1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan_Vundo Galore and PAK_Generic.001

Discussion in 'Virus & Other Malware Removal' started by Nikon44, Aug 14, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Nikon44

    Nikon44 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    20
    Explorer killed successfully
    [Registry - Non-Microsoft Only]
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA not found.
    [Files/Folders - Created Within 30 days]
    File C:\WINDOWS\System32\acbfhiya.dll not found!
    File C:\WINDOWS\System32\ahytgebs.dll not found!
    File C:\WINDOWS\System32\avepmwfe.exe not found!
    File C:\WINDOWS\System32\bnqogrqe.dll not found!
    File C:\WINDOWS\System32\bsmoagun.dll not found!
    File C:\WINDOWS\System32\caduxqqe.dll not found!
    File C:\WINDOWS\System32\chcovvkk.dll not found!
    File C:\WINDOWS\System32\clqwuuer.dll not found!
    File C:\WINDOWS\System32\cxmiwyiu.dll not found!
    File C:\WINDOWS\System32\dbyitmap.dll not found!
    File C:\WINDOWS\System32\fdacqkhq.dll not found!
    File C:\WINDOWS\System32\fdumirrs.dll not found!
    File C:\WINDOWS\System32\fnediedh.exe not found!
    File C:\WINDOWS\System32\fuamfemo.dll not found!
    File C:\WINDOWS\System32\fybqdubh.dll not found!
    File C:\WINDOWS\System32\gcekxggc.dll not found!
    File C:\WINDOWS\System32\gmnntatj.dll not found!
    File C:\WINDOWS\System32\gpsyivka.dll not found!
    File C:\WINDOWS\System32\hirdarwo.dll not found!
    File C:\WINDOWS\System32\hnbxrjkv.dll not found!
    File C:\WINDOWS\System32\hpxaidgy.dll not found!
    File C:\WINDOWS\System32\idhpsaar.dll not found!
    File C:\WINDOWS\System32\jditsejd.dll not found!
    File C:\WINDOWS\System32\jjafonif.dll not found!
    File C:\WINDOWS\System32\jmhdnlvr.dll not found!
    File C:\WINDOWS\System32\jxqaevbm.exe not found!
    File C:\WINDOWS\System32\kmnfcynw.dll not found!
    File C:\WINDOWS\System32\opgontcb.dll not found!
    File C:\WINDOWS\System32\oxxlvjal.dll not found!
    File C:\WINDOWS\System32\pgxpsjig.dll not found!
    File C:\WINDOWS\System32\phweujbx.exe not found!
    File C:\WINDOWS\System32\pwqjffim.dll not found!
    File C:\WINDOWS\System32\qkliqflf.exe not found!
    File C:\WINDOWS\System32\qpggskuk.exe not found!
    File C:\WINDOWS\System32\rivtljhm.dll not found!
    File C:\WINDOWS\System32\rmqoilrv.dll not found!
    File C:\WINDOWS\System32\rpguyyyh.dll not found!
    File C:\WINDOWS\System32\rrilwqfi.dll not found!
    File C:\WINDOWS\System32\slqhbmrg.dll not found!
    File C:\WINDOWS\System32\soebqejc.dll not found!
    File C:\WINDOWS\System32\spleqqco.dll not found!
    File C:\WINDOWS\System32\uooeeisy.dll not found!
    File C:\WINDOWS\System32\wsldsjns.dll not found!
    File C:\WINDOWS\System32\xeeldsep.exe not found!
    File C:\WINDOWS\System32\yuxvlhas.exe not found!
    [Empty Temp Folders]
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    RecycleBin -> emptied.
    Explorer started successfully
    < End of fix log >
    OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08252008_133432
    Files moved on Reboot...
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
     
  2. Nikon44

    Nikon44 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    20
    Here are the scan results from after the fix.
     

    Attached Files:

  3. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,444
    How is it running now? Any problems?
     
  4. Nikon44

    Nikon44 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    20
    Well, there is a definite improvement. However, Kaspersky still shows what appears to be quite an infection. The log is below:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, August 26, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, August 26, 2008 19:01:24
    Records in database: 1148706
    --------------------------------------------------------------------------------
    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes
    Scan area - Critical Areas:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
    C:\Program Files
    C:\WINDOWS
    Scan statistics:
    Files scanned: 82149
    Threat name: 3
    Infected objects: 23
    Suspicious objects: 0
    Duration of the scan: 02:00:38

    File name / Threat name / Threats count
    C:\Program Files\Trend Micro\Internet Security\Quarantine\kb456456[1] Infected: Trojan.Win32.Monder.fpt 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\kb767887[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.cpv 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1].js Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_810.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI1 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI2 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f8.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI1 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI2 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a00.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a04.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI1 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a0c.VIR Infected: Net-Worm.JS.Aspxor.a 1
    The selected area was scanned.
     
  5. Nikon44

    Nikon44 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    20
    Well, of course, even after waiting a couple of days to post:rolleyes:, it seems that Trend Micro's latest update may finally allow me to clean/delete the files Kaspersky has found. I'm trying that now and will do a second Kaspersky scan after this.
     
  6. Nikon44

    Nikon44 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    20
    So, after cleaning/deleting some of the files trend micro had quarantined I ran another scan with Kaspersky. It still shows an infection; here is the log.


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, August 26, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, August 26, 2008 23:45:24
    Records in database: 1149544
    --------------------------------------------------------------------------------
    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes
    Scan area - Critical Areas:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
    C:\Program Files
    C:\WINDOWS
    Scan statistics:
    Files scanned: 82103
    Threat name: 1
    Infected objects: 21
    Suspicious objects: 0
    Duration of the scan: 01:33:40

    File name / Threat name / Threats count
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1].js Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_810.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9ec.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI1 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VI2 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f0.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f4.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9f8.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI1 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VI2 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_9fc.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a00.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a04.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI0 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VI1 Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a08.VIR Infected: Net-Worm.JS.Aspxor.a 1
    C:\Program Files\Trend Micro\Internet Security\Quarantine\ngg[1]_a0c.VIR Infected: Net-Worm.JS.Aspxor.a 1
    The selected area was scanned.
     
  7. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,444
    You need to empty the Trend Micro Quarantine. ;)
     
  8. Nikon44

    Nikon44 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    20
    The quarantine shows that it is empty but Kaspersky still shows this.:confused:
     
  9. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,444
    Look in the C:\Program Files\Trend Micro\Internet Security\Quarantine folder and see if it's empty.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/739928