Jump to content

Malwarebytes

Vundo Trojan keeps returning

- - - - -
Started by assault606, Oct 29 2009 09:05 PM

1 reply to this topic

#1
assault606
Posted 29 October 2009 - 09:05 PM

    New Member

  • Members
  • Pip
  • 6 posts
Hi! I'm having trouble with my computer running sluggish and pop-ups occuring in my browser. I'm also experiencing hijacked search results on Google. I recently fixed the "disappearing mbam.exe" problem by following instructions on this forum. I'm VERY thankful to have this excellent program working again! However the Vundo trojan keeps returning. And I also seem to have one bad registry key. Here are the results from my last MBAM scan:


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/29/2009 10:23:57 AM
mbam-log-2009-10-29 (10-23-48).txt

Scan type: Quick Scan
Objects scanned: 115813
Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gatesufib (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nuyajifun (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sozonolo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sozonolo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hemenozu.dll (Trojan.Vundo) -> No action taken.



Thank you in advance for any assistance you can provide!

#2
Kenny94
Posted 29 October 2009 - 11:26 PM

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,621 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:Boxing, my Siberian Husky. Helping others with their PC.
Your being helped here at: http://www.malwarebytes.org/forums/index.p...mp;#entry149079
My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us