Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 23.1.2025 / 00:06
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > popups
Show topics
 
Forums
Forums
popups
  Jump to:
 
Posted Message
zucca08
Junior Member
_ 		4. October 2006 @ 20:22 _ Link to this message    Send private message to this user   
i dont kno what happened, i went to this website and my computer got retarded with these popups. i tried ewido and adaware but they didnt get rid of it. please help

Logfile of HijackThis v1.99.1
Scan saved at 12:20:10 AM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JoEy ZuCcZ\Desktop\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.2:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {3F877476-9C7C-4469-B647-FC9347520657} - C:\WINDOWS\system32\vtstu.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\cbirnecn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		4. October 2006 @ 20:41 _ Link to this message    Send private message to this user   
Hello zucca08, your infection is called Virtumundo or Vundo.

Download VundoFix to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please post the contents of C:\vundofix.txt and a new HijackThis log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
zucca08
Junior Member
_ 		4. October 2006 @ 20:50 _ Link to this message    Send private message to this user   
alright heres the vundo log..


VundoFix V6.2.0

Checking Java version...

Scan started at 12:43:11 AM 10/5/2006

Listing files found while scanning....

C:\WINDOWS\system32\vkbcmmqg.dll
C:\WINDOWS\system32\xvpjsbkw.dll
C:\WINDOWS\system32\uhnutdmm.exe
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vkbcmmqg.dll
C:\WINDOWS\system32\vkbcmmqg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xvpjsbkw.dll
C:\WINDOWS\system32\xvpjsbkw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uhnutdmm.exe
C:\WINDOWS\system32\uhnutdmm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.bak2 Has been deleted!

Performing Repairs to the registry.
Done!


and heres the HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 12:50:03 AM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JoEy ZuCcZ\Desktop\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.2:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {3F877476-9C7C-4469-B647-FC9347520657} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\cbirnecn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
[ + quote]
Niobis
Senior Member
_ 		4. October 2006 @ 20:54 _ Link to this message    Send private message to this user   
Good. There's something else also.

Go to Jotti's malware scan.
Copy/Paste this file into "File to upload and scan".
C:\WINDOWS\system32\cbirnecn.dll
Click Submit.
Post the resutls in your next reply.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
zucca08
Junior Member
_ 		4. October 2006 @ 21:00 _ Link to this message    Send private message to this user   
File: cbirnecn.dll
Status: INFECTED/MALWARE
MD5 7fe46253c90739ca4d52dddf288e06eb
Packers detected: -
Scanner results
AntiVir Found Heuristic/Crypted (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Vundo.gen1
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
[ + quote]
Niobis
Senior Member
_ 		4. October 2006 @ 21:20 _ Link to this message    Send private message to this user   
Show hidden files and folders: Control Panel > Folder Options > View tab > check "Show hidden files and folders".

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).

Find and delete this file:C:\WINDOWS\system32\cbirnecn.dll

Restart in normal mode.
Open HijackThis.
Click "Run a system scan only".
Check these(if there):

O2 - BHO: (no name) - {3F877476-9C7C-4469-B647-FC9347520657} - C:\WINDOWS\system32\vtstu.dll (file missing)

O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\cbirnecn.dll

Click "Fix checked".
Close HijackThis.
Rename HijackThis.exe to scanme.exe
Run a new scan and post the log.

Any more popups?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
zucca08
Junior Member
_ 		5. October 2006 @ 10:37 _ Link to this message    Send private message to this user   
i dont seem to be getting anymore popups. thank you so much.

Logfile of HijackThis v1.99.1
Scan saved at 2:36:53 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JoEy ZuCcZ\Desktop\scanme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.2:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
[ + quote]
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		5. October 2006 @ 10:58 _ Link to this message    Send private message to this user   
Log is clean now. You're welcome. :)

I recommend you get a firewall to prevent future run-ins like this. Zone Labs offers their's for free.
http://www.zonelabs.com/store/content/co...try=&lang=en_gb

Here's a full list of free Windows' security programs. Well worth a look.
http://forums.afterdawn.com/thread_view.cfm/292257

Good luck! :)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > popups
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork