Results 1 to 3 of 3

Thread: heavily infected malware, trojan, - surf the channel and/or megavideo

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    5

    Default heavily infected malware, trojan, - surf the channel and/or megavideo

    I can't browse mozilla firefox, it keeps opening tabs with ads and it takes ages to load. I ran malwarbytee anti-malware and it looked great, like all is repaired. Only to come back worst a day later. Help!!!!!!!!!A computer specialist/friend told me it would be better to reinstall windows than to try to get rid of it but I trust you to help me before I go that route. I have a compaq/hp and tons of drivers are missing every time I reinstall. It is way more complex than for other people so...

    BTW, I have a feeling I got these through surf the channel. Also, ever since I tried google chrome beta, things started to go badly. chrome seems quite vulnerable.

    Here is the log from the malwarebytes. I hope you can help me with this.

    Ko

    Malwarebytes' Anti-Malware 1.30
    Database version: 1422
    Windows 5.1.2600 Service Pack 3

    2008-11-30 15:42:44
    mbam-log-2008-11-30 (15-42-44).txt

    Scan type: Quick Scan
    Objects scanned: 49067
    Time elapsed: 5 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 3
    Registry Values Infected: 5
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\fomahono.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\zufuzeti.dll (Trojan.BHO) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdb04b393 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d837800f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tazajirari (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\zufuzeti.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\zufuzeti.dll -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\fomahono.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\onohamof.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\zufuzeti.dll (Trojan.BHO) -> Delete on reboot.

  2. #2
    Junior Member
    Join Date
    Nov 2008
    Posts
    5

    Default S.O.S. trojan, morph, virtumonde, ETC. it keeps getting worse, please help

    I installed spybt s&d - was fine and now no.
    I have AVAST, spybot and malwarebyte anti-malware.
    Tks, Katherine )Ko)

    that was my post on Saturday. I'm no tech savvy but I'll do anything you say.
    Kat

    I can't browse mozilla firefox, it keeps opening tabs with ads and it takes ages to load. I ran malwarbytee anti-malware and it looked great, like all is repaired. Only to come back worst a day later. Help!!!!!!!!!A computer specialist/friend told me it would be better to reinstall windows than to try to get rid of it but I trust you to help me before I go that route. I have a compaq/hp and tons of drivers are missing every time I reinstall. It is way more complex than for other people so...

    BTW, I have a feeling I got these through surf the channel. Also, ever since I tried google chrome beta, things started to go badly. chrome seems quite vulnerable.

    Here is the log from the malwarebytes. I hope you can help me with this.

    Ko

    Malwarebytes' Anti-Malware 1.30
    Database version: 1422
    Windows 5.1.2600 Service Pack 3

    2008-11-30 15:42:44
    mbam-log-2008-11-30 (15-42-44).txt

    Scan type: Quick Scan
    Objects scanned: 49067
    Time elapsed: 5 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 3
    Registry Values Infected: 5
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\fomahono.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\zufuzeti.dll (Trojan.BHO) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdb04b393 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d837800f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tazajirari (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\zufuzeti.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\zufuzeti.dll -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\fomahono.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\onohamof.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\zufuzeti.dll (Trojan.BHO) -> Delete on reboot.
    koandco is online now Report Post Reply With Quote
    Last edited by tashi; 2008-12-03 at 08:33. Reason: Moved from the Waiting Room (for members waiting 4 days and no logs to be posted there)

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,492

    Default

    Hello koandco,

    Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Start a new topic providing the HJT log if you can produce one as helpers look for threads without a response.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •