3 replies to this topic

[Vundosucks]

So I had all of these Vundo viruses on my computer. I would get popups every minute or so whenever I opened my browser. No anti virus software could combat the viruses, until I found Malwarebytes. I no longer get popups, and I think all Vundo have been deleted. However, once I restarted my computer, several aspects of my internet would not work. AOL Instant messenger works fine for some reason, but whenever I try to open my browser it says that an error has occured. I tried restoring my system back to an earlier date, and it said it failed. However, for some reason now I can get back on to my browser. Now, whenever I turn my computer on and off, I can't get back on to the browser without attempting to restore. I think malwarebytes may have deleted an essential internet file.

Sorry for the wall of text, please help! (if anyone knows what happened)

[Hardhead]

You can click on Quarantine Tab and restore the file but you need to follow these directions here first.

[Vundosucks]

Hardhead, on Jan 25 2009, 05:23 PM, said:

You can click on Quarantine Tab and restore the file but you need to follow these directions here first.

okay here's my huge log of viruses:

Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600 Service Pack 3

1/20/2009 5:11:46 PM
mbam-log-2009-01-20 (17-11-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116588
Time elapsed: 26 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 17
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pogagodi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vobuturi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\bizugaye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ysmovs.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0506c4c9-50bc-485f-8651-e9a33dd80c51} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0506c4c9-50bc-485f-8651-e9a33dd80c51} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gxfeurtl (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gxfeurtl (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gxfeurtl (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wiyobokezi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm63d40c88 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pogagodi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pogagodi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pogagodi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bizugaye.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bizugaye.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\zipowapu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upawopiz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vobuturi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\bizugaye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pogagodi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ysmovs.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Edward Burke\Local Settings\Temp\moensacxrw.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Edward Burke\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Edward Burke\Local Settings\Temporary Internet Files\Content.IE5\3ZIW1UIA\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP0\A0000001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP0\A0000004.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jobarije.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jukazudu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wevozobo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fehotiye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ysmovs(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\inkfnchh.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekacpaicoeb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaybpjcvvk.sys (Trojan.Agent) -> Quarantined and deleted successfully.

can anyone tell me if one of these would cause problems with the internet?

[DaChew]

That's a very bad infection and not one that you want to try to cleanup yourself

http://www.malwareby...?showtopic=9573

follow these directions to prepare for the HJT forum where an expert can help you

http://www.malwareby...php?showforum=7

then start a new thread in this forum