|
| |||||||||
| Tags: removing, trojanvundo |
Sponsored Links
Removing Trojan.Vundo
Windows Security
 |
| | Thread Tools | Search this Thread |
|
| |||||||||
| Tags: removing, trojanvundo |
|
| | Thread Tools | Search this Thread |
|
#1
30-12-2007
| |||
| |||
| Removing Trojan.Vundo
Please help! SUPERAntiSpyware detected the following files on my C; Drive: iifgd.exe iifgd.dll which it identified as Adware.VundoVariant/Resident Trojan.Vundo/Variant.Installer Here is my latest HijackThis File: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:57:42 AM, on 12/30/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\google\Google Updater\GoogleUpdater.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Internet Explorer\ieuser.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.aol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Users\Neil\AppData\Local\Temp\iifgd.exe O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5FC8A236-1281-464A-9BEE-A1C7144C771B} - C:\Users\Neil\AppData\Local\Temp\iifgd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {D98EF550-BACF-4F70-B6E3-31EF1E6C3A3F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [pxark] "C:\Users\Neil\AppData\Roaming\PrevxCSI\PrevxCSI.exe" -reboot O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [MoneyInsights] "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Neil\AppData\Local\Temp\iifgd.dll,c O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Google Updater.lnk = C:\Program Files\google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9931 bytes The file appears in the following lines: F3 - REG:win.ini: load=C:\Users\Neil\AppData\Local\Temp\iifgd.exe O2 - BHO: (no name) - {5FC8A236-1281-464A-9BEE-A1C7144C771B} - C:\Users\Neil\AppData\Local\Temp\iifgd.dll O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Neil\AppData\Local\Temp\iifgd.dll,c All help in getting rid fthis will be GREATLY apreciated NAS216  |
|
#2
31-12-2007
| |||
| |||
| Re: Removing Trojan.Vundo
Neil wrote: > Please help! (snippage) What was wrong with the help you got in your original thread? Posting again as if you were not already answered isn't going to get you different results. You were asked to *not* post HijackThis logs here in the Microsoft newsgroups and were given links to many specialty forums where you could do this. HijackThis logs take a great deal of time and expertise to analyze correctly and you will not get the attention you need here. That is why you were given links to forums where you *could* get help. Once again, here is a list of forums where you can post your HJT log and get guided help. If you don't want to take the time to do this, then take your machine to a local computer professional (not someone from BigComputerStore/GeekSquad) and have them clean it up. There is no shame in doing this; I don't hesitate to take my car to the mechanic. http://aumha.org/downloads/hijackthis.zip http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn http://www.bleepingcomputer.com/foru...howtutorial=42 - another tutorial http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies *first*. http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/...splay.php?f=25 http://www.geekstogo.com/forum/Malwa..._Here-f37.html http://gladiator-antivirus.com/forum...?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ EOT for me. *plonk* Malke -- Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User |
|
#3
31-12-2007
| |||
| |||
| Re: Removing Trojan.Vundo
Please stick to your original thread. We do NOT post HijackThis logs here! -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE, OE, Security, Shell/User) AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Neil wrote: > Please help! > > SUPERAntiSpyware detected the following files on my C; Drive: > > iifgd.exe > iifgd.dll > > which it identified as > > Adware.VundoVariant/Resident > Trojan.Vundo/Variant.Installer > > Here is my latest HijackThis File: > > Logfile of Trend Micro HijackThis v2.0.2 > Scan saved at 11:57:42 AM, on 12/30/2007 > Platform: Windows Vista (WinNT 6.00.1904) > MSIE: Internet Explorer v7.00 (7.00.6000.16575) > Boot mode: Normal <snip> |
|
#4
08-01-2008
| |||
| |||
| Re: Removing Trojan.Vundo
I was having similar problems with unknown trojan virusesn that were reportedly linked to malware. I cleaned my system several times using Norton, Windows Defender and Yahoo defender. Nothing worked until I found Windows Live One Care. It was a miracle worker for my system. I highly recommend and wish you good luck with your problem. The fix was free and they offered a 90-day free trial. "Malke" wrote: > Neil wrote: > > Please help! > > (snippage) > > What was wrong with the help you got in your original thread? Posting > again as if you were not already answered isn't going to get you > different results. You were asked to *not* post HijackThis logs here in > the Microsoft newsgroups and were given links to many specialty forums > where you could do this. HijackThis logs take a great deal of time and > expertise to analyze correctly and you will not get the attention you > need here. That is why you were given links to forums where you *could* > get help. > > Once again, here is a list of forums where you can post your HJT log and > get guided help. If you don't want to take the time to do this, then > take your machine to a local computer professional (not someone from > BigComputerStore/GeekSquad) and have them clean it up. There is no shame > in doing this; I don't hesitate to take my car to the mechanic. > > http://aumha.org/downloads/hijackthis.zip > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn > http://www.bleepingcomputer.com/foru...howtutorial=42 - > another tutorial > http://aumha.net/ - Click on the HijackThis forum. Read the announcement > and the stickies *first*. > http://www.atribune.org/forums/index.php?showforum=9 > http://aumha.net/viewforum.php?f=30 > http://www.bleepingcomputer.com/forums/forum22.html > http://castlecops.com/forum67.html > http://www.dslreports.com/forum/cleanup > http://www.cybertechhelp.com/forums/...splay.php?f=25 > http://www.geekstogo.com/forum/Malwa..._Here-f37.html > http://gladiator-antivirus.com/forum...?showforum=170 > http://spywarewarrior.com/viewforum.php?f=5 > http://forums.techguy.org/54-security/ > http://forums.tomcoyote.org/ > > EOT for me. *plonk* > > Malke > -- > Elephant Boy Computers > www.elephantboycomputers.com > "Don't Panic!" > MS-MVP Windows - Shell/User > |
|
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "Removing Trojan.Vundo" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Need help removing Trojan.Vundo.H | Mustler | Networking & Security | 6 | 18-05-2010 11:31 PM |
| Removing Adware.Vundo/Variant-Dx virus | Campbel | Networking & Security | 4 | 19-03-2010 10:13 PM |
| Problem removing Adware.Vundo/Variant-Caret | Justin23 | Networking & Security | 5 | 21-01-2010 06:15 PM |
| Trojan Vundo | Mhaxx | AntiVirus Software | 11 | 01-10-2008 08:00 AM |
| trojan.vundo | KJB | AntiVirus Software | 13 | 07-01-2008 12:33 PM |
