We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Trojan Virus
Comments
-
in this occasion I would recommend this single combofix scan
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and then post that log for me....better at Vundo infections an should deal with the infections in one hit
Hello Everytime I try to download bleeping computer, a box comes up saying
"Error , You cannot rename Combofix as Combofix{1}.
Please use another name , preferably made up of alphanumeric characters.
Then it shuts the page down.
I have tried uninstalling spybot, and it gets rid of some of it, then says the others bits have to be manually deleted. Not sure what that means though.
HELP PLEASE :eek:0 -
Ex forum ambassador
Long term forum member0 -
It still comes up with the same error Browntoa.
I really don't know what to do now. If I follow the other links, I'm scared of losing data/photos etc as I don't know how to back up my pc.
I wish someone could pop over, but it's knowing who to trust and it costs a fortune to get someone out.
:eek:0 -
try this
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes...-10804572.html
UPDATE and quick SCAN
Post the log here AFTER you hav ve deleted everything it findsEx forum ambassador
Long term forum member0 -
try this
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes...-10804572.html
UPDATE and quick SCAN
Post the log here AFTER you hav ve deleted everything it finds
Just doing that now, it's found 17 infections after only 4 mins :eek:0 -
Malwarebytes' Anti-Malware 1.33
Database version: 1728
Windows 5.1.2600 Service Pack 2
04/02/2009 21:00:31
mbam-log-2009-02-04 (21-00-31).txt
Scan type: Quick Scan
Objects scanned: 53721
Time elapsed: 4 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 19
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!!6038c289-98f4-45a9-8d73-11a2edbd00d3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!6038c289-98f4-45a9-8d73-11a2edbd00d3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c8b59c-4180-4ecb-9350-0213f8ff4c60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3c8b59c-4180-4ecb-9350-0213f8ff4c60} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VRSVC (Rogue.VirusRescue) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\DAVE\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\gjdovb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\laviyigo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogiyival.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pasaruwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jajulaze.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wazuloro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dewukobe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hukibopa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kimuremo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kodatewe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lakutufo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vemusise.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller\Registry Backups\2007-06-10_23-23-02.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller\Registry Backups\2007-06-10_23-27-20.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Application Data\ErrorKiller\Registry Backups\2007-06-10_23-27-43.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karozeza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAVE\Desktop\ErrorKiller.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.0 -
now try the combofix link and see if that worksEx forum ambassador
Long term forum member0 -
don't forget you need to "save" to desktop , not "run" when the download starts
if it saves then double click on the icon on your desktop to run itEx forum ambassador
Long term forum member0 -
It seems to have got rid of the Trojans with just the Malwarebytes.
I did click run when the download started, but it still let me save it to the desktop as an icon.
Thanks, I will see what happens tomorrow when I go on that pc again.
I'm on my laptop now.0 -
ok, will be around the same time tomorrow night
hopefully its gone
Ex forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards