Trojan.Vundo - Symantic Antivirus Notification - need help

M

mcryder26

New member
I apparently have the Vundo trojan. My computer is a mess. It is a Toshiba laptop running XP, and has SSD and Symantic Antivirus runing.

The computer is consumed with pop up windows alerting "Registry change denied"

I am sending this request for help from another computer. I'm a novice, so I can use all help available.

Thanks!
 
ran eTrust AntiVirus Web Scanner - but now- what?

Guess I am computer dummy. I ran the eTrust on line scanner, and it found three viruses, but I can't figure out how to save the "log". Is there some other software I need for that? While I was running the on line scan, I didn't realize I was suppose to disable my Symantec software, so the Symantec found the following:

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Downloader
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0135569.exe
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 12:56:23 PM

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Downloader.MisleadApp
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0135570.exe
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 2:12:08 PM

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Vundo
File: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977\A0136606.dll
Location: C:\System Volume Information\_restore{51B2433B-9DF3-4C49-BC34-1E3F1DBA4033}\RP977
Computer: JBARNES04441
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Friday, July 20, 2007 2:47:08 PM

What do I do now? Download the two "hijack this" software and run them? If so, I don't see any instructions for doing that. I seem to be stuck in the instructions.
 
Hello.

4) HiJackThis log - Trend Micro HijackThis 2.0.2

This version should be used if you are running Windows Vista.

Direct executable
Zip file
Installer version

Quick Start Guide

OR:

5) HiJackThis log - Merijn's HijackThis v1.99.1

Direct executable
Zip file

  • Double click HijackThis.exe.
  • Hit None Of The Above, just start the program.
  • Hit Scan.
  • When the scan is finished, the "Scan" button will change into a "Save Log" button.
  • Click that, save the log somewhere, and copy/paste (no attachments) into your (Click --> ) own new topic
a) The HJT log
b) The on-line Anti Virus scan log/report
Click to expand...
"BEFORE you POST"

As you don't have Windows Vista, you can use Merijn's HijackThis v1.99.1. to start off with. The direct executable does not need unzipping, which makes it simpler. :) A log is needed from one version only.

Don't worry about the log from the on-line anti virus scanner for now.

Then start your topic in the Malware Removal Forum and post the HJT log there. Thanks. ;)

Hope that helps.
 
Last edited:
mcryder26:

I see you posted in the Malware Removal forum in the following thread:
However, it appears that posted the HijackThis log as an attachment in spite of the following instruction:

Click to expand...
I suggest that you copy and paste the HijackThis log to another post in that same thread so that the assistance with your problem is not delayed.
 
Last edited:
No worries, a little bit of panic/mind fuzziness is normal when one's computer is infected. ;)

Helpers are in different time zones, but if no one has picked it up by this evening, I will ask one to take a look.
 
You must log in or register to reply here.
Back
Top