Need help removing Trojan.Win32.Monder.rhy

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ojo80

Thread Starter
Joined
Oct 6, 2008
Messages
4
Need help removing Trojan.Win32.Monder.rhy
I must have downloaded a bad file somewhere, but Zone Alarm keeps detecting Trojan.win32.Monder.rhy
Zone Alarm just isn't cutting it. Any ideas?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please download Malwarebytes' Anti-Malware to your desktop
from http://thespykiller.co.uk/downloads/mbam-setup.exe or http://www.malwarebytes.org/affiliates/thespykiller/mbam-setup.exe

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please include this log in your next reply.
 

ojo80

Thread Starter
Joined
Oct 6, 2008
Messages
4
Thank you for your prompt response

Here the details

Malwarebytes' Anti-Malware 1.28
Database version: 1240
Windows 6.0.6001 Service Pack 1

10/7/2008 2:01:31 PM
mbam-log-2008-10-07 (14-01-31).txt

Scan type: Quick Scan
Objects scanned: 46181
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 12
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\dlouggrs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\fccbASmM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ajenvwbh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vrzhsf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\xxyvsSJD.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{998b74e0-8c42-4e15-9d8b-f412d53ac685} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{998b74e0-8c42-4e15-9d8b-f412d53ac685} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5a82cc9-9fe6-4f7e-a955-705721d78615} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f5a82cc9-9fe6-4f7e-a955-705721d78615} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4053463e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm436075a2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Transaction Tasker (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccbasmm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccbasmm -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\vrzhsf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\fccbASmM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\MmSAbccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\MmSAbccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\dlouggrs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\srgguold.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyvsSJD.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Windows\System32\ajenvwbh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\gukfrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\homlvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jqombpwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\lvbowxlo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\system32\rjmwdlha.dll.vzr (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rtoswj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\siggvpfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xybldiak.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rqRHwTMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyxYpnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqPfeEv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
reboot
run MBAM again & post its new log
 

ojo80

Thread Starter
Joined
Oct 6, 2008
Messages
4
Here the details

I run first a deep scan of Zone Alarm and there was nothing but these are the other results

Malwarebytes' Anti-Malware 1.28
Database version: 1240
Windows 6.0.6001 Service Pack 1

10/7/2008 7:02:15 PM
mbam-log-2008-10-07 (19-02-15).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 194257
Time elapsed: 2 hour(s), 8 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Onasis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAWOYOY5\nd82m0[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Onasis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAWOYOY5\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
looks ok now so if all [problems have stopped

Please download ATF Cleaner by Atribune

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser as well as Internet Explorer or instead of it then also do this step

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser as well as Internet Explorer or instead of it then also do this step

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.


Notes for Windows Vista users:

On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
Prefetch has been disabled on Windows Vista. As the author is not not sure the effects that emptying prefetch on Windows Vista will have, for the time being that function won't be enabled

then

Turn off system restore by following instructions here
for XP http://www.thespykiller.co.uk/index.php?page=8
or for Vista http://www.bleepingcomputer.com/tutorials/tutorial143.html

That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable system restore & create a new restore point. Now Empty Recycle bin on desktop

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place


I urge you to consider purchasing the protection component in Malwarebytes to prevent further infections of this nature
Open Malwarebytes Antimalware, select the protection tab, press test to see if your system will benefit from it & if it says yes, then you can press the purchase button
 

ojo80

Thread Starter
Joined
Oct 6, 2008
Messages
4
Well Thank you very much for all your help I really appreciate

I will do this final steps right away
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top