View Full Version : Trojan.Vundo - Symantic Antivirus Notification - need help
mcryder26
2007-07-19, 23:02
I apparently have the Vundo trojan. My computer is a mess. It is a Toshiba laptop running XP, and has SSD and Symantic Antivirus runing.
The computer is consumed with pop up windows alerting "Registry change denied"
I am sending this request for help from another computer. I'm a novice, so I can use all help available.
Thanks!
Hello.
Please follow the procedure in this link to produce the two logs requested: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
If necessary using the second computer to do so.
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a helper will advise you as soon as available. Regards. :)
mcryder26
2007-07-21, 00:03
Guess I am computer dummy. I ran the eTrust on line scanner, and it found three viruses, but I can't figure out how to save the "log". Is there some other software I need for that? While I was running the on line scan, I didn't realize I was suppose to disable my Symantec software, so the Symantec found the following:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Downloader
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0135569.exe
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 12:56:23 PM
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Downloader.MisleadApp
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0135570.exe
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 2:12:08 PM
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Vundo
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0136606.dll
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 2:47:08 PM
What do I do now? Download the two "hijack this" software and run them? If so, I don't see any instructions for doing that. I seem to be stuck in the instructions.
Hello.
4) HiJackThis log - Trend Micro HijackThis 2.0.2
This version should be used if you are running Windows Vista.
Direct executable (http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe)
Zip file (http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip)
Installer version (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe)
Quick Start Guide (http://www.trendsecure.com/portal/en-US/threat_analytics/quick_start_guide.php)
OR:
5) HiJackThis log - Merijn's HijackThis v1.99.1
Direct executable (http://www.merijn.org/files/HijackThis.exe)
Zip file (http://www.downloads.subratam.org/hijackthis.zip)
Double click HijackThis.exe.
Hit None Of The Above, just start the program.
Hit Scan.
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click that, save the log somewhere, and copy/paste (http://www.webmasternow.com/copyandpaste.html) (no attachments) into your (Click --> ) own new topic (http://forums.spybot.info/newthread.php?do=newthread&f=22)
a) The HJT log
b) The on-line Anti Virus scan log/report
"BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)
As you don't have Windows Vista, you can use Merijn's HijackThis v1.99.1. to start off with. The direct executable does not need unzipping, which makes it simpler. :) A log is needed from one version only.
Don't worry about the log from the on-line anti virus scanner for now.
Then start your topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and post the HJT log there. Thanks. ;)
Hope that helps.
mcryder26
2007-07-21, 17:19
:alien:
md usa spybot fan
2007-07-21, 18:30
mcryder26:
I see you posted in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum in the following thread:
Many viruses! Here is my HJT log. Please help!
http://forums.spybot.info/showthread.php?t=16205
However, it appears that posted the HijackThis log as an attachment in spite of the following instruction:
Click that, save the log somewhere, and copy/paste (http://www.webmasternow.com/copyandpaste.html) (no attachments) into your (Click --> ) own new topic (http://forums.spybot.info/newthread.php?do=newthread&f=22)
I suggest that you copy and paste the HijackThis log to another post in that same thread so that the assistance with your problem is not delayed.
mcryder26
2007-07-21, 22:06
Please let me know if I did it right this time....sorry for being a nimrod.
No worries, a little bit of panic/mind fuzziness is normal when one's computer is infected. ;)
Helpers are in different time zones, but if no one has picked it up by this evening, I will ask one to take a look.