytes' Anti-Malware 1.25
Database version: 1081
Windows 6.0.6001 Service Pack 1
17:46:07 24/08/2008
mbam-log-08-24-2008 (17-46-07).txt
Scan type: Quick Scan
Objects scanned: 48044
Time elapsed: 11 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Users\Hiba\AppData\Local\Temp\ddCSmjiI.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1002d9ac (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1331ea30 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Hiba\AppData\Local\Temp\ddCSmjiI.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Hiba\AppData\Local\Temp\ssqoPijh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hiba\AppData\Local\Temp\wvuVnoPi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hiba\AppData\Local\Temp\llbumpyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hiba\AppData\Local\Temp\caauxbqt.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Hiba\AppData\Local\Temp\nyjbwowa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Hiba\AppData\Local\Temp\08.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Thank you again!!!! You are AMAZING!!0 -
just to confirm that you did the reboot at the end to remove the extra ones ??
download and run this
www.ccleaner.com
and install it , unticking the box to install Yahoo Toolbar , and then run it to remove all your junk Temp filesEx forum ambassador
Long term forum member0 -
Ex forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards