We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Trojan.Vundo

Options
1356

Comments

  • NotreDame
    NotreDame Posts: 167 Forumite
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 17/04/2008 08:24:40
    System Uptime: 03/03/2013 19:00:01 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0CU409
    Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 64 GiB total, 1.113 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.559 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1767: 02/03/2013 17:53:14 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Digital Editions 2.0
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.5)
    Amazon MP3 Downloader 1.0.4
    AOL Mail and AIM Gadget
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    BT Broadband Desktop Help
    BTHomeHub
    Camera Support Core Library
    Camera Window DS
    Camera Window DVC
    Camera Window MC
    Canon Camera Support Core Library
    Canon Camera Window DS for ZoomBrowser EX
    Canon Camera Window DVC for ZoomBrowser EX
    Canon Camera Window for ZoomBrowser EX
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon Internet Library for ZoomBrowser EX
    Canon MP Navigator EX 5.1
    Canon MX370 series MP Drivers
    Canon MX370 series On-screen Manual
    Canon MX370 series User Registration
    Canon My Printer
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Solution Menu EX
    Canon ZoomBrowser EX
    CCleaner
    Compatibility Pack for the 2007 Office system
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist Corporate
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) PRO Network Connections 12.1.11.0
    Internet Library
  • NotreDame
    NotreDame Posts: 167 Forumite
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Kobo
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mi Digi World PC Link
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.4.1
    PC Connectivity Solution
    QuickTime
    RAW Image Task 1.2
    Realtek High Definition Audio Driver
    RemoteCapture Task 1.1
    Revo Uninstaller Pro 2.5.1
    RTC Client API v1.2
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile Modem Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    SAMSUNG USB Mobile Device Software
    SamsungConnectivityCableDriver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Sonic Activation Module
    Spotify
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Live OneCare safety scanner
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/02/2013 09:16:21, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    25/02/2013 13:16:34, Error: Microsoft-Windows-PrintSpooler [6161] - The document Disclaimer21.pdf, owned by Judy, failed to print on printer Canon MX370 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 1566612. Number of bytes printed: 1566524. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 1. Incorrect function.
    03/03/2013 19:02:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AOL Connectivity Service service to connect.
    03/03/2013 19:02:01, Error: Service Control Manager [7000] - The LexBce Server service failed to start due to the following error: The system cannot find the file specified.
    03/03/2013 19:02:01, Error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/03/2013 11:06:18, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001D099534AC has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    02/03/2013 16:39:52, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    02/03/2013 16:39:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    02/03/2013 16:39:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    .
    ==== End Of File ===========================
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Thanks. Whilst I go through that...

    Download aswMBR and save it to your Desktop.

