Tech Problem Aggregator

[SOLVED] Computer infected with Vundo.D.27 even after reformatting

Q: [SOLVED] Computer infected with Vundo.D.27 even after reformatting

My computer is infected with the Vundo.D.27 virus even though it was reformatted. I've used Avira and SuperAntiSpyware and it still won't help me resolve the problem. My sound system also doesn't work - not sure if it's due to the driver or the virus, but I suspect the latter.

Here is the contents of my DDS file:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Henry at 21:49:32.00 on Mon 02/16/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.422 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Henry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.plumsauce.info/okishima.php
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\henry\applic~1\mozilla\firefox\profiles\sl4c77xc.default\

============= SERVICES / DRIVERS ===============

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-13 71720]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2009-2-1 10872]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-31 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-31 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-31 151297]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-31 52032]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]

=============== Created Last 30 ================

2009-02-16 21:47 <DIR> --d----- C:\SDFix
2009-02-03 13:49 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-02-03 13:48 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-02-03 13:48 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-02-02 00:54 <DIR> --d----- c:\docume~1\henry\applic~1\BitTorrent
2009-02-02 00:32 <DIR> --d----- c:\windows\system32\custom matrices
2009-02-02 00:31 <DIR> --d----- c:\windows\system32\QuickTime
2009-02-02 00:31 <DIR> --d----- c:\windows\system32\C2MP
2009-02-02 00:23 <DIR> --d----- c:\program files\XviD
2009-02-02 00:22 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-02-02 00:11 662,288 a------- c:\windows\system32\MSCOMCT2.OCX
2009-02-02 00:11 427,864 a------- c:\windows\system32\XceedZip.dll
2009-02-02 00:11 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX
2009-02-02 00:11 <DIR> --d----- c:\program files\Driver-Soft
2009-02-01 17:47 <DIR> --d----- c:\docume~1\henry\applic~1\Grisoft
2009-02-01 17:47 10,872 a------- c:\windows\system32\drivers\AvgAsCln.sys
2009-02-01 17:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-02-01 17:47 <DIR> --d----- c:\program files\Panda Security
2009-02-01 17:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-01 17:33 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-01 12:19 286,720 a------- c:\windows\SWREG.exe
2009-02-01 12:19 98,816 a------- c:\windows\sed.exe
2009-01-31 23:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-01-31 23:07 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-31 23:03 <DIR> --d----- c:\docume~1\henry\applic~1\uniblue
2009-01-31 22:58 <DIR> --d----- c:\program files\Uniblue
2009-01-31 22:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-31 22:50 36,734 a------- c:\windows\system32\OggDSuninst.exe
2009-01-31 22:50 <DIR> --d----- c:\program files\Zoom Player
2009-01-31 22:47 <DIR> --d----- c:\program files\PowerISO
2009-01-31 22:39 <DIR> --d----- c:\program files\Avira
2009-01-31 22:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-31 22:37 23,856 a------- c:\windows\system32\spupdsvc.exe
2009-01-31 22:37 <DIR> --d-hr-- C:\AHCache
2009-01-31 22:29 <DIR> --d----- c:\documents and settings\henry\eee
2009-01-31 22:28 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-31 22:26 8 a------- c:\windows\system32\nvModes.dat
2009-01-31 22:25 25 a------- c:\windows\mixerdef.ini
2009-01-31 22:22 242,176 a------- c:\windows\system32\rt2500.sys
2009-01-31 22:22 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-01-31 22:22 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-01-31 22:22 19,915 a------- c:\windows\system32\drivers\AegisP.sys
2009-01-31 22:22 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-01-31 22:22 7,870 a------- c:\windows\system32\rt2500.cat
2009-01-31 22:22 242,176 a------- c:\windows\system32\drivers\RT2500.sys
2009-01-31 22:22 17,992 a------- c:\windows\system32\bcm42rly.sys
2009-01-31 22:22 <DIR> --d----- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-01-31 22:22 1,155 a------- c:\windows\system32\WLAN.INI
2009-01-31 22:20 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-31 22:20 1,230,336 a----r-- c:\windows\system32\MSXML4.dll
2009-01-31 22:20 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-01-31 22:20 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-01-31 22:20 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-01-31 22:20 82,432 a----r-- c:\windows\system32\MSXML4r.dll
2009-01-31 22:20 44,544 a----r-- c:\windows\system32\MSXML4a.dll
2009-01-31 22:19 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-01-31 22:17 10,624 ac------ c:\windows\system32\dllcache\gameenum.sys
2009-01-31 22:17 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-01-31 22:17 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-31 22:17 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-31 22:14 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-01-31 22:14 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-01-31 22:14 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-01-31 22:14 65,536 a------- c:\windows\system32\HPZipm12.exe
2009-01-31 22:14 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-01-31 22:14 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-01-31 22:14 306,688 a------- c:\windows\IsUninst.exe
2009-01-31 22:14 <DIR> --d----- c:\program files\HP
2009-01-31 22:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-31 22:13 <DIR> --d----- c:\program files\VideoLAN
2009-01-31 22:13 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-31 22:13 <DIR> --d----- c:\docume~1\henry\applic~1\SUPERAntiSpyware.com
2009-01-31 22:12 104,567 a------- c:\windows\hpoins04.dat
2009-01-31 22:12 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-31 22:12 17,176 -------- c:\windows\hpomdl04.dat
2009-01-31 22:10 <DIR> --d----- c:\program files\Trend Micro
2009-01-31 22:10 <DIR> --d----- c:\temp\HP_WebRelease
2009-01-31 22:10 <DIR> --d----- C:\temp
2009-01-31 22:09 20,016 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-01-31 22:09 1,125 a------- c:\windows\winamp.ini
2009-01-31 22:09 <DIR> --d----- c:\program files\DNA
2009-01-31 22:09 <DIR> --d----- c:\program files\BitTorrent
2009-01-31 22:09 <DIR> --d----- c:\docume~1\henry\applic~1\DNA
2009-01-31 22:08 453,152 a------- c:\windows\system32\nvudisp.exe
2009-01-31 22:08 206,492 a------- c:\windows\system32\nvapps.xml
2009-01-31 22:08 18,725 a------- c:\windows\system32\nvdisp.nvu
2009-01-31 22:08 <DIR> --d----- c:\windows\nview
2009-01-31 22:08 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-31 22:07 <DIR> --d----- C:\NVIDIA
2009-01-31 22:07 712,704 ac------ c:\windows\system32\dllcache\a3d.dll
2009-01-31 22:07 1,228,800 a------- c:\windows\mixer.exe
2009-01-31 22:07 765,952 a------- c:\windows\system\crlds3d.dll
2009-01-31 22:07 712,704 a------- c:\windows\system32\Audio3D.dll
2009-01-31 22:07 712,704 a------- c:\windows\system32\a3d.dll
2009-01-31 22:07 374,094 a------- c:\windows\system32\drivers\cmaudio.sys
2009-01-31 22:07 135,168 a------- c:\windows\CMUninst.OLD
2009-01-31 22:07 135,168 a------- c:\windows\cmuninst.exe
2009-01-31 22:07 135,168 a------- c:\windows\cmuninst.dat
2009-01-31 22:07 32,768 a------- c:\windows\system32\cmnprop.dll
2009-01-31 22:07 <DIR> --d----- C:\Gamesurround Muse 5.1 DVD Drivers
2009-01-31 22:04 <DIR> --d----- c:\documents and settings\Henry
2009-01-31 22:03 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-31 20:48 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-31 20:47 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-01-31 20:47 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-01-31 20:45 37,888 ac------ c:\windows\system32\dllcache\md5filt.dll
2009-01-31 20:44 108,544 ac------ c:\windows\system32\dllcache\appconf.dll
2009-01-31 20:43 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-31 20:43 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-31 20:43 316,640 a------- c:\windows\WMSysPr9.prx
2009-01-31 20:42 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-31 20:42 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-01-31 20:42 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-31 20:42 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-01-31 20:42 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-01-31 20:42 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-31 20:42 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-31 20:42 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-31 20:42 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-31 20:42 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-31 20:42 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-01-31 20:42 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-31 20:42 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-01-31 20:41 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-31 20:39 <DIR> --d----- c:\program files\Online Services
2009-01-31 20:39 <DIR> --d----- c:\program files\Messenger
2009-01-31 20:39 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-31 20:38 <DIR> --d----- c:\program files\Windows NT
2009-01-31 12:20 <DIR> --d----- c:\program files\common files\ODBC
2009-01-31 12:20 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-31 12:19 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-02-02 00:26 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-31 20:40 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 21:50:04.48 ===============

A: [SOLVED] Computer infected with Vundo.D.27 even after reformatting

Hi gwr922,

You appear to have run Combofix. Could you please post the Combofix log? It's located at C:\Combofix.txt

Thanks.

15 more replies
Answer Match 64.26%

Here is the info from hijackthis. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 7:10:13 AM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symant... Read more

A:Solved: Please help...My computer is infected with Vundo

16 more replies
Answer Match 56.7%

Hello,

After a brief exchange with Muppy03 in another thread on this forum, I came to the sad realization that my computer had become infected with a backdoor trojan and the best thing to do under the circumstances was to reformat my hard drive. I had a few questions about the reformatting process that Muppy03 advised me to ask here, since the people here are more well-versed in such things.

I've never done this before, so I want to make absolutely certain that I don't do anything wrong. I have a Windows XP system recovery CD that came with my computer whose purpose, according to the text written on it, is "to reinstall the operating system, programs and drivers." Is this disc all that I need in order to reformat my hard drive?

Also, on the subject on backing up my files, I have a secondary internal hard drive (drive F: ) which I use to store backup copies of my more irreplaceable files. If I backed up all the files and folders I wanted to save to that drive, would the reformatting process effect them in any way?

Also, to keep my computer from getting re-infected, are there any files that I shouldn't copy to my backup hard drive (aside from most of the contents of C:/Windows)? Incidentally, the way, I've unplugged my computer's modem line so that it can't get re-infected immediately after the reformatting process is over.

Any advice would be greatly appreciated.

Thanks in advance.

EDIT: And I should have mentioned that my compute... Read more

A:Solved: Reformatting a badly infected WinXP hard drive

15 more replies
Answer Match 55.02%

Dvk01 in Virus & Other Malware Removal, was not able to find a solution to my Trojan. Suggested reformatting to clean and get rid of whatever it is. Any suggestions on the best way to do this? Iím planning on saving my files to the separate hard drive. Dvk01 said that should not be infected.

Iím at work now, Iíll run the TSG when I get home in about an hour.

Thank you for any suggestions you can add. Below is the computer Iím looking at reformatting.

HP Pavilion dv6000
Microsoft W. XP
Version 2002
Service Pack 3
HP
AMD Turion 64X2 Mobile TL-50
803MHz 960MB of Ram.
 

A:Solved: help reformatting my computer.

16 more replies
Answer Match 55.02%

I have spent the week running scans to remove a virus I received (ispynow) and have decided to reformat my computer instead. I have backed up all of my files (though I am concerned I now have the virus in my external hard drive). I have an HP dv1000 laptop and the hp site says I should have to make recovery cds and can then reformat using the "system recovery" tool that shouls be listed under programs. I can' find that. It also says I can use f11 key when starting up to follow the same steps but f11 doesn't seem to do anything. I have an "application and driver recovery" cd and the "operating system cd" for xp home sp2. I just want my computer back either by getting rid of the virus or reformatiing. Thank you for your help.

A:[SOLVED] need help reformatting my computer

Here's a good checklist for you.


The Windows? XP Installation Check List.
1. The Windows? XP SP2-CD (naturally)

2. Darik's Boot N Nuke?..A Disc wiping Utility; or alternatively... Killdisk?. (Click the coloured Links).

3. Please read this guide...A Step-by-Step Installation Guide with explanations for each step of the installation.

4. The Motherboard CD that contains all the necessary Drivers etc.

A few tips:
a. Darik's Boot N Nuke will take about 4? hours to completely wipe the Drive; however, this will vary depending on how big the Drive is. (That estimate is for a 80Gb HDD). Wiping the HDD this way will give you the best chance of a 'clean' uninterrupted installation.

b. When you get to Figure 7 in 'The Guide', you can create more than one partition here by simply telling Windows? how big you want it. Should you do decide to create an extra partition, it will not be active until you do so after the installation is over and done with...we can give you guidance as to how this is done, so partition away if you wish.

c. Once the installation is finished, with all the Motherboard Drivers installed, and Internet connected, I strongly recommend that you install a reputable Anti Virus program first; then, go to the Windows Update Site and download all the updates (including SP3).
AVG? is has a very good free version available here. ... Read more

3 more replies
Answer Match 54.18%

I just tried to reinstall windows xp on my computer and during the installation my computer crashed. At first, it booted up fine and I tried to reinstall windows again. During the second re-installation attempt the progress just stopped so I restarted the computer. During the third attempt, when the setup was copying files over, there was a file that could not be copied over. So I exited setup and I was going to try to reinstall it again, but now it won't boot from the cd drive. I cannot boot from the hd either, it says that the NTLDR is missing. I do not know what to do. Please help me.

A:[SOLVED] Computer Crash During Reformatting

hi, how old is the pc? you need to clean the xp cd it might have ome dirt or scratches that is preventing you from installing it. aan easy option would be is to take the cd to another computer then right click on the cd drive click explore and copy all the files and burn them as an iso using power iso.
http://www.poweriso.com/

regarding the pc not booting from the cd you need to access the bios. when your pc is booting press the del key or tab, f10, f12 it should work on the del key or f1 just try a couple of them it will work.
then find the boot option and change the device order so that it boot from
cd
then hd
and then click save changes. now switch off pc turn back on it should be able to read the disk. ntdlr that is the file used to boot cd.
you can fix that by going to recovery console and copying the file over but at the moment try the things above then think about changign the files because you have already formatted your pc.

3 more replies
Answer Match 54.18%

Hi,

For another computer, I have two maxtor harddrives connected via IDE to a P4P800-E Asus motherboard.

When booting up, the system goes through some check with something called "FastBuild" which I have never heard about. I think it may have something to do with having the two harddrives work together. This computer here was bought used so maybe the previous user customized the bios?

Anyway, if I try to reformat as usual, running the Win XP Pro Cd while booting up, and install as usual, the setup files load up fine. Then, when I hit enter (to setup Win XP), there's a 25 second delay where the bottom of the screen (grey area) says "Please Wait..." and then the screen loads up where it should show my partitions and allow me to choose which to install.

THere's no highlight bar - instead, it says
"Unknown Disk"
<this drive cannot be found>
and it says this twice - I'm assuming because I have two of these harddrives - both of which cannot be read.

So 'delete partition' doesn't work - so my only option is Enter = Install.

Then the following message comes up:

"A problem has been detected and windows has been shut down to prevent damage to your computer

THe problem seems to be caused by the following file: setupdd.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure ... Read more

A:Solved: Trouble reformatting a used computer

16 more replies
Answer Match 54.18%

I am making this thread so that if there's anybody who knows of good manuals or tutorials, they can suggest them. I am actualyl being helped my Cookiegal and flavallee but I just want any suggestions. So please don't delete or move this thread! Thanks
Well, is it more like I reformat all of my drives or just my C drive?
I'm quite confused on that. Also, what does it mean to partition??? I saw another old thread about partitioning and it quite confused me. What do I do with partitions? And should I follow what this person did in this thread: http://forums.techguy.org/hardware/803662-c-drive-partitioning.html

This is probably important as well: if I have to partition my CD, is there a way to do it with no explorer.exe? That process won't start up properly and that's why I want to reformat..

Also, can anyone tell me if I should be aware of anything while reformatting? For example, should I insert the XP install CD after I delete everything and before I restart the computer? I read some manuals but they were all completely different. I liked this one: http://www.ehow.com/how_6026_format-hard-drive.html
but I'm kind of scared to follow it because of the comments.

In all, if anyone can find a specific manual at techguy or on the internet, that would be swell
Thanks in advance!
 

A:Solved: Quick! Reformatting my computer

7 more replies
Answer Match 54.18%

I've come across a virus that i am not able to get rid of & reformatting my computer is the only option. Problem is, i don't know how to reformat my computer. Can someone please instruct me on what to do. Help is greatly appreciated
 

A:Solved: Reformatting of computer due to virus

7 more replies
Answer Match 54.18%

Hello,

I think I have been infected by Vundo plus something else. Macafee tells me it found a trojan and deleted it but it happens over and over. It flashes very quickly so I am unable to catch what version of Vundo it is or what else it says other than generic. It actually hasn't happened for a while, but I cannot activate Windows update so I think it's still there.

The DDS is:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Sabrina1 at 20:41:01.98 on Fri 02/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.326 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMM... Read more

A:My computer is infected with Vundo, I believe

Hello Bebas and welcome. You most certainly are still infected with Vundo.

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

5 more replies
Answer Match 54.18%

Please help me by looking the my HJT log. Symantec AV is constantly telling me that it is finding vundo among many other pieces of malware. I have tried Symantec's fixvundo, vundofix, and virtumundobegone. None of this is finding the malware. I also have superantispyware and it is finding it, and removes it, but next time i run it, it finds it again. Here is my log from HJT.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:35 AM, on 12/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\SAV\DefWatch.exeC:\WINDOWS\system32\CBA\pds.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\SAV\Rtvs... Read more

A:Computer Infected With Vundo And More

Welcome to the BleepingComputer HijackThis Logs and Analysis forum matthewdfMy name is Richie and i'll be helping you to fix your problems.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the... Read more

7 more replies
Answer Match 54.18%

Hi,I have been struggling for the last few days with a Vundo infection - IE popups and redirections. At first I ran Adaware and Spybot S&D and thought I had managed to clear the infection; unfortunately, I was wrong as 20 mins later they reappeared. I browsed a few websites looking for help and on their advice I ran Malwarebytes malware removal in safe mode, SDFix and Vitumondefix and thought that would be the end of it... nope, it reappeared after about 10 minutes and this time it had redirected my homepage to a third party website... so I've rerun MalwarebytesMR again in safe mode a few times.Now I am not getting the popups but I am being very careful as I know its not been completely removed.I hope someone will be able to help me, any help would be truely appreciated so here is my RSIT log:Logfile of random's system information tool 1.04 (written by random/random)Run by random at 2008-12-07 21:33:20Microsoft Windows XP Professional Service Pack 3System drive C: has 14 GB (12%) free of 114 GBTotal RAM: 1022 MB (46% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:33:22, on 07/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32... Read more

A:Computer Infected with Vundo

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

7 more replies
Answer Match 54.18%

I got infected with Vundo!h, FakeAlert-DA, Generic Packed, Generic Downloader,x!ce, Generic Downloader,x!cfc Downloader-BPH and New Malware.j

I found the Bleepingcomputer site and downloaded the Combofix program and ran it on my machine. It found the offensive files and deleted them but did not reverse all the changes these programs had installed. I still have the following problems from what I can tell:

Regedit can't be run from any user account other than the administrator account.

The Local Settings directory and all the temp files in it have been hidden except on the administrator account.

Mcafee now seems to search out any Combofix files that are on the machine from my usb drive or if I download another copy from bleepingcomputer and says it detects the Artemis!C87B91C798AD trojan and proceeds to quarantine it.

I tried to load and run Combofix on another laptop which also has Mcafee installed and it too quarantines the Combofix file. I did load it with a usb drive that had been attached to this infected computer though. The laptop now won't load the usb drive so it can be seen in My Computer. I can see it from a dos prompt but not in my computer.

I used Root Repeal and Combofix prior to getting any advice from anyone here which was probably a mistake. I do have the logs created from them that show the files that were deleted and can upload them if needed.

Attached is the DDS and Attach files for my machine. I hope I haven't messed my machine up so... Read more

A:Computer infected with Vundo!h and others...

Hello.From your ComboFix log, you were infected with a backdoor.No scanner is perfect, and all will miss files. However, those ones really should have been detected.Backdoor ThreatThis means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.You may want to read this article on how to handle identity theft.You may also want to read this article regarding preventing of identity theft.This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.Please read When Should I Format, How Should I Reinstall.I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.Please download a new copy of ComboFix. Run it and post back the log.Link 1, Link 2, Link 3 In notepad where the log opens, click on Format and uncheck word wrap. It messes up the spacing in the logs.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.

[list]Close all other open programs as ... Read more

20 more replies
Answer Match 54.18%

Hello, I have had this problem for some weeks now. Usually I know how to get rid of malware, but lately I got infected and it keeps coming back no matter what I do.
Whenever I think I got rid of the infection, upon restart, Malwarebytes' Anti-Malware tells me there's 90 infected registry keys (security hijack) and various worms and viruses, always different ones, in different places. I mentioned Vundo in the title, because it appears to be the most frequent, but also koobface and others. Also, my firewall is disabled and I cant change it back. Could someone please look at my logs, that would be so nice. Thanks!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Hannes at 0:29:40,46 on So 07.06.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.767.356 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared&... Read more

A:Computer keeps getting infected with vundo etc

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

2 more replies
Answer Match 54.18%

Hi, recently my computer contracted the trojan vundo!grb, I have followed the initial steps that this forum requested and attached the files. I'm basically in need of some serious help, the trojan has begun to slow my computer down considerably and has begun to display random internet explorer pop-up's. If anyone could help me out, it would be greatly appreciated.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Ari at 13:55:35.21 on Sat 03/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.395 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\Syn... Read more

A:Computer is Infected with Vundo!grb, Please Help!!

Hi HipHopHead

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

8 more replies
Answer Match 54.18%

Hello.My computer unforunately became the victim of a virus/trojan attack today. This is not the first time that it has happened and I have succesfuly seemingly been able to use a combination of MalwareBytes, SuperAntiSpyware and Spybot SSD to remove things before. I did so again after this recent infection as well using the latest up to date versions. However, my gut is for some reason telling me that things may not be all clear. I ran HijackThis and got a log which seems to show some dubius entries in the output such as "AppInit_DLLs: karna.dat"I've taken the steps listed in the Preparation guide and have the DDS logs attachedI'll be grateful for any assistance that can be offered to me. Here is the HijackThis log that alerted me as well.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:20:47 PM, on 1/31/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Java�... Read more

A:Computer was/is infected with Vundo

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

12 more replies
Answer Match 54.18%

Hi,

A couple days ago my computer was infected with a virus called vundo. Windows defender detected it and claimed to have cleaned/deleted the infected files, however my computer has been experiencing problems that it didn't have before ever since. It is only usable for about 20 minutes before it freezes or crashes and occasionally it will make loud beeping noises. Windows defender identified the virus as vundo.gen.aj and the infected file as C\windows\system32\services.exe. I've tried rerunning windows defender, but it doesn't detect anything, as well as adaware (computer freezes before it is finished scanning). I'm not sure what to do to get rid of this thing. Any help would be greatly appreciated.

Thanks,
Jim

A:Computer infected with vundo.gen.aj

Hi Jim and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Re... Read more

2 more replies
Answer Match 53.76%

Alright I'm extremely new to this and I've been having this problem for a week and a half now. If I seem retarded I'm sorry.
My computer started freezing randomly awhile back, first it was just the
internet freezing then it was the whole desktop. My uncle had installed
Avanced Care on my computer and running that, and Avast and Malwarbytes
(not at the same time mind you) Avanced Care was the only one that
picked up: Trojan.Win32/dropper, trojan.win32/agent, trojan.win32/vundo
and trojan.win32/tracer. I wiped the computer, reformatted it and
reinstalled Windows 7, it worked fine for a few days and just now it
started freezing up again. It even froze once in safe mode with
networking. That's what I'm on right now and so far I'm alright.
 
Help please!!!

A:trojan.win32/vundo :( can't get rid of after reformatting!

Welcome aboard  Start with uninstalling Advanced System Care.Registry cleaners/optimizers are not recommended for several reasons: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a pro... Read more

11 more replies
Answer Match 53.76%

My computer seems to be detecting the Vundo (Vundo.D.27) Virus even after I reformatted my C: drive. My sound doesn't seem to be working either.

Here are my HiJackThis and Avira logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:40 PM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ad... Read more

A:Vundo Virus cannot be deleted even after reformatting

Hi gwr922

We no longer use HijackThis as our initial analysis tool.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic,
as this one will be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 53.34%

About a month ago my computer got infected with some vundo/malware. Occasionally, pop-ups will show up out of nowhere and it also seems to have attached itself to some of my programs. Like when SKYPE will open, it will appear as two separate operating programs with the same name on my Windows Task Manager. This has made my computer extremely slow and vulnerable. What should I do? I have no experiences with something like this.
My HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:59 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\awmnwdam.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Prog... Read more

More replies
Answer Match 53.34%

I thought that I had removed Vundo with Malware Bites but today I got bombarded by pop-ups again and Avast keeps telling me my Win32 files are infected. Last night I kept getting a popup while offline about Spyware Protect 2009 but I can't trigger it to pop up right now to tell you what it said.

Specifically I get alerts about Win32:Vupa and Win32:Adware-gen from Avast.

Malware Bites found Trojan.Vundo.V and I had to reboot for it to attempt to remove it but I think it is still on here somewhere.

Here is the last Malware Bites log.

Malwarebytes' Anti-Malware 1.36
Database version: 2157
Windows 5.1.2600 Service Pack 3

5/20/2009 11:13:53 AM
mbam-log-2009-05-20 (11-13-53).txt

Scan type: Quick Scan
Objects scanned: 96266
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\rdl4.tmp.exe (Trojan.Vundo.V) -> Delete on reboot.

A:Very infected computer (win32, maybe Vundo?) Please Help

This is the scan from after my reboot. It says I'm clean but it told me that last week too.

Malwarebytes' Anti-Malware 1.36
Database version: 2157
Windows 5.1.2600 Service Pack 3

5/20/2009 11:38:45 AM
mbam-log-2009-05-20 (11-38-45).txt

Scan type: Quick Scan
Objects scanned: 96123
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4 more replies
Answer Match 53.34%

Referred here from: http://www.bleepingcomputer.com/forums/t/218274/badly-infected-with-winpc-defender-please-help/ ~ OBHello-- Thanks in advance for your time and help. 1.) In addittion to my main question which is listed below(#2) can you answer this for me?? I have a clean computer and an infected computer. If I unplug my clean computer from my router is it safe for me to plug my infected computer into my router/internet connection so I can download onto the infected computer or can the infected computer actual transfer the virus to the router and subsequently to my clean computer when I unplug the infected computer from the router and re plug in the clean computer to the router?? ?? 2.) I have a computer that is heavily infected with multiple viruses including Koobface and Vundo. I have run all of the following scans (All updated with the most recent versions). DDS, MBAM, SAS, HJT. It appears that most of the infections have been removed but I am hoping someone can take a look at the logs to make sure this system is clean. I had a lot of trouble just getting MBAM and HJT to install and update so I am wanting to make sure this system is totally clean. Thnaks again in advance for your time and help.DDS LOG:DDS (Ver_09-03-16.01) - FAT32x86 Run by Chuck at 12:53:24.01 on Fri 04/17/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.118 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated)============... Read more

A:Infected w/ Koobface and Vundo-Please Help/ Computer 1

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

5 more replies
Answer Match 53.34%

I ran both Vundofix and Virtumundobegone and I do not think it got rid of the virus on my computer. Here is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:24 PM, on 9/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files�... Read more

A:Computer Infected With Vundo Virus

please?

13 more replies
Answer Match 53.34%

Hey, what's up guys? I've been readin the forum the past couple of days, and it looks like you can help me out. I've tried every internet security/spyware removal tool known to man and i cannot get this computer clean. I even followed the steps you have on this site...I'm stuck. I do know that the C:\WINDOWS\system32\inevrwoa.exe file is a variation of the geede.dll/virtumonde/vundo virus. Now, after some hard research i found out that a program i'd installed "PC Security Shield" from F-Secure was actually a rouge program. My bad. I had no idea at the time because my computer wasn't really acting like it is now. I did uninstall the PC Security Shield but it's still in the Programs folder, so I actually went into Computer Management and stopped those services related to it. I don't think it's working. Anyways, you know waaaayyyyy more about it than I do, so I know you guys can come thru for me. lol. here is the HijackThis log...thanks in advance!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:35:44 PM, on 1/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32&#... Read more

A:Please Help...computer Infected With Vundo Among Other Things...

Hello rswalker84, Looks like you have a nasty Vundo infection. We will run ComboFix. You need to disable your F-Secure Antivirus before running ComboFix, as it will prevent it from running. To disable F-Secure Antivirus: Please navigate to the system tray on the bottom right hand corner and look for a blue sign.right click it-> select Unload.The F-Secure sign should now be surrounded by a red striked through circle (looking like this: )You succesfully disabled the F-Secure Guard. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Be sure to install the Windows XP Recovery Console. <== Important Post the ComboFix log.

24 more replies
Answer Match 53.34%

Hi there,I keep getting an error on startup its a popup box with ssqpm.exe and says "Access to the specified device, path or file is denied" on clicking ok it comes up with another message "Could not load or run ssqpm.exe specified in the directory. Make sure it exists on your computer or remove the reference to it in the registry". Before i tried all the anti-virus's and spyware on your site the error was for jkklm.exe and teh same as above error message. The jkklm.exe error does not come up now.Also my computer would just not let me install a firewall tried spigate and comodo but could not load up!Also Hijack this could nto complete the scan as it found some error and said a log file has been saved. Below is the log file. Please help i have been on this for 2 days now. Need to sort out this computer and my other one. I guess one at a time. So no firewall and not sure if its a completed log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:40:48 PM, on 8/01/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files&... Read more

A:Winfixer (vundo) Infected Computer

Hello sagar and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

11 more replies
Answer Match 53.34%

DDS (Ver_09-03-16.01) - NTFSx86
Run by 03318803 at 11:46:46.95 on Thu 04/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.182 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Cisco Security Agent *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avga... Read more

A:Vundo Trojan infected computer trying to fix it.

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

2 more replies
Answer Match 53.34%

Hi,My computer was infected with the Trojan Vundo malware 2 weeks ago. It was a particularly hard to remove. It basically prevented any useful programs from running. I had to system restore the computer in safe mode to an earlier time and then ram MBAM to remove it. Computer was working fine up until a few days ago, it appears the malware has returned but I was able to use MBAM to remove it. I am quite a novice at this stuff, I am not sure if that fixed everything. I feel that my computer is still slow. Can you please check out my HiJack log? Please let me know if I need to do more. Thanks. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:40:37 PM, on 11/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\eHome\... Read more

A:Computer infected with Trojan Vundo

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 53.34%

Norton 360 see it gets rid of it..butit keep coming back I dont kno how to get rid of it...this is the log from HijackThis...Deckard's System Scanner v20071014.68Run by Owner on 2008-04-06 18:09:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-04-06 22:09:21 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:10:37 PM, on 4/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AlienGUIse\wbload.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv... Read more

A:Computer Infected With Torjan.vundo

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.

1 more replies
Answer Match 53.34%

My computer got infected with Vundo; tried clean up with Avast and SuperAntispyware and ComboFix (Malwarebytes was disabled by the virus). Cleaned some, but I get a message "error loading c:\windows\system32\yivezopo.dll". Also, tons of pop ups as of today.Type: VirusSystem affected: Windows XP, SP3Fresh Hijackthis and SuperAntispyware logs are attached.ANY help is greatly appreciated. Thanks,Ania

A:Computer infected with Vundo virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 52.92%

I have two computers with seperate but similar issues. I posted the other computer as melnphil, this one is melnphil2. Some of the info below is pasted from the post on the other computer, but I've changed it to reflect the differences. Just putting that out there to hopefully lessen any confusion about posting twice. This computer is XP Home Version 2002 SP3 with IE 7 and AVG 9- this computer is used by another one of my daughtersThe issue seems to be a pop up ad program, though it has been causing AVG to flip out and I thought I'd lost the hard drive in the midst of trying to finish the GMER scan due to several BSOD and Windows Delayed Write Failures that must have had at least 50 instances if not more. I've used both Malwarebytes and HijackThis in the past so started with those. Malwarebytes will not run, HijackThis will but hasn't been effective. I know just enough about these two to not really screw things up but not enough to figure out why they aren't working. I've read through the forums here for steps and either some of them aren't working, I am missing steps or I have more than one issue.So far I have: Run DDS and saved the logRun GMER it seems to complete but will not allow me to save the log - it was really long for this computer and went into the Delayed Write Fail errors before BSOD'ing it ran at least 6 hours this last time I tried it. Have tried to run Malware Bytes getting various errors with the program never actually openin... Read more

A:2nd infected computer Vundo.KD & SHeur2.CKER

Never mind on this one, the hard drive is borked.

2 more replies
Answer Match 52.92%

I've tried everything to get rid of the adware popup that the vundo trojan puts up on my screen. I've run Spybot S&D, vundofix, bought Spy Sweeper, installed WinPatrol, run ComboFix, RootkitRevealer. Nothing gets rid of it. I'm worried that it's a rootkit hack and will have to reformat my harddrive to get rid of it. I'm hoping someone has an alternate option. Below is from Deckard's Scan.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-01 09:30:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:01 AM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files... Read more

A:Computer infected by vundo - hidden by rootkit?

Hello zingabootie, and welcome to TSF.

My apologies for the delay; we're all volunteers, and we've been swamped.


Please delete your copy of ComboFix, download the latest version from here.



1. Save it to your Desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log, as well as a new DSS log, in your next reply.

~screen317

3 more replies
Answer Match 52.92%

DDS.txt
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
mSearch Page =
mStart Page = about:blank
mDefault_Search_URL =
uInternet Settings,ProxyServer = localhost:7171
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: : {eb68fc5f-db40-4909-8c26-69c2bf68ba5e} - c... Read more

A:My Hijack this log, infected with vundo/slow computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

34 more replies
Answer Match 52.92%

Hello. My name is Branson and I have a serious problem.

My computer was recently infected by 2 Trojans named Vundo!grb and HTML/FakeAV
My operating system Is Microsoft Windows XP Home Edition Version 2002, Service pack 3
I Get a lot of random pop-up ads, my computer performance has been slowed down tremendously
My Windows Security alerts/ automatic updates will not work or update no longer, and McAfee pops up with multiple threats detected yet none could be healed or removed only quarantined. McAfee is still picking up threats as I type this post.

If it helps, here are some of the quarantined items/files that were detected and quarantined by McAfee Virus Scan:

The ones Suspected to be related to the Vundo!grb Trojan by McAfee are
hjowgncu.ini
ovexmyou.ini
A0030483.ini
A0030484.ini

The one Suspected to be related to the HTML/FakeAV trojan is
freescan[1].htm

If there is more information that needs to be submitted for your review to help me solve this problem, I will be more than
cooperative and provide you with any needed in doing so.

Thank you.

A:My computer is infected by Vundo!grb and HTML/FakeAV

Hi, did you run Spybot S&D? And be sure to run Malwerbytes (donwload both from www.download.com).And before you restart go to START/RUN and type msconfig see the Services tab and disable all services which are not from Microsoft. Then in the Start up Tab disable most of the programmes that you dont need. In fact you do not need much or anything from from start up. Then restart, and run all your antivirus programmes again. In particular Spybot and Malwerbytes. Let Sybot install an aplication called Teatime to your start up. This will protect you.Finally, go to START/RUN and type command type color 9f (just my preference) and type mrt and do the scan.Cheers,Patbox

8 more replies
Answer Match 52.92%

Hello,

okay heres whats going on with my computer, a couple of days ago my mcafee virus protection software expired because i was using the mcafee antivirus that came with my computer. i have comcast highspeed internet and it also comes free with mcaffee antivirus protection but i was unaware that i was not using the protection that was free with my comcast internet. so for a day or so my computer was not protect. when i was not protected my computer really slowed down and i would get alot of pop ups telling me to click ok to fix this problem and alot of other pop ups to other sites. so then i contacted comcast and got my computer proctect again, scanned it with the mcafee antivirus protection and after it was i got a pop up from mcafee that read "Detection: Vundo (Trojan), Vundo (Trojan) File Path: C:\WINDOWS\system32\vtsqn.dll". mcafee asked me to quarintine or remove the tojan, i tried both but it continued to pop up after restart after restart. i tried to restore my computer to a earlier time but that didnt work either. i was able to access the internet at this time but i was constantly gettin the same pop ups as before but i was becoming worse. i kept trying to use mcafee to remove the trojan but it would work. so i came upon this site through mcafee help forum and i was pointed to this forum for the 5 steps. i competed step one. then i got to step two, i tried to scan my computer using panda free online scan but it told me i was using internet explorer 5.0 ... Read more

A:computer is possibly infected by Vundo (Trojan)

sorry for the second post im not sure how to edit.

i ran Deckard's System Scanner (DSS) again, but this time the highjackthis icon was install on the desktop, but i was unable to find the extra.txt log. even when ran the second time i was unable to find it.

like i said i appologize for the second post.
thank you
Grant

7 more replies
Answer Match 52.92%

Hi there ....

I believe my computer has been infected by some nasty Vundo Variant Rel trojan/virus.

I am running Windows XP SP2 and I think I got infected while I was surfing on Firefox using Google several days ago.

1. My desktop was completely taken over by some spyware
2. My task manager was disabled
3. Google and other websites cannot be launched from Firefox

After running SuperAntiSpyWare, I managed to recover my desktop to how it was before and my task manager is working fine now. However I cannot surf thru Google on Firefox and many websites wont open in Firefox. Funny enough everything is working perfectly fine in IE.

I have noticed that even after scanning 2 items keep coming back, namely Trojan Varian Rel and Adware Tracking cookie. Although it states that they have been removed and Google is working again, everytime I reboot Google on FF refused to work again.

Could you be kind enough and tell me what should I do to get rid of these viruses?
Thanks in advance for your attention.

P.S. I am currently using McAfee.

A:Computer Infected By Vundo Variant Rel Trojan

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

16 more replies
Answer Match 52.92%

I have tried for over a week to get rid of a Vundo infection on a computer here at work. I'm usually successful at getting rid of malware and other crapware but this infection has me stumped. It keeps regenerating itself and I don't know where to look to find the files responsible.Here's what steps I've taken - they seem to remove it until the next day or so and then it's back. Ugh!I can see the entries in Hijack This (which can't remove anything since the dll files are attached to WinLogon). I can use the Windows CD/System Recovery to go to a DOS prompt and manually remove the dll files - when I reboot only one entry seems to remain - an O20 entry in HJT AppInit_DLLs: lebenesa.dll - I have tried to delete this in the Registry but it only comes back. I have run ComboFix and it seemed to get rid of the bug only to have the computer reinfected the next day.I have tried Malware Bytes - I got the error code 2 so downloaded the file to fix that and it still won't run.VundoFix didn't find it. VirtuomondBeGone - didn't work - can't remember if it didn't run or didn't find it.Here are the logs requested:DDS (Ver_09-12-01.01) - NTFSx86 Run by snieland at 10:45:21.17 on 02/22/10Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2199 [GMT -5:00]AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes =====... Read more

A:Infected with Vundo Virus - keeps reinfecting computer

I ran the GMER scan - left the computer and when I came back the WinLogin screen was up - I thought that meant it had finished but now that I look at the log, there's nothing listed. Don't know if that's caused by the virus? Her computer isn't set to go to the login screen after the screen saver comes on so that would only appear if the computer rebooted.Any ideas?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not ... Read more

11 more replies
Answer Match 52.92%

I continually have popup adds in internet explorer along with setting changes. I set IE to block all cookies and it resets to allow all cookies. Something happens to my zone alarm firewall so that I have to turn it off to access the internet. Computer performance in general is slower. Firefox seems much less affected than IE. I have tried symantec, ad-aware, spybot, several recommended online virus scanners, symantec's tool for removing vundo, and some other fix for virtumonde. From descriptions of vundo/virtumonde, I think that this is the culprit. Nothing seems to fix it. Attached is the hijackthis log. I have two suspicious entries in this log but they don't show up bad with scans. One is ...npjpi142_03.dll and the other is ...xpnetdiag.exe. Are these the culprits and if they are, can I just delete them?
Thanks in advance for any help!

A:Infected Computer-possibly Vundo/virtumonde

Hello D73, If you still need help, please post a fresh Hijackthis log. Do NOT attach the log, as that makes it hard to read. have two suspicious entries in this log but they don't show up bad with scans. One is ...npjpi142_03.dll and the other is ...xpnetdiag.exe. Are these the culprits and if they are, can I just delete them?I dont see those in your log. Have you already deleted them? Both are legit files. xpnetdiag.exe is a Network Diagnostic for Windows XP, while npjpi142_03.dll is part of Java version j2re1.4.2_03.

2 more replies
Answer Match 52.92%

HiBeing a 1st timer I have looked thru your site, its very interesting and I hope I am in the right place for this.Have read heaps and tried all the suggestions here and elsewhere, sofar here has being very informative but cannot seem to fix problem.My daughters picked it up whilst surfing MSN when some goof sent them a "is this you? check your picture out" message. Which obviously they did!!I thought it was only a "oo.exe" file virus but have tended to find more and more as I have dug deaper.Running XP Pro with MS Applications and Internet Security 2007 as virus/system scanner.Internet Security (IS) continues to find Trojan.Vundo and removes it but it keeps coming back everyday, confirmed by IS history log. Have tried many other applications to fix this from several forums, Vundofix, AVG, Pirex, Stinger and Ad-Adware with no luck (i think) as computer is still slow and I have trouble running Windows Explorer without being able to complete a full scan as it errors half way thru at Nero, then we send of a error report off to MS and start again.I have also deleted programs like MSN and Limewire, the system has been scanned cleaned up and defraged. MSN popup for run program was also a hint that something was wrong as it asked to do this on every signin.Words like *zip, robot, backdoor, trojan, vundo, oo.exe", I have been checking for these are from other forums and explained as being key file names and are linked to this problem.I think the oo.ex... Read more

A:Problems With Infected Computer "vundo Infection"

Hello,I see you have Windows Defender running.The real-time protection may interfere with the fixes, that's why I want you to turn it off.To turn real-time protection offOpen Windows Defender. (Click Start, click Programs, and then click Windows Defender.)Click Tools, and then click General Settings.Under Real-time protection options, Uncheck the Turn on real-time protection (recommended) check box.Then click Save. When your hijackthislog is clean again, please turn on the realtime protection again.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {E534476C-E06E-4A9D-8B9C-C947C0CC4573} - C:\WINDOWS\system32\csvpomyn.dll (file missing)O2 - BHO: (no name) - {F49ED2B3-08F5-4BA3-8536-2DAEE8C8409B} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O20 - Winlogon Notify: tuvvwts - C:\WINDOWS\* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.Updating Java:Download the latest version of Java Runtime Environment (JRE) 6u1.Scroll down to where it says "Java Runtime Environment (JRE) 6u1".Click the "Download" button to the right.Check the b... Read more

6 more replies
Answer Match 52.92%

It started when i downloaded a 'codec' for a video file...More and more problems seem to be emerging now.Any help would be greatly appreciated!thanksHere is the logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:06 PM, on 4/29/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Windows\System32\rundll32.exeC:\Acer\Empowering Technology\ENET\ENMTRAY.EXEC:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXEC:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXEC:\Acer\Empowering Technology\eRecovery\ERAGENT.EXEC:\Users\joe\AppData\Local\Temp\RtkBtMnt.exeC:\Program Files\Grisoft\AVG... Read more

A:Computer Infected With Zlob, Vundo... Hjt Logfile.

Welcome!Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."Click the "Download" button to the right.Select the Windows platform from the dropdown menu.Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.Next,... Read more

14 more replies
Answer Match 52.5%

i did a complete reformat of my 6 year old dell dimension 4600 and when it was done my speakers and microphone did not work at all. my dell 1704fpt colour monitor has very limited display. there is no gradient in the colour so it is very basic in display.

in the disk of drivers that came with my computer no sound nor sound drivers that i have installed work properly. the driver i downloaded from dell.com for my monitor did not install.
please help
 

A:Solved: no souno sound and limited display after reformatting computer

7 more replies
Answer Match 52.08%

Can someone please help. Co worker computer is infected with Vundo virus and after running Malwarbytes and couple virus scanner, computer still feel sluggish. Sometimes pop ups appear from the bottom of the screen when surfing the web. Computer feels very sluggish. Can't even boot into safe mode. When attempted to run safe mode, it will loop me back to the reboot process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:53 PM, on 11/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Fi... Read more

A:Help. Computer infected with VUNDO virus and runs slow

Can someone please help me. I try couple online scanner. Kraspersky and Eset online scanner and computer still acting weird.
 

3 more replies
Answer Match 51.66%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:39:07 AM, on 10/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\spool\drivers\w32x86\... Read more

A:Computer Infected With Win32: Tiny-if Agent-lap Vundo-gen49

Welcome to the BleepingComputer HijackThis Logs and Analysis forum sdianneodom My name is Richie and i'll be helping you to fix your problems.Download HostsXpert 3.8: http://www.funkytoad.com/download/HostsXpert.zip1. Extract the zip file to your desktop or a permanent folder on your hard drive.2. Open the folder and double-click on the Hoster.exe3. Press "Restore Microsofts Original Hosts File" 4. Press "OK" and exit the program.Go to: C:\WINDOWS\System32\drivers\etc\HOSTS.1) Right-click on the HOSTS file2) Click Properties3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.4) Click Apply/OK.If you have previously downloaded ComboFix,please delete that version and download it again from below. Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on Combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Now go to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post th... Read more

1 more replies
Answer Match 51.24%

I have been infected by the malware VUNDO- The pop ups talk about winpro. I saw all what was written about it, and did what I should do. The VUNDO Fix Scans and does not find it (same for the Symantec one). And after the scan finishes, I DO NOT have the BUTTON that says DELETE.
So I came back to square 1- I followed the 5 steps asked:
1- I cannot run the services of windows. It gives the following error: 1058: THE SERVICE CANNOT BE STARTED EITHER BECAUSE IT IS DISABLED OR BECAUSE IT HAS NO ENABLED SERVICES ASSOCIATED WITH IT.
Of course I tried enabling it and starting it. It does not work.
2- I have no service packs- Same reason as above.
3- I ran HIJaCKTHIS- I ran all the program suggeted-
4- Please find the files attached.
5- OH, I forgot- The virus took over my desktop wallpaper. It is blue now, and I cannot change it anymoer

A:[SOLVED] WINPRO VUNDO infected- POP UPS.

