Home > Please Help > Please Help Me (vundo Trojan And Others Maybe) Log Information Inside

Please Help Me (vundo Trojan And Others Maybe) Log Information Inside

I'm unable to modify the permissions on any of the problem keys, including switching ownership *away* from my user/admin account to another account. If you are free of rootkits, then we will have to dig further. Somehow the infection is keeping me out of what should be full administrator access, without using the null registry value trick. had smith fraud-C my HijackThis log My old 'puter has alzheimers Hi Jack This Log help2 detective PC freezes and ALT CTRL DELETE won't work - hijak this log Windows installer this contact form

This includes: version information crash history affiliate ID One of the DLLs (actually uses .DAT file extension)is loaded within the legitimate EXPLORER.EXE process, which may lead to misleading alerts from any Something keeps Norton busy... Martins, mind yourself o, respect yourself o!    Peace!Re: A Trojan Has Passworded My Computer by mcmsat(m): 9:43am On May 17, 2008 @ Poster, the problem is that you did not about trojan.popuper help me PLEASE :,-(( Spyware.Apropos.C Running ad aware causes reboot hey, can anyone help me out?? http://www.bleepingcomputer.com/forums/t/188407/please-help-me-vundo-trojan-and-others-maybe-log-information-inside/

Several functions may not work. I need to find out if ZAP is misinterpreting what it is detecting and giving false warnings. Opening IE freezes computer, have to restart. With the DLL out of the way, Kaspersky AV gives a clean bill of health.

I'm not a computer newbie either; was writing mainframe assembly code 30 years ago. The Castlecops staff that work that board have just spent the last 7 months or so doing research into rootkits and tools, and they would be able to better help you one weekend, when i was working in the office,, a security guard brought a laptop and asked me to show him how to put it on. Rename that file to uxtheme.badNormally, Windows should already restore it with a new clean uxtheme.dll (from dllcache) automatically there.

Unable to contact.. I hope it's not capable of submerging itself even deeper....HKEY_CLASSES_ROOT\CLSID\{EFD6B7B0-4D1E-4FD3-8B98-96A4674678F6} and its subitem \InprocServer32 are undeletable. The MLM has used winlogon.exe, explorer, I.E., Firefox and recently O.E.; it's like a flea, hopping from host to host. HoovOctober 19th, 2006, 04:20 PMYou may have gotten the impression that have made it all the way though your other thread, I haven't, but I am working on it.

Unfortunately an expert rule will not help at all. Sorry just kiddin.ROFLMAO    Martins, u wicked o!  You wan spoil business for the "cappable" engineer (as e be like say na everyone be computer engineer for naija these days).  Didn't these are two links on trojan vundo -http://www.bleepingcomputer.com/forums/topic18610.htmlhttp://en.wikipedia.org/wiki/Vundo_trojannote that there's nothing there about how a trojan can 'password' the systemmaybe i'm wrong, but i think all these peeps probably bought stolen No idea where it got the file from.

If there aren't any other scans to run, I can go ahead and attempt to delete them manually.Is there anything else you think I should try before calling the computer clean? Vundo will then download its payload adware. I've run all sorts of security scans, rootkits and otherwise, without finding the mystery lurking malware (MLM.) We've narrowed it down to the three options mentioned in my last post, 1.) There's a mirror of this key inHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFD6B7B0-4D1E-4FD3-8B98-96A4674678F6}that again contains \InprocServer32.

Either I find the malware or discard my disc drives and start over again. weblink C:\windows\system32\catsrvu.dll made the list again, even though this file is still not present when I look for it. My Hijack This Log Can't get rid of psguard,spyaxe and falcon Startup Error - NTVDM CPU navexcel Computer freezes after about an hour browser hijack problem pop ups&viruses Adware Sheriff - DON'T WAIT UNTIL TOO LATE!!![/li][/list]That software will automatically detect any virus/trojan/malware affected on your computer/laptop quickly to PROMPT YOU ALERT A WARNING DIALOG MESSAGE in order to remove them automatically for

  1. What options do I have, since I cant log in either my name or as admnistrator even in SAFE MODE?
  2. Further scanning hasn't detected any new instances of the trojan or any other malware.However, I'm stuck with the trojan's Browser Helper Object key in the registry.
  3. richbuff 12.02.2009 07:08 I received your Combofix log in your PM, along with request to not attach it here.
  4. Go over there and let them know who helped you remove all your malware, and that you either have a rootkit, or something that is causing false positives pointing to a
  5. Follow the onscreen prompts to start the scan.Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause
  6. The ones I have quesitons about offer little info and nothing from the web, only "Your computer was restricted from connecting to a restricted site," an IP address and port.
  7. There are over 1 millions viruses out there you never know to hit attacked again.
  8. I don't know whether ZAP install or the malware caused the problem.

Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started I'm hoping the impossible to delete keys aren't a sign of some other process running undetected. these are two links on trojan vundo -http://www.bleepingcomputer.com/forums/topic18610.htmlhttp://en.wikipedia.org/wiki/Vundo_trojannote that there's nothing there about how a trojan can 'password' the systemmaybe i'm wrong, but i think all these peeps probably bought stolen http://channeltechnetwork.com/please-help/please-help-with-trojan-bho-trojan-vundo-trojan-agent.html Shellcon Hidden Window???

I don't know how to determine if these keys are linked to the trojan.Apart from those 12 CLSID keys, Rootkit Revealer only detects a couple of system files and a nonexecutable In some cases, any file written to this folder will cause the content of the file to be printed. Please re-enable javascript to access full functionality.

But, and I don't know if this will do you any good, is to reset the settings Database and then connect to the internet, and don't do anything to the net,

So this key appears to be a Kaspersky plugin that adds a protection statistics control to Internet Explorer. Kaspersky reported HEUR:Trojan.Win32.Generic in the file c:/windows/system32/catsrvu.dll, which identified itself as Alcohol 120% (never had Alcohol on the computer) and listed its original filename as StdMFC32.dll. Acid test. http://www.heidi.ie/eraser/ Oldsod bohemian_oneOctober 20th, 2006, 04:08 AMOldsod, My router only logs incoming traffic, my local malware is trying to phone home.

says suspicious entries - no instructions LOG can someone check my log and see what I can delete? Here is a Quicky: http://compreviews.about.com/od/tutorials/ss/DIYSecHD_6.htmStart your PC and go into System SetupIf you don't know anything here please do not go further.Set the drive to IDE(n) whatever comes after the Master.e.g Catsrvu.dll vanished once I typed "del catsrvu.dll" in Windows recovery console, and once that had been accomplished, HijackThis said its BHO registry key was pointing to a missing file. his comment is here I had been manulipulating the Hosts file, adding 127.0.0.1 Malware website entries, although the file's contents looked ok I reset it using a Castle Cops utility, the blocked loopbacks disappeared.

XP System files becoming corrupt, computer rebooting Picking up virus spyware malware?? The deleted DLL still hasn't reappeared, though.The 1F460357etc. Viewing this topic: 1 guest(s)(Go Up) Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming I'm infected with FakeAlert-B trojan warnhp removal hi jack this log IE**EDIT** NOW NETSCAPE TOO Freezes and get popup distorted pages when browsing can't view some website Question on msmsgs.exe WinLogon.exe

Since the system wipe 3 days ago, msimn.exe (Outlook Express) was blocked two times and today Firefox was blocked once. Rename that file to uxtheme.badNormally, Windows should already restore it with a new clean uxtheme.dll (from dllcache) automatically there. all efforts to remove it failed. Re: A Trojan Has Passworded My Computer by oyb(m): 8:18pm On May 20, 2008 [email protected]:@mcmsat.Can you be of help if the problem is "Bios password" in Toshiba satellite laptop.Dual core and

SAS also missed the remaining instances of the other key you had me delete. The Gutmann wipe is one of the best, followed by the complete power loss (pull the plug) to kill any residuals. Share this post Link to post Share on other sites ukbadboy    New Member Members 3 posts ID: 10   Posted July 30, 2010 Hi,You basically have to remove both. Now ZAP is telling me msimn.exe (O.E.) is attempting to reach syssecuritypage.com.

false_dmitrii 12.02.2009 17:29 The only new things in the full scan were a few false positives.SAS lists the DLL as quarantined now. my games also crash after 15 minutes or so. Sign in to follow this Followers 0 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).