|
TROJAN.VUNDO VIRUS FOUND!!!! NEED HELP!!!!!!!111one11!one1!!!oneeleventwo!!1!1111!!!!
|
|
|
DMROOLZ
Junior Member
|
12. January 2006 @ 15:38 |
Link to this message
|
|
H'okay... I have found specific instructions for removing the Trojan.Vundo virus.
However.
I have found none that are for Windows 200 Pro. all are for Windows XP. These are the instruction s i found on 15 sites, at least:
Download Trojan.Vundo removal tool
Turn off system restore
Reboot in safe mode
run infected file
run removal tool
reboot after turning on system restore
I cannot find the System restore, recovery or anything like that... I have run the program, to no avail. I have followed the instructions other than the system restore stuff, to no avail. I NEED HELP! PLEASE GIVE ME INSTRUCTIONS ON REMOVING THIS ARSE OF A VIRUS!!!!! SYMANTEX DOESN'T DO SHIZnAT!!!
J00 B PWN3D BY MY M4D 2K1LLZ
|
|
Advertisement
|
 |
|
|
Senior Member
|
12. January 2006 @ 15:55 |
Link to this message
|
|
start menu,accessories,system tools, should get u to system restore.
|
|
ddp
Moderator
|
12. January 2006 @ 16:25 |
Link to this message
|
|
moved to correct forum
|
|
-kemisti-
AfterDawn Addict
|
12. January 2006 @ 22:11 |
Link to this message
|
|
|
|
DMROOLZ
Junior Member
|
13. January 2006 @ 16:19 |
Link to this message
|
|
Alright, I'll try HJT. Dowloading now >_>'
J00 B PWN3D BY MY M4D 2K1LLZ
|
|
DMROOLZ
Junior Member
|
13. January 2006 @ 16:29 |
Link to this message
|
|
Alrite... Tried HJT, didn't work. Looked under system tools, all i have there are backup, character map, disk cleanup, disk defragmenter, getting started, scheduled tasks, and system info. checked under system info, found nothing. still problem with symantec, doing a real-time scan and not removing it. manual scan won't remove it... -_-'''
J00 B PWN3D BY MY M4D 2K1LLZ
|
|
-kemisti-
AfterDawn Addict
|
13. January 2006 @ 23:30 |
Link to this message
|
|
Just saving HjT-log doesn't fix anything. But if you post that HjT-log here, I or someone else may help you removing Vundo :)
|
|
DMROOLZ
Junior Member
|
15. January 2006 @ 16:45 |
Link to this message
|
ooh.. okay. Here's the thing on notepad that popped up. that's it, right? the trojan is in C:\\WINNT\system32\bnvphitm.dll
Logfile of HijackThis v1.99.1
Scan saved at 8:52:21 PM, on 1/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
D:\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\lndeggme.exe
C:\program files\zango\zango.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\gjkh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {24CA35A4-67A7-4450-BC6A-53471E1CD720} - C:\WINNT\system32\hpvedxji.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: (no name) - {6EA4491C-9AC8-45EF-8619-36198151A143} - C:\WINNT\system32\hpvedxji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINNT\system32\nd_gfx9.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] D:\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lndeggme] C:\WINNT\system32\lndeggme.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [gjkh] C:\WINNT\gjkh.exe
O4 - HKCU\..\Run: [lndeggme] C:\WINNT\system32\lndeggme.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (Miniclip) - http://www.miniclip.com/toolbar/minicliptoolbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/08b1391d22dd2231a400/netzip/RdxIE601.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: nd_gfx9 - C:\WINNT\SYSTEM32\nd_gfx9.dll
O23 - Service: DefWatch - Symantec Corporation - D:\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\SYMANT~1\Rtvscan.exe
J00 B PWN3D BY MY M4D 2K1LLZ
|
Senior Member
|
15. January 2006 @ 17:14 |
Link to this message
|
epox mobo EP-9NPAJ
amd 3700+ san diego core oc to 2.50
antec true power 430 watt dual +12 volt rails @ 18 amps each
bfg geforce 6800 gt oc edition
dragon case
2 x 512 DUAL CHANNEL ELIXOR RAM
Ibm P260 dvi & vga 21 inch crt monitor 1600 x 1200 @ 85 htz Oh yeah!!
|
|
DMROOLZ
Junior Member
|
15. January 2006 @ 18:17 |
Link to this message
|
|
are all of those downloads, or should I run safe mode with networking?
J00 B PWN3D BY MY M4D 2K1LLZ
|
|
ddp
Moderator
|
15. January 2006 @ 18:19 |
Link to this message
|
|
downloads
|
|
-kemisti-
AfterDawn Addict
|
15. January 2006 @ 21:23 |
Link to this message
|
@ozzy214: Vundo requires special fix
@DMROOLZ:
Uninstall via Control Panel (add/remove programs), if found:
winupdates
Zango Search Assistant Helper or just Zango
Shutdown these via Task Manager(ctrl+alt+del -> end process):
zango.exe
lndeggme.exe
gjkh.exe
Fix with HjT (do a system scan only, checkmark these and press fix checked):
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [lndeggme] C:\WINNT\system32\lndeggme.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [gjkh] C:\WINNT\gjkh.exe
O4 - HKCU\..\Run: [lndeggme] C:\WINNT\system32\lndeggme.exeO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (Miniclip) - http://www.miniclip.com/toolbar/minicliptoolbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/08b1391d22dd2231a400/netzip/RdxIE601.cab
Delete these files/directories, if present:
C:\PROGRA~1\==>MINICL~1<==
C:\Program Files\==>winupdates<==
C:\WINNT\system32\==>lndeggme.exe<==
c:\program files\==>zango<==
C:\WINNT\==>gjkh.exe<==
Please download VundoFix.exe -> http://www.atribune.org/ccount/click.php?id=4 to your desktop.
[*]Double-click VundoFix.exe to run it.
[*]Click the Scan for Vundo button.
[*]Once it's done scanning, click the Remove Vundo button.
[*]You will receive a prompt asking if you want to remove the files, click YES
[*]Once you click yes, your desktop will go blank as it starts removing Vundo.
[*]When completed, it will prompt that it will shutdown your computer, click OK.
[*]Turn your computer back on.
[*]Please post the contents of C:\vundofix.txt and a new HiJackThis log.
|
|
DMROOLZ
Junior Member
|
17. January 2006 @ 17:29 |
Link to this message
|
|
Sorry to dissapoint you guys... My mom figured this one out :P Download ClamWin, run scan on resident file, Symantec works w/ Clamwin, quarantines it, go to view in symantec, then quarantine, then delete files from there. Simple as that. No more limewire for me. XD Thanks for the help though.
J00 B PWN3D BY MY M4D 2K1LLZ
|
|
Ragnarok2
Suspended due to non-functional email address
|
17. January 2006 @ 18:26 |
Link to this message
|
|
Dude...your mom is a bad a$$. Thats pwnage right there.
AMD Athlon 64 3700+ @2.8Ghz ///1.5GB Corsair XMS
Radeon X800PRO///ASRock939-DualSATAII Motherboard
PowerLiner 400Watt PSU///Logitech X-530 5.1 Surround Sound///NEC Double Layer DVD Burner///Arctic Cooling Freezer 64 PRO
|
|
Advertisement
|
|
|
|
DMROOLZ
Junior Member
|
18. January 2006 @ 03:44 |
Link to this message
|
|
1337 pwnage. She spent 2 hours scanning, downloading and searching. My uncle gave her the program, she ran it, and symantec did hte rest.
J00 B PWN3D BY MY M4D 2K1LLZ
|
