Jump to content

Malwarebytes

trojan.vundo.h got me

- - - - -
Started by rahrah12, Dec 08 2008 03:21 AM

3 replies to this topic

#1
rahrah12
Posted 08 December 2008 - 03:21 AM

    New Member

  • Members
  • Pip
  • 3 posts
I have been checking out the forum and I see that in order to effectively get this virus off of my computer I need treatment specific to my computer. Hopefully I am not a lost cause.

Malwarebytes' Anti-Malware 1.28
Database version: 1152
Windows 5.1.2600 Service Pack 3

12/7/2008 6:35:40 PM
mbam-log-2008-12-07 (18-35-40).txt

Scan type: Quick Scan
Objects scanned: 73926
Time elapsed: 17 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\opnomlMg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtQgdCT.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqgdct (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1b644b6-5cb6-4f07-a061-602aaa5ba6a6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d1b644b6-5cb6-4f07-a061-602aaa5ba6a6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnomlmg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnomlmg -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\awtQgdCT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnomlMg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gMlmonpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gMlmonpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnLFWm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E92F6775CF\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#2
rahrah12
Posted 11 December 2008 - 07:31 AM

    New Member

  • Members
  • Pip
  • 3 posts
any help on this?

#3
nosirrah
Posted 11 December 2008 - 08:14 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA
What shows up in a second scan after reboot ?
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4
rahrah12
Posted 12 December 2008 - 05:53 AM

    New Member

  • Members
  • Pip
  • 3 posts

View Postrahrah12, on Dec 10 2008, 11:31 PM, said:

any help on this?
good question...i'll find out
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us