Trojan.Vundo - Symantic Antivirus Notification - need help
I apparently have the Vundo trojan. My computer is a mess. It is a Toshiba laptop running XP, and has SSD and Symantic Antivirus runing.
The computer is consumed with pop up windows alerting "Registry change denied"
I am sending this request for help from another computer. I'm a novice, so I can use all help available.
Thanks!
Hello.
Please follow the procedure in this link to produce the two logs requested: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
If necessary using the second computer to do so.
Then start your own thread in the Malware Removal Forum where a helper will advise you as soon as available. Regards.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
ran eTrust AntiVirus Web Scanner - but now- what?
Guess I am computer dummy. I ran the eTrust on line scanner, and it found three viruses, but I can't figure out how to save the "log". Is there some other software I need for that? While I was running the on line scan, I didn't realize I was suppose to disable my Symantec software, so the Symantec found the following:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Downloader
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0135569.exe
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 12:56:23 PM
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Downloader.MisleadApp
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0135570.exe
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 2:12:08 PM
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Vundo
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0136606.dll
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 2:47:08 PM
What do I do now? Download the two "hijack this" software and run them? If so, I don't see any instructions for doing that. I seem to be stuck in the instructions.
Hello.
"BEFORE you POST"4) HiJackThis log - Trend Micro HijackThis 2.0.2
This version should be used if you are running Windows Vista.
Direct executable
Zip file
Installer version
Quick Start Guide
OR:
5) HiJackThis log - Merijn's HijackThis v1.99.1
Direct executable
Zip file
- Double click HijackThis.exe.
- Hit None Of The Above, just start the program.
- Hit Scan.
- When the scan is finished, the "Scan" button will change into a "Save Log" button.
- Click that, save the log somewhere, and copy/paste (no attachments) into your (Click --> ) own new topic
a) The HJT log
b) The on-line Anti Virus scan log/report
As you don't have Windows Vista, you can use Merijn's HijackThis v1.99.1. to start off with. The direct executable does not need unzipping, which makes it simpler.
Don't worry about the log from the on-line anti virus scanner for now.
Then start your topic in the Malware Removal Forum and post the HJT log there. Thanks.
Hope that helps.
Last edited by tashi; 2007-07-20 at 23:37. Reason: Clarification
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
Thanks! I'll scan & post in Malware Removal Forum!
mcryder26:
I see you posted in the Malware Removal forum in the following thread:
- Many viruses! Here is my HJT log. Please help!
http://forums.spybot.info/showthread.php?t=16205
However, it appears that posted the HijackThis log as an attachment in spite of the following instruction:
I suggest that you copy and paste the HijackThis log to another post in that same thread so that the assistance with your problem is not delayed.
- Click that, save the log somewhere, and copy/paste (no attachments) into your (Click --> ) own new topic
Last edited by md usa spybot fan; 2007-07-21 at 17:33.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Did I do it right this time?
Please let me know if I did it right this time....sorry for being a nimrod.
No worries, a little bit of panic/mind fuzziness is normal when one's computer is infected.
Helpers are in different time zones, but if no one has picked it up by this evening, I will ask one to take a look.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
Posting Permissions
Reply With Quote
