Help - Search - Members - Calendar
Full Version: Vundo Trojan keeps returning
Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs
assault606
Oct 29 2009, 09:05 PM
Hi! I'm having trouble with my computer running sluggish and pop-ups occuring in my browser. I'm also experiencing hijacked search results on Google. I recently fixed the "disappearing mbam.exe" problem by following instructions on this forum. I'm VERY thankful to have this excellent program working again! However the Vundo trojan keeps returning. And I also seem to have one bad registry key. Here are the results from my last MBAM scan:


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/29/2009 10:23:57 AM
mbam-log-2009-10-29 (10-23-48).txt

Scan type: Quick Scan
Objects scanned: 115813
Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gatesufib (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5f343c97-c21d-4549-8963-73de1e182818} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nuyajifun (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sozonolo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sozonolo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sozonolo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hemenozu.dll (Trojan.Vundo) -> No action taken.



Thank you in advance for any assistance you can provide!
Kenny94
Oct 29 2009, 11:26 PM
Your being helped here at: http://www.malwarebytes.org/forums/index.p...mp;#entry149079
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.