Jump to content

I think Malwarebytes may have deleted an essential file, how do I reverse it?


Recommended Posts

So I had all of these Vundo viruses on my computer. I would get popups every minute or so whenever I opened my browser. No anti virus software could combat the viruses, until I found Malwarebytes. I no longer get popups, and I think all Vundo have been deleted. However, once I restarted my computer, several aspects of my internet would not work. AOL Instant messenger works fine for some reason, but whenever I try to open my browser it says that an error has occured. I tried restoring my system back to an earlier date, and it said it failed. However, for some reason now I can get back on to my browser. Now, whenever I turn my computer on and off, I can't get back on to the browser without attempting to restore. I think malwarebytes may have deleted an essential internet file.

Sorry for the wall of text, please help! (if anyone knows what happened)

Link to post
Share on other sites

You can click on Quarantine Tab and restore the file but you need to follow these directions here first.

okay here's my huge log of viruses:

Malwarebytes' Anti-Malware 1.33

Database version: 1673

Windows 5.1.2600 Service Pack 3

1/20/2009 5:11:46 PM

mbam-log-2009-01-20 (17-11-46).txt

Scan type: Full Scan (C:\|)

Objects scanned: 116588

Time elapsed: 26 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 4

Registry Keys Infected: 17

Registry Values Infected: 4

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\pogagodi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\vobuturi.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\bizugaye.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\ysmovs.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0506c4c9-50bc-485f-8651-e9a33dd80c51} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0506c4c9-50bc-485f-8651-e9a33dd80c51} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gxfeurtl (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gxfeurtl (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gxfeurtl (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wiyobokezi (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm63d40c88 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pogagodi.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pogagodi.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pogagodi.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bizugaye.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bizugaye.dll -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\zipowapu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\upawopiz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vobuturi.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\bizugaye.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\pogagodi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\ysmovs.dll (Trojan.Vundo) -> Delete on reboot.

C:\Documents and Settings\Edward Burke\Local Settings\Temp\moensacxrw.tmp (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Edward Burke\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Edward Burke\Local Settings\Temporary Internet Files\Content.IE5\3ZIW1UIA\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP0\A0000001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6742B4A6-3600-42DD-A01B-B908D2B25349}\RP0\A0000004.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jobarije.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jukazudu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wevozobo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fehotiye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ysmovs(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\inkfnchh.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\senekacpaicoeb.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\senekaybpjcvvk.sys (Trojan.Agent) -> Quarantined and deleted successfully.

can anyone tell me if one of these would cause problems with the internet?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.