Home > Please Help > PLEASE HELP : Vundo And Vundo.H

PLEASE HELP : Vundo And Vundo.H

The only other things running at the time (I looked that the timestamp of the NNNNNNNN.pf file in that directory) were system executables. Please help Apr 12, 2009 Vundo Virus - please help Apr 16, 2008 Vundo Trojan found, please help May 5, 2009 Please help with Vundo Aug 23, 2008 Infected with vundo Cheers Mo Windows 7 64 bit, NIS2013 floplot Guru Norton Fighter25 Reg: 11-Apr-2009 Posts: 21,465 Solutions: 471 Kudos: 3,393 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 10:10PM • Permalink I was not keeping detailed notes at this point, so I do not know how long it took them to regenerate, but with the benefit of hindsight, I think it was this contact form

The virus can "eat"away at available hard drive space; hard drive space can fluctuate so much as +3 to -3 Gb of space, evident of Vundo's attempt at "hiding" when being You assume the risk of of using any software, methods, recommendations, etc., referred to in this article. File Attachment: hijackthis_afterFIX.log DDS.txt Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos2 Stats Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 6:07PM • Permalink It looks as The first scan found 27 infected files, 3 of which needed the system to reboot to delete. https://www.bleepingcomputer.com/forums/t/221745/please-help-vundo-and-vundoh/

Renaming the program executable can work around this. RE: Please help me remove Vundo.gen.i paullotion Jan 13, 2009 4:36 PM (in response to pushin_buttons) Hello,Send the file to the lab.http://vil.nai.com/vil/submit-sample.aspxThen do this:Download Malwarebytes ' Anti-Malware from Here or Here Click here to Register a free account now! The infected system was Windows XP, SP2.

Gee, it seemed afraid of this thing. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Attached are the logs from the first & second scans from Malwarebytes. A case like this could easily cost hundreds of thousands of dollars.

Windows 7 Pro 64 bit NSBU IE 11 mhyde Visitor2 Reg: 04-Feb-2010 Posts: 10 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 04-Feb-2010 | 12:52PM • Permalink This is to double check, as some Vundo.H are resilient stubborn infections.  Hopefully Norton did it's job. Similar Topics Vundo trouble. al.) was to delete mbam.exe when it was installed.

Apr 28, 2009 #4 touch TS Rookie Posts: 978 Install Avira Free AntiVirus, from here -> Avira Or: Avast Install, update it, run a complete scan. I don't know what they were for, as I close all pop-ups instantly. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). A couple of notes about Recovery Console.

You have been very generous with your time and spot-on with your advice.  I asked the question only because you seem to know a lot about the nature/behavior of malware, so Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 8:06PM • Permalink I tried to download Malwarebytes on the infected I did a checksum of those executables against known good copies, and they were fine. So I was a green newbie at this.

Many of the popups advertise fraudulent programs such as AntiSpywareMaster, WinFixer, and MS Antivirus|AntiVirus 2009. Virtumonde.dll consists of two main components, Browser Helper Objects and Class ID. weblink TechSpot is a registered trademark. When you go into the Malwarebytes Programs folder  what files are missing??  here is a screenshot from my PC to cross reference Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 I then moved the mdam-setup file from the flash drive to the infected PC and tried to install.

  • Every little bit helps.
  • It appeared that winlogin woke up, enemerated all the registry entries under the 'Run' key, then looked for an entry called 'livojidon' and 'MS Juan' (the latter apparently an alias for
  • Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

I had caught the thing doing a regeneration. What do I do? If I could figure this out, I'd be onto something. navigate here You can't just delete tubakile.dll.

When this happens any programs may also fail to start and it may become impossible to use windows shutdown. Then clean install the New Version so that there will be no conflicting. I do think my observations and notes explain some things about Trojan.Vundo.H that will help clarify some things for people.

After I ran FileAssassin, tubakile.dll was plainly visible, but not with 'dir /ah'.

It correctly said I would need a reboot, which I did. File Attachment: hijackthis2.log mbam-log-2010-02-02 (01-24-58).txt mbam-log-2010-02-02 (08-58-33).txt delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 8:40AM • Permalink Hang I set up an icon to delete tubakile.dll, but that of course died when explorer.exe was killed. I tried running Malwarebytes as some posts recommend but the software would not download on the infected computer.

How is this even possible? Recovery Console Another approach people had reported success with is Recovery Console. I really appreciate any help! his comment is here Javascript Disabled Detected You currently have javascript disabled.

I downloaded VundoFix from this web site -- http://vundofix.atribune.org/ With evidence of the malware in the registry, and Malwarebytes reporting it there, but not removing it, I ran VundoFix to see Again, with the benefit of hindsight, I am certain that if I had opened my wallet on the pay-to-play service, that it would have been a waste of money. Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: Help with Vundo Trojan Posted: 02-Feb-2010 | 6:42PM • Permalink Ok, It looks like you have some of Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 escky escky Topic Starter Members 2 posts OFFLINE Local time:07:50 PM Posted 23 April 2009

I am disappointed with Webroot, both the product and its support. This was my working model, in any case. I've never had all that much respect for Microsoft technology, but after this experience, I have absolutely none. Quads 800midori19 Contributor4 Reg: 01-Feb-2010 Posts: 13 Solutions: 0 Kudos: 0 Kudos0 Re: Help with Vundo Trojan Posted: 01-Feb-2010 | 9:48PM • Permalink OK, will let it finish scanning.

I'm a Unix guy, after all. Its not that I'm affected by malware all that often, it is the principle of buying a product that is a demonstrated piece of junk. I am going to reboot and look forward to any further instructions that need to be taken. Ask a question and give support.

Summary Well, I suppose I could have just written the last section. I hope people find this useful. I surmised that tubakile.dll was a piece of the malware that merited further investigation. Microsoft does offer a utility that can be possibly leveraged to get around this problem, called inuse, available here -- http://www.microsoft.com/downloads/details.aspx?FamilyID=3a9927b6-0b0a-4261-b29b-3e78aa7618ac&displaylang=en According to the documentation, you can only replace dlls, not

RE: Please help me remove Vundo.gen.i pushin_buttons Jan 14, 2009 12:33 AM (in response to paullotion) Malwarebytes' Anti-Malware 1.32Database version: 1648Windows 5.1.2600 Service Pack 314/01/2009 1:18:05 AMmbam-log-2009-01-14 (01-18-05).txtScan type: Full Scan Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?