    http://public.avast.com/~gmerek/aswMBR.exe
    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click the Scan button.
    • Wait till the scan reports "Scan finished successfully"
    • Click Save log & save the log to your desktop.
    • Click OK
    • Two files will be created, aswMBR.txt & a file named MBR.dat
    • Click EXIT.
    • Copy & Paste the contents of aswMBR.txt into your next reply.
    Don't click to fix anything, just post the log
  • NotreDame
    NotreDame Posts: 167 Forumite
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-03 20:20:01
    20:20:01.774 OS Version: Windows 6.0.6002 Service Pack 2
    20:20:01.774 Number of processors: 2 586 0xF0D
    20:20:01.775 ComputerName: HOME-PC UserName: Admin1
    20:20:03.137 Initialize success
    20:20:07.514 AVAST engine defs: 13030300
    20:21:06.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:21:06.989 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 76293MB BusType: 3
    20:21:07.038 Disk 0 MBR read successfully
    20:21:07.042 Disk 0 MBR scan
    20:21:07.048 Disk 0 Windows VISTA default MBR code
    20:21:07.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    20:21:07.129 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
    20:21:07.155 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 66004 MB offset 21069824
    20:21:07.188 Disk 0 scanning sectors +156246016
    20:21:07.266 Disk 0 scanning C:\Windows\system32\drivers
    20:21:25.345 Service scanning
    20:21:53.134 Modules scanning
    20:22:01.768 Disk 0 trace - called modules:
    20:22:01.798 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
    20:22:01.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86436ac8]
    20:22:01.815 3 CLASSPNP.SYS[88da98b3] -> nt!IofCallDriver -> [0x8525a1c8]
    20:22:01.825 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c48b98]
    20:22:02.417 AVAST engine scan C:\Windows
    20:22:04.786 AVAST engine scan C:\Windows\system32
    20:25:01.932 AVAST engine scan C:\Windows\system32\drivers
    20:25:16.846 AVAST engine scan C:\Users\Admin1
    20:26:31.444 AVAST engine scan C:\ProgramData
    20:30:32.028 Scan finished successfully
    20:31:03.333 Disk 0 MBR has been saved successfully to "C:\Users\Admin1\Desktop\MBR.dat"
    20:31:03.345 The log file has been saved successfully to "C:\Users\Admin1\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-03 20:20:01
    20:20:01.774 OS Version: Windows 6.0.6002 Service Pack 2
    20:20:01.774 Number of processors: 2 586 0xF0D
    20:20:01.775 ComputerName: HOME-PC UserName: Admin1
    20:20:03.137 Initialize success
    20:20:07.514 AVAST engine defs: 13030300
    20:21:06.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:21:06.989 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 76293MB BusType: 3
    20:21:07.038 Disk 0 MBR read successfully
    20:21:07.042 Disk 0 MBR scan
    20:21:07.048 Disk 0 Windows VISTA default MBR code
    20:21:07.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    20:21:07.129 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
    20:21:07.155 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 66004 MB offset 21069824
    20:21:07.188 Disk 0 scanning sectors +156246016
    20:21:07.266 Disk 0 scanning C:\Windows\system32\drivers
    20:21:25.345 Service scanning
    20:21:53.134 Modules scanning
    20:22:01.768 Disk 0 trace - called modules:
    20:22:01.798 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
    20:22:01.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86436ac8]
    20:22:01.815 3 CLASSPNP.SYS[88da98b3] -> nt!IofCallDriver -> [0x8525a1c8]
    20:22:01.825 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c48b98]
    20:22:02.417 AVAST engine scan C:\Windows
    20:22:04.786 AVAST engine scan C:\Windows\system32
    20:25:01.932 AVAST engine scan C:\Windows\system32\drivers
    20:25:16.846 AVAST engine scan C:\Users\Admin1
    20:26:31.444 AVAST engine scan C:\ProgramData
    20:30:32.028 Scan finished successfully
    20:31:03.333 Disk 0 MBR has been saved successfully to "C:\Users\Admin1\Desktop\MBR.dat"
    20:31:03.345 The log file has been saved successfully to "C:\Users\Admin1\Desktop\aswMBR.txt"
    20:36:12.202 Disk 0 MBR has been saved successfully to "C:\Users\Admin1\Desktop\MBR.dat"
    20:36:12.209 The log file has been saved successfully to "C:\Users\Admin1\Desktop\aswMBR.txt"
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    That all looks ok.

    Change your password on your email account.

    Have you removed those mbam entries successfully yet?
  • NotreDame
    NotreDame Posts: 167 Forumite
    Just changed my email password. Running malwarebytes again and the infections are still showing. Will tick to delete them again, confirm system restart, run it again and report back.

    Thank you for all your help - I'm sure you have better things to do on a Sunday evening!
  • NotreDame
    NotreDame Posts: 167 Forumite
    This is result of scan again. have ticked all boxes and now restarting:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-03 20:20:01
    20:20:01.774 OS Version: Windows 6.0.6002 Service Pack 2
    20:20:01.774 Number of processors: 2 586 0xF0D
    20:20:01.775 ComputerName: HOME-PC UserName: Admin1
    20:20:03.137 Initialize success
    20:20:07.514 AVAST engine defs: 13030300
    20:21:06.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:21:06.989 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 76293MB BusType: 3
    20:21:07.038 Disk 0 MBR read successfully
    20:21:07.042 Disk 0 MBR scan
    20:21:07.048 Disk 0 Windows VISTA default MBR code
    20:21:07.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    20:21:07.129 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
    20:21:07.155 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 66004 MB offset 21069824
    20:21:07.188 Disk 0 scanning sectors +156246016
    20:21:07.266 Disk 0 scanning C:\Windows\system32\drivers
    20:21:25.345 Service scanning
    20:21:53.134 Modules scanning
    20:22:01.768 Disk 0 trace - called modules:
    20:22:01.798 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
    20:22:01.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86436ac8]
    20:22:01.815 3 CLASSPNP.SYS[88da98b3] -> nt!IofCallDriver -> [0x8525a1c8]
    20:22:01.825 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c48b98]
    20:22:02.417 AVAST engine scan C:\Windows
    20:22:04.786 AVAST engine scan C:\Windows\system32
    20:25:01.932 AVAST engine scan C:\Windows\system32\drivers
    20:25:16.846 AVAST engine scan C:\Users\Admin1
    20:26:31.444 AVAST engine scan C:\ProgramData
    20:30:32.028 Scan finished successfully
    20:31:03.333 Disk 0 MBR has been saved successfully to "C:\Users\Admin1\Desktop\MBR.dat"
    20:31:03.345 The log file has been saved successfully to "C:\Users\Admin1\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-03 20:20:01
    20:20:01.774 OS Version: Windows 6.0.6002 Service Pack 2
    20:20:01.774 Number of processors: 2 586 0xF0D
    20:20:01.775 ComputerName: HOME-PC UserName: Admin1
    20:20:03.137 Initialize success
    20:20:07.514 AVAST engine defs: 13030300
    20:21:06.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:21:06.989 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 76293MB BusType: 3
    20:21:07.038 Disk 0 MBR read successfully
    20:21:07.042 Disk 0 MBR scan
    20:21:07.048 Disk 0 Windows VISTA default MBR code
    20:21:07.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    20:21:07.129 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
    20:21:07.155 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 66004 MB offset 21069824
    20:21:07.188 Disk 0 scanning sectors +156246016
    20:21:07.266 Disk 0 scanning C:\Windows\system32\drivers
    20:21:25.345 Service scanning
    20:21:53.134 Modules scanning
    20:22:01.768 Disk 0 trace - called modules:
    20:22:01.798 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
    20:22:01.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86436ac8]
    20:22:01.815 3 CLASSPNP.SYS[88da98b3] -> nt!IofCallDriver -> [0x8525a1c8]
    20:22:01.825 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c48b98]
    20:22:02.417 AVAST engine scan C:\Windows
    20:22:04.786 AVAST engine scan C:\Windows\system32
    20:25:01.932 AVAST engine scan C:\Windows\system32\drivers
    20:25:16.846 AVAST engine scan C:\Users\Admin1
    20:26:31.444 AVAST engine scan C:\ProgramData
    20:30:32.028 Scan finished successfully
    20:31:03.333 Disk 0 MBR has been saved successfully to "C:\Users\Admin1\Desktop\MBR.dat"
    20:31:03.345 The log file has been saved successfully to "C:\Users\Admin1\Desktop\aswMBR.txt"
    20:36:12.202 Disk 0 MBR has been saved successfully to "C:\Users\Admin1\Desktop\MBR.dat"
    20:36:12.209 The log file has been saved successfully to "C:\Users\Admin1\Desktop\aswMBR.txt"
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    NotreDame wrote: »
    Thank you for all your help - I'm sure you have better things to do on a Sunday evening!

    I've been out for a nice long walk alongside the local canal for a spot of Sunday Lunch this afternoon, so I'm just relaxing with the PC now. ;)

    When you've removed the mbam entries - which aren't particularly malicious by the way - PUP's are Potentially Unwanted Programs. Dell used to bundle MyWebSearch with new PC's.

    Update these:

    Adobe Reader X (10.1.5)
    http://get.adobe.com/reader/
    (Uncheck Mcafee Security Scan)


    Java(TM) 6 Update 31
    http://www.java.com/getjava/
    (Uncheck Ask Toolbar if offered)
    http://www.java.com/en/download/help/disable_browser.xml

    Check Adobe flash Player, ensure you have version 11.6.602.171
    http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html

    http://get.adobe.com/flashplayer/
    (Uncheck Mcafee Security Scan)

    http://www.securelist.com/en/analysis/204792255/Kaspersky_Security_Bulletin_2012_The_overall_statistics_for_2012#4
    Vulnerable applications targeted by malicious users
  • NotreDame
    NotreDame Posts: 167 Forumite
    Running malwarebytes again now after removing the 21 threats and restarting. It is bringing up same threats again!
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Post the current log again
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.3K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture