Help - Search - Members - Calendar
Full Version: Trojan.Vundo.H
Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs
Ethom
Oct 12 2009, 12:27 AM
I have 3 regestry files that are infected and one file that keeps showing up that won't delete. Here is the Malwarebytes log file:

Malwarebytes' Anti-Malware 1.41
Database version: 2943
Windows 5.1.2600 Service Pack 3

10/11/2009 6:34:09 PM
mbam-log-2009-10-11 (18-34-09).txt

Scan type: Quick Scan
Objects scanned: 143481
Time elapsed: 1 hour(s), 25 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be6c4215-2a69-45e2-82e4-bbe3ddb06af2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pakhvnkw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{be6c4215-2a69-45e2-82e4-bbe3ddb06af2} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\qgiasrx.dll (Trojan.Vundo.H) -> Delete on reboot.

Any easy suggestions?
miekiemoes
Oct 14 2009, 02:14 PM
Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.


miekiemoes
Oct 22 2009, 06:36 PM
Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.