📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Trojan.Vundo

Options
1246

Comments

  • NotreDame
    NotreDame Posts: 167 Forumite
    Ok. Restarted after deleting. Still showing 21 problems, one of which is this Trojan.vundo! Help...copy of log here

    Malwarebytes Anti-Malware 1.70.0.1100
    https://www.malwarebytes.org

    Database version: v2012.12.14.11

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Judy :: HOME-PC [limited]

    03/03/2013 20:54:28
    MBAM-log-2013-03-03 (21-03-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 262292
    Time elapsed: 9 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 12
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 7
    C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.

    Files Detected: 2
    C:\Program Files\u4res.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> No action taken.

    (end)
  • NotreDame
    NotreDame Posts: 167 Forumite
    Shall I delete the items again, and start updating the programmes you mentioned?
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    NotreDame wrote: »
    Ok. Restarted after deleting. Still showing 21 problems, one of which is this Trojan.vundo! Help...copy of log here

    The Trojan.Vundo is actually MyWebSearch too.

    http://www.threatexpert.com/report.aspx?md5=96ddc950142272d13c450e0e4c9449a2

    Search the CLSID (CTRL + F) on that page -
    56256A51-B582-467e-B8D4-7786EDA79AE0

    Regarding MBAM - When you check the boxes are you clicking the button labeled "Remove Selected"?
  • NotreDame
    NotreDame Posts: 167 Forumite
    Yes - tick all the boxes, then click on remove selected, and it removes them 1 by 1, then says need to do system restart for them to be removed?
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    That's correct. Try it one more time.
  • NotreDame
    NotreDame Posts: 167 Forumite
    Can I delete the "my web search"? It's not on programmes?
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    I've just noticed you're running mbam from a limited account. You need to run mbam from one with admin rights.
    Judy :: HOME-PC [limited]
  • NotreDame
    NotreDame Posts: 167 Forumite
    Sorry - crossed posts - will do again now
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    You can right click and choose "Run as administrator" in that account.
  • NotreDame
    NotreDame Posts: 167 Forumite
    Restarted and opened as a different user (admin) & scan is taking a lot longer - sorry.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture