Vundo Infection (I think)

[PeteHowell]

Here's the log from the scan. I'm aware about the tracking cookies from the adult sites :red: and I know they can be easily removed.


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@ad.yieldmanager[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@com[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter12.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter13.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter14.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter15.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter3.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter4.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter6.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter7.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter8.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@counter9.sextracker[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@drivecleaner[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@mediaplex[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@sexlist[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@sextracker[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@stats1.reliablestats[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@systemdoctor[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@winantivirus[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@xxxcounter[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Peter Howell\Cookies\peter howell@yadro[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe

 

[ken545]

Pete,

All Panda found were cookies. BUT, this cookie is pointing to a site that you got part of your infection from howell@[COLOR="Red"]winantivirus[/COLOR][1].txt

Pete, Pete , Pete stay out of the porn sites, this is where a majority of the infections come from.


Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe <-- This is part of Combofix, nothing bad.


This a free tool that will clean that all out, I run this on my system about once a week or so.
Download CCleaner from here to clean temp files from your computer.

• Double click on the file to start the installation of the program.
• Select your language and click OK, then next.
• Read the license agreement and click I Agree.
• Click next to use the default install location. Click Install then finish to complete installation.
• Double click the CCleaner shortcut on the desktop to start the program.
• On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
• If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
• Click on the "Options" icon at the left side of the window, then click on "Advanced."
  deselect "Only delete files in Windows Temp folders older than 48 hours."
• Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
• Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
• After CCleaner has completed its process, click Exit.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!



Looks like your ok :bigthumb::bigthumb:

• 
  How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• Tom Coyote
• TonyKlein CastleCops
• Grinler BleepingComputer
• Geeks To Go
• Dslreports

Here are some free programs to install, don't leave home without them

• Spybot Search and Destroy 1.5
  Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  
• Spyware Blaster It will prevent most spyware from ever being installed.
  
• Spyware Guard It offers realtime protection from spyware installation attempts.
  
• Win Patrol This program will warn you when any changes are being made to your system and give
  you the option to deny the change.
  
• IE-Spyad
  IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
  (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
  painless download and install, it will no way interfere with IE, you can use them both.
  
• Zone Alarm Here is a free Firewall from Zone Labs, I
  wouldn't access the internet without it.

Glad we could help.

Safe Surfn
Ken

 

[PeteHowell]

Ken,

Thank you very much for all your help. Once I get paid at the month I shall make a donation as my way of saying thank you.

Yes, no more porn sites.:angel:

 

[ken545]

Your very welcome Peter. :bigthumb:

Stay Well,
Ken