Home > I Think > I Think I Have Trojan.vundo.h And It Wont Go Away

I Think I Have Trojan.vundo.h And It Wont Go Away

Windows is insecure and will remain so. If an update is found, the program will automatically update itself. Since most viruses don't infect pure "data" files, it's always best to completely separate your data files from your C: drive, so that your backup is less likely to have infected Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Source

Registry Keys Infected: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{f55da0ea-1432-4c11-a6d3-90037ded077c} (Trojan.Vundo.H) -> No action taken. Share this post Link to post Share on other sites This topic is now closed to further replies. C:\WINDOWS\SYSTEM32\fccaXQKD.dll (Trojan.Vundo) -> Delete on reboot. Please download GooredFix and save it to your Desktop.Select "2.

Share this post Link to post Share on other sites jnsddrfreak    New Member Topic Starter Members 13 posts ID: 17   Posted May 5, 2009 Thank you for all of C:\WINDOWS\SYSTEM32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = StandardQuick Scan ========== Processes (SafeList) ========== PRC - [2009/11/09 18:52:23 | 00,528,896 | tool.

Thanks Reply NomDeGuerre September 18, 2009 at 10:19 am If you want to throw around made-up statistics, try this: 60% of PCs have hardware that is unsupported by linux. 75% of HKEY_CLASSES_ROOT\CLSID\{f3e6b783-0a1b-48fa-ae1a-6d7e053b855d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Read more.

C:\WINDOWS\SYSTEM32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab. Navigate to, and delete the infected file. https://forums.malwarebytes.com/topic/16691-trojan-vundo-possible-rootkit-wont-delete-on-reboot-please-help/?do=findComment&comment=86074 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Malwarebytes still finds the offending registry keys, then schedules them for deletion upon reboot. Comments and Suggestions On this area you can find Visitor's personal suggestions. And part b of the first question, how do I password protect my router?SECOND QUESTION: When we do reformat (and yes, i'm going to pay someone to come and do it Spyware Protect 2009 stabilityinternetscan.com Subcategory » Rogue » Trojan » Virus » Worm Recent Comments This is the old version of the site.

Please permit the program to allow the changes. Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,338 posts Location: Belgium ID: 4   Posted April 22, 2009 Hi,Can you run MalwareBytes from Make sure all instances of Firefox are closed at this point. Done.->Emptying folder...

Try every option for legitimate, safe, free (or cheap) removal of the virus. 2. this contact form Share this post Link to post Share on other sites jnsddrfreak    New Member Topic Starter Members 13 posts ID: 6   Posted April 23, 2009 Well now malwarebytes refuses to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cnicxcyt (Rootkit.Agent) -> Quarantined and deleted successfully. Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo!

Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). I've actually done that a few times now, because I kept getting various errors....including .... http://tagnabit.net/i-think/i-think-i-have-trojan-vundo.php Done.->Deleting folder...

As a downloader, this threat was designed to contact distant computer to download other malware. After reboot, both are empty. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cnicxcyt (Rootkit.Agent) -> Quarantined and deleted successfully.

Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password?

I have personal and confidential business information on the computer and need to guarantee it's safety.I have 2 main questions:FIRST: you mentioned about the router "If using a router, you need You can download and rename this program from a different computer before running it on infected system. C:\WINDOWS\System32\tdqbfd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\kSYcffii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Here are some tips that may help you: Check what processes are currently running. After reading your post, I used Malwarebytes to ID the .dll's, then removed the hard drive and connected it up as an external device. C:\Documents and Settings\Faith Boyle\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully. http://tagnabit.net/i-think/i-think-i-have-a-trojan-virus-vundo.php Done.=====Dumping Registry Values=====[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]"Plugins"="C:\Program Files\Mozilla Firefox\plugins"[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]"Components"="C:\Program Files\Mozilla Firefox\components"[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,338 posts Location:

IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe It also disables any running processes which it thinks are relevant to security tools. C:\WINDOWS\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

The power of accurate observation is commonly called cynicism by those who haven't got it.--George Bernard Shaw Back to top #3 Miche2Cor517 Miche2Cor517 Topic Starter Members 12 posts OFFLINE Gender:Female C:\WINDOWS\System32\c:\windows\system32\iiffcysk.dll (Trojan.Vundo.H) -> Delete on reboot. I thought i got rid of it, and … URL Searchhook won't delete 1 reply Hi, is anyone here? After a bit of searching, I found another dll with identical binary, so I used the same technique on it.

I tried to get rid of it manually, but the permissions are all locked up and I haven't been able to get past it yet. my Firefox is running extremely slow on and off … IE7 won't load some web pages 8 replies My IE7 won't load some pages. However, 2-3 days ago, when I decided to run another McAfee antivirus scan myself, the trojan showed up; AND when I reviewed the log file for McAfee, I discovered it had So i put the hard drive in mine , the virus jumped over to my hard drive and I ended up formatting both and reinstalling .

Make sure to prevent it from running again if you think you found the problem. Share this post Link to post Share on other sites jnsddrfreak    New Member Topic Starter Members 13 posts ID: 5   Posted April 22, 2009 Upon restarting the computer in It was a very recent glitch. Before the installation completes, check on the following prompts: - Update Malwarebytes' Anti-Malware - Launch Malwarebytes' Anti-Malware 5.

C:\WINDOWS\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.