1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Guys, need help to remove trojan.vundo

Discussion in 'Virus & Other Malware Removal' started by xjune, Nov 7, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. xjune

    xjune Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    16
    Firstly, im new to this forum and i was introduced here through many searches from yahoo. My com was infested with Trojan.vundo and my norton antivirus detected it but it just cant remove the file. Anyway, the file is named as C:\WINDOWS\system32\jkkjk.dll.
    The irritating problem is that the norton antivirus keep popping out saying 'it is unable to repair this file'. Moreover, sometimes i will get advertisement pop-up when using the net.

    I have done some searchings on the net and tried various ways like VUNDOFIX and FIXVUNDO. They cleared some files but i just cant seem to detect the jkkjk.dll. I've also tried using VirtumundoBeGone in safemode and here's the result i got from it.


    [11/08/2007, 9:28:23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\User\Desktop\VirtumundoBeGone.exe" )
    [11/08/2007, 9:28:27] - Detected System Information:
    [11/08/2007, 9:28:27] - Windows Version: 5.1.2600, Service Pack 2
    [11/08/2007, 9:28:27] - Current Username: User (Admin)
    [11/08/2007, 9:28:27] - Windows is in NORMAL mode.
    [11/08/2007, 9:28:27] - Searching for Browser Helper Objects:
    [11/08/2007, 9:28:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [11/08/2007, 9:28:27] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/08/2007, 9:28:27] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/08/2007, 9:28:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 9:28:27] - No filename found. Continuing.
    [11/08/2007, 9:28:27] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/08/2007, 9:28:27] - BHO 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
    [11/08/2007, 9:28:27] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [11/08/2007, 9:28:27] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [11/08/2007, 9:28:27] - BHO 8: {B4E4BCEA-4078-4ED5-9728-E32379C239FA} ()
    [11/08/2007, 9:28:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 9:28:27] - [U]Checking for HKLM\...\Winlogon\Notify\jkkjk[/U]
    [11/08/2007, 9:28:27] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
    [11/08/2007, 9:28:27] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [11/08/2007, 9:28:27] - BHO 10: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
    [11/08/2007, 9:28:27] - Finished Searching Browser Helper Objects
    [11/08/2007, 9:28:27] - Finishing up...
    [11/08/2007, 9:28:27] - Nothing found! Exiting...


    It seems to detect the jkkjk file but it nv delete or repair it. Any ideas?


    Also, here the hijackthis result,

    PHP:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9
    :16:18 AMon 11/8/2007
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v7.00 (7.00.6000.16544)
    Boot modeNormal

    Running processes
    :
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\WINDOWS\System32\JMRaidTool.exe
    C
    :\WINDOWS\SkyTel.EXE
    C
    :\WINDOWS\RTHDCPL.EXE
    C
    :\WINDOWS\system32\RUNDLL32.EXE
    C
    :\Program Files\Common Files\Symantec Shared\ccApp.exe
    C
    :\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C
    :\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C
    :\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C
    :\Program Files\iTunes\iTunesHelper.exe
    C
    :\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C
    :\WINDOWS\system32\ctfmon.exe
    C
    :\Program Files\MSN Messenger\MsnMsgr.Exe
    C
    :\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C
    :\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C
    :\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C
    :\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C
    :\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C
    :\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C
    :\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C
    :\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C
    :\Program Files\Bonjour\mDNSResponder.exe
    C
    :\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C
    :\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C
    :\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C
    :\Program Files\Norton Internet Security\ISSVC.exe
    C
    :\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C
    :\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C
    :\WINDOWS\System32\nvsvc32.exe
    C
    :\Program Files\CyberLink\Shared Files\RichVideo.exe
    C
    :\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C
    :\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C
    :\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C
    :\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C
    :\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C
    :\Program Files\iPod\bin\iPodService.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\MSN Messenger\usnsvc.exe
    C
    :\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C
    :\Program Files\Messenger\msmsgs.exe

    F2 
    REG:system.iniUserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\7?85.exe
    O2 
    BHOAdobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 
    BHOSSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 
    BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 BHOWindows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 
    BHONorton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 
    BHOGoogle Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 
    BHOGoogle Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 
    BHO: (no name) - {B4E4BCEA-4078-4ED5-9728-E32379C239FA} - C:\WINDOWS\system32\jkkjk.dll
    O2 
    BHOWindows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 
    BHONAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 
    ToolbarYahooToolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 
    ToolbarNorton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 
    ToolbarNorton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 
    ToolbarWindows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 
    Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 
    Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 HKLM\..\Run: [JMB36X ConfigureC:\WINDOWS\System32\JMRaidTool.exe boot
    O4 
    HKLM\..\Run: [SkyTelSkyTel.EXE
    O4 
    HKLM\..\Run: [RTHDCPLRTHDCPL.EXE
    O4 
    HKLM\..\Run: [AlcmtrALCMTR.EXE
    O4 
    HKLM\..\Run: [NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 
    HKLM\..\Run: [nwiznwiz.exe /install
    O4 
    HKLM\..\Run: [NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 
    HKLM\..\Run: [ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 HKLM\..\Run: [RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 HKLM\..\Run: [LanguageShortcut"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 HKLM\..\Run: [NeroFilterCheckC:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 
    HKLM\..\Run: [IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 
    HKLM\..\Run: [MSPY2002C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 
    HKLM\..\Run: [PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 
    HKLM\..\Run: [PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 
    HKLM\..\Run: [Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 
    HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 
    HKLM\..\Run: [Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 HKLM\..\Run: [PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 
    HKLM\..\Run: [Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 
    HKLM\..\Run: [QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 
    HKLM\..\Run: [iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe"
    O4 HKLM\..\Run: [7c556154rundll32.exe "C:\WINDOWS\system32\ivcfnfyq.dll",b
    O4 
    HKLM\..\Run: [MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 
    HKLM\..\Run: [SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 HKCU\..\Run: [ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
    O4 
    HKCU\..\Run: [MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 
    HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 HKCU\..\Run: [swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 
    HKCU\..\Run: [PcSyncC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 
    HKCU\..\Run: [Uniblue RegistryBooster 2C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 
    StartupAdobe Gamma.lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 
    Extra context menu item: &Windows Live Search res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 Extra context menu itemAdd to Windows &Live Favorites http://favorites.live.com/quickadd.aspx
    O8 Extra context menu itemE&xport to Microsoft Excel res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 
    Extra 'Tools' menuitemSun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 
    Extra buttonResearch - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 
    Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 
    Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 
    Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 
    Extra 'Tools' menuitemWindows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 
    ESC Trusted Zonehttp://*.update.microsoft.com
    O16 DPF: {0FC64BDC-D14D-4F04-802D-4B9104DF16FB} (SystemCheck Class) - http://www.singnet.com.sg/technical/helptools/pc-check/media/ALTControl.cab
    O16 DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
    O16 DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
    O20 AppInit_DLLsC:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 
    Winlogon Notifywingsa32 C:\WINDOWS\SYSTEM32\wingsa32.dll
    O23 
    ServiceAdobe LM Service Adobe Systems C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 
    ServiceApple Mobile Device AppleInc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 
    ServiceAutodesk Licensing Service Unknown owner C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 
    ServiceAutomatic LiveUpdate Scheduler Symantec Corporation C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 
    Service##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 ServiceSymantec Event Manager (ccEvtMgr) - Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 
    ServiceSymantec Network Proxy (ccProxy) - Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 
    ServiceSymantec Password Validation (ccPwdSvc) - Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 
    ServiceSymantec Settings Manager (ccSetMgr) - Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 
    ServiceFFI Unknown owner C:\WINDOWS\system32\svchost.exe:exm.exe
    O23 
    ServiceFLEXnet Licensing Service Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 
    ServiceGoogle Updater Service (gusvc) - Google C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 
    ServiceiPod Service Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 
    ServiceISSvc (ISSVC) - Symantec Corporation C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 
    ServiceLiveUpdate Symantec Corporation C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 
    ServiceMacromedia Licensing Service Unknown owner C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 
    ServiceNorton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 
    ServiceNBService Nero AG C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 
    ServiceNMIndexingService Nero AG C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 
    ServiceWinFast(RDisplay Driver Service (NVSvc) - NVIDIA Corporation C:\WINDOWS\System32\nvsvc32.exe
    O23 
    ServiceCyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 
    ServiceSAVScan Symantec Corporation C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 
    ServiceScriptBlocking Service (SBService) - Symantec Corporation C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 
    ServiceServiceLayer Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 
    ServiceSymantec Network Drivers Service (SNDSrvc) - Symantec Corporation C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 
    ServiceSymantec SPBBCSvc (SPBBCSvc) - Symantec Corporation C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    --
    End of file 12912 bytes

    Im really clueless and did not know what to do.
    Really appreciate your help. Thanks.
     
  2. xjune

    xjune Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    16
    anyone can help?
     
  3. xjune

    xjune Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    16
  4. xjune

    xjune Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    16
    anyone ?
     
  5. xjune

    xjune Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    16
    no one?
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649172

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice