1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Hijackthis log - Win32/Rbot.gen!A and Vundo keep coming back

Discussion in 'Virus & Other Malware Removal' started by imabiggles, Sep 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. imabiggles

    imabiggles Thread Starter

    Joined:
    Sep 11, 2007
    Messages:
    8
    Greetings folks,

    I'm at the end on the line for my attempts to fix my PC, so I logged into here to find some help.

    Ive run vundofix - states that its successful in removal after reboot (new scan doesn't show it)

    MS Mal Software removal tool to pull the trojan, but they both keep returning after I launch Explorer 7. Running XP Pro - the following is my log, anybody see something that could be an issue?

    Thanks in advance for any help!!
     

    Attached Files:

  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do ALL of this



    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
    ====================

    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :


    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    =====================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others as they were.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me regardless of what it finds with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. imabiggles

    imabiggles Thread Starter

    Joined:
    Sep 11, 2007
    Messages:
    8
    Ok, I first ran SAS as I wanted to check to see what the other programs are and what they did - so it ran in the background whilst I was surfing to find out more info. If found a svdhost.exe process keylogger and a trojan which I removed (trajan.download-ge/hititquitit). I have a full backup before this issue so wasnt worried about screwing stuff up too much.

    Then I became confident and ran them all in the order you listed. Logs posted. What do ya thing. SAS the second time around found the same tracking cookies which dont worry me too much, but the same trojan I "removed" before (I think its in system restore files). Updated logs posted per your instructions. and screen cap of SAS findings. What do ya think?
     

    Attached Files:

  4. imabiggles

    imabiggles Thread Starter

    Joined:
    Sep 11, 2007
    Messages:
    8
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/622783

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice