Live Chat & Podcast at 1:00PM Eastern on Sunday!

Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Lavasoft Search redirect hijack
Go to first new post Yontoo removal
Go to first new post YellowMoxie Redirect
Go to first new post Printer Communication Problem- HKLM Boot ...
Go to first new post IE8 open then closes suddenly
Go to first new post Browser shutdown
Go to first new post Laptop is acting weird
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Windows 7 problematic. Read for informat ...
Go to first new post Google Search Redirecting/Other Possible ...
Go to first new post Slow connection/mouse problems -- malwar ...
Go to first new post BSOD twice, help?
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post Suspected Malware - Radio plays randomly ...
Search Search
Search for:
Tech Support Guy Forums > > >

Trojan_Vundo Galore and PAK_Generic.001

(New)
(!)

Reply
Page 2 of 2 1 2
Nikon44's Avatar
Junior Member with 20 posts.
THREAD STARTER
  
Join Date: Aug 2008
25-Aug-2008, 04:39 PM #16
Kill Results
Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\acbfhiya.dll not found!
File C:\WINDOWS\System32\ahytgebs.dll not found!
File C:\WINDOWS\System32\avepmwfe.exe not found!
File C:\WINDOWS\System32\bnqogrqe.dll not found!
File C:\WINDOWS\System32\bsmoagun.dll not found!
File C:\WINDOWS\System32\caduxqqe.dll not found!
File C:\WINDOWS\System32\chcovvkk.dll not found!
File C:\WINDOWS\System32\clqwuuer.dll not found!
File C:\WINDOWS\System32\cxmiwyiu.dll not found!
File C:\WINDOWS\System32\dbyitmap.dll not found!
File C:\WINDOWS\System32\fdacqkhq.dll not found!
File C:\WINDOWS\System32\fdumirrs.dll not found!
File C:\WINDOWS\System32\fnediedh.exe not found!
File C:\WINDOWS\System32\fuamfemo.dll not found!
File C:\WINDOWS\System32\fybqdubh.dll not found!
File C:\WINDOWS\System32\gcekxggc.dll not found!
File C:\WINDOWS\System32\gmnntatj.dll not found!
File C:\WINDOWS\System32\gpsyivka.dll not found!
File C:\WINDOWS\System32\hirdarwo.dll not found!
File C:\WINDOWS\System32\hnbxrjkv.dll not found!
File C:\WINDOWS\System32\hpxaidgy.dll not found!
File C:\WINDOWS\System32\idhpsaar.dll not found!
File C:\WINDOWS\System32\jditsejd.dll not found!
File C:\WINDOWS\System32\jjafonif.dll not found!
File C:\WINDOWS\System32\jmhdnlvr.dll not found!
File C:\WINDOWS\System32\jxqaevbm.exe not found!
File C:\WINDOWS\System32\kmnfcynw.dll not found!
File C:\WINDOWS\System32\opgontcb.dll not found!
File C:\WINDOWS\System32\oxxlvjal.dll not found!
File C:\WINDOWS\System32\pgxpsjig.dll not found!
File C:\WINDOWS\System32\phweujbx.exe not found!
File C:\WINDOWS\System32\pwqjffim.dll not found!
File C:\WINDOWS\System32\qkliqflf.exe not found!
File C:\WINDOWS\System32\qpggskuk.exe not found!
File C:\WINDOWS\System32\rivtljhm.dll not found!
File C:\WINDOWS\System32\rmqoilrv.dll not found!
File C:\WINDOWS\System32\rpguyyyh.dll not found!
File C:\WINDOWS\System32\rrilwqfi.dll not found!
File C:\WINDOWS\System32\slqhbmrg.dll not found!
File C:\WINDOWS\System32\soebqejc.dll not found!
File C:\WINDOWS\System32\spleqqco.dll not found!
File C:\WINDOWS\System32\uooeeisy.dll not found!
File C:\WINDOWS\System32\wsldsjns.dll not found!
File C:\WINDOWS\System32\xeeldsep.exe not found!
File C:\WINDOWS\System32\yuxvlhas.exe not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08252008_133432
Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
Nikon44's Avatar
Junior Member with 20 posts.
THREAD STARTER
  
Join Date: Aug 2008
25-Aug-2008, 04:41 PM #17
OTScan
Here are the scan results from after the fix.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
cybertech's Avatar
Moderator with 69,251 posts.
  
Join Date: Apr 2002
Location: Washington State
25-Aug-2008, 04:45 PM #18
How is it running now? Any problems?
Nikon44's Avatar
Junior Member with 20 posts.
THREAD STARTER
  
Join Date: Aug 2008
26-Aug-2008, 07:11 PM #19
Well, there is a definite improvement. However, Kaspersky still shows what appears to be quite an infection. The log is below:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 19:01:24
Records in database: 1148706
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics:
Files scanned: 82149
Threat name: 3
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 02:00:38

File name / Threat name / Threats count
C:\Program Files\Trend Micro\Internet Security\Quarantine\kb456456[1] Infected: Trojan.Win32.Monder.fpt 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\kb767887[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.cpv 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1].js Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_810.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI1 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI2 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f8.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI1 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI2 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a00.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a04.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI1 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a0c.VIR Infected: Net-Worm.JS.Aspxor.a 1
The selected area was scanned.
Nikon44's Avatar
Junior Member with 20 posts.
THREAD STARTER
  
Join Date: Aug 2008
26-Aug-2008, 07:16 PM #20
Well, of course, even after waiting a couple of days to post, it seems that Trend Micro's latest update may finally allow me to clean/delete the files Kaspersky has found. I'm trying that now and will do a second Kaspersky scan after this.
Nikon44's Avatar
Junior Member with 20 posts.
THREAD STARTER
  
Join Date: Aug 2008
27-Aug-2008, 02:12 AM #21
Still Infected
So, after cleaning/deleting some of the files trend micro had quarantined I ran another scan with Kaspersky. It still shows an infection; here is the log.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 23:45:24
Records in database: 1149544
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics:
Files scanned: 82103
Threat name: 1
Infected objects: 21
Suspicious objects: 0
Duration of the scan: 01:33:40

File name / Threat name / Threats count
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1].js Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_810.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI1 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI2 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f8.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI1 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI2 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a00.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a04.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI0 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI1 Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VIR Infected: Net-Worm.JS.Aspxor.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a0c.VIR Infected: Net-Worm.JS.Aspxor.a 1
The selected area was scanned.
cybertech's Avatar
Moderator with 69,251 posts.
  
Join Date: Apr 2002
Location: Washington State
27-Aug-2008, 10:53 AM #22
You need to empty the Trend Micro Quarantine.
Nikon44's Avatar
Junior Member with 20 posts.
THREAD STARTER
  
Join Date: Aug 2008
27-Aug-2008, 04:48 PM #23
The quarantine shows that it is empty but Kaspersky still shows this.
cybertech's Avatar
Moderator with 69,251 posts.
  
Join Date: Apr 2002
Location: Washington State
27-Aug-2008, 05:40 PM #24
Look in the C:\Program Files\Trend Micro\Internet Security\Quarantine folder and see if it's empty.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
adware, generic, pak, trojan, vundo

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 08:00 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