I have been working on it waiting for my 72 hours delay, and I saw one suggestion is to run the AVG Antivirus. I did, it found TROJAN virus. ANd the message is: C:\windows\system32\xxyvvUKD.dll Threat name: TRojan horse Generic 10.AFSV detected on open

2 more replies
Answer Match 51.24%

Hi everyone! I'm using Windows XP, and a day or two ago, I got a message from Norton Systemworks saying that I had Trojan.Vundo. I tried using Norton's FixVundo.exe program, but it said there was no Vundo on my computer, but my computer stayed as slow as ever, and I still got the constant message that I had the trojan. I've included a HijackThis log below, hoping someone can help me. One thing that you might want to know is that I still have system restore off because I was told to turn it off to try to get rid of the trojan by Norton. Anyway, thank you!
-juneisnother
Logfile of HijackThis v1.99.1
Scan saved at 13:08:45, on 10.12.05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program... Read more

A:Solved: Infected with Trojan.Vundo

15 more replies
Answer Match 51.24%

I have tried vundofix and virtumondobegone which haven't helped. I have even deleted the files from the registry just for them to come back instantly. Not sure what to do could really use some help. I would appreciate it very much!!

Logfile of HijackThis v1.99.1
Scan saved at 10:30:10 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1125192780\ee\AOLSoft... Read more

A:Solved: Infected with Virtumond/Vundo please help!

16 more replies
Answer Match 51.24%

Hey Cheeseball you helped me a few weeks ago when I was infected with the vundo trojan, I seemed to have been infected with something similar again. I tried following what you told me to do in the last post but combofix doesnt seem to work anymore, it says its expired. I included hijack, SAS and combofix logs. I also scanned with vundofix but found nothing.

Logfile of HijackThis v1.99.1
Scan saved at 9:16:25 PM, on 11/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program ... Read more

A:Solved: Help Cheeseball! Infected with vundo again!

bump, still need help. Seems like combofix got rid of dfsshle.dll, but hidden internet explorer windows keep opening, the only way to close them is with task manager.
 

1 more replies
Answer Match 51.24%

Symantec's auto protect has been showing that I'm infected with a Vundo and I get random pop-ups on normally pop-up free sites. Any help would be appreciated, thanks in advance. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:44 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla ... Read more

A:Solved: Infected w/ Vundo HJT log included

11 more replies
Answer Match 51.24%

2 days ago my computer slowed to a crawl and NAV keeps popping up with two different messages that it has detected a virus, "unable to repair", and "access to the file was denied".

I went through the instructions from the symantec web site: unplug internet, turn off system restore, run their fix tool in safe mode, and it doesn't find anything. I've checked out some of the other trojan.vundo threads and each one seems different. I also tried spysweeper with no success either. It's getting late and I'm going to bed but I'm posting this in hopes someone could help me out tomorrow afternoon around 4:00p.m. Thanks.

Infected files:
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\awtronn.dll

Also now when my computer restarts in normal mode it can't find
C:\WINDOWS\system32\vysbcxml.dll

Here is the HJT info:

Logfile of HijackThis v1.97.7
Scan saved at 11:46:27 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Sym... Read more

A:Solved: Infected with trojan.vundo

16 more replies
Answer Match 51.24%

Hi, like the title says...i'm seriously needing help to clean my PC from trojan Vundo and Downloader malware (and perhaps some other unidentified ones)...it keeps popping up IE adverts whenever i surf to certain websites using my Mozilla... i've tried cleaning using Norton AV and Ad-Aware but they only managed to clean partially..and after reboot they re-emerge.

So where do i start?? HJT?

Thanks in advace.
 

A:Solved: PC infected with Vundo & Downloader

11 more replies
Answer Match 51.24%

Hey, I currently need A LOT of help. Today, out of no where my Norton Antivirus tells me I have this virus (trojan.vundo) so I followed it's instruction to remove it. Then after the required restart, it happened again and now its the 5th time it keeps popping up. My OS is Windows XP if that helps.

I am currently running FixVundo and its still scanning. Should I scan with another software too?

Also, along with this virus, I also get a TON of HTTP Quickbrowser Activity Worms.

Can anyone please help? Thanks in advance.
 

A:Solved: HELP Trojan.Vundo infected me!

16 more replies
Answer Match 51.24%

Hi,

My PC has been infected by a trojan vundo. I have tried everything by following threads throughout the forum but to no avail. These included Vundofix. Funny thing is Bitdefender says it has stopped it but cannot delete it. But it keeps replicating itself in the System32 temp folder. I have found a suspicious file in winnt called tuvvuu.dll.vir, (hidden). Believe me when I say I have tried everything in the forum. Please help as I am now at the last chance saloon before re-formating. As usual it not the PC that is the valuable thing here but the data that it holds.

ANY HELP greatly appreciated.

Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 15:53:55, on 07/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program ... Read more

A:Solved: Infected with trojan vundo AH

14 more replies
Answer Match 50.82%

So, lately I've been getting a lot of internet explorer pop ups. I ran my norton (that's old and expired) and also an AVG, about to run a Spybot SD search.

After running my AVG though, it put a bunch of my application .exe's in the vault, which saddened me, and now every time I boot up, I get two errors about unable to find awvvw.exe and also a csfhstds.dll failure or something rather.

I searched for both, and csfhstds.dll didn't show up with anything under google, and the awvvw.exe brought me to a forum similar to TSG, and some of the posters said it was a vundo virus.

(By the way, after running AVG, the popups are rarer, but still occasional.

Anyway, here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:21:44 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDO... Read more

A:Solved: I'm infected, with vundo virus maybe? (HJT included)

16 more replies
Answer Match 50.82%

My system got infected with Vundo Trojan and various spywares, please help clear my system from infection, below is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:50:14 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Generic\USB Card Reader Driver v1.8d\CR INSPECTOR.exe
C:\Program Files\Generic\USB Card Reader Driver v1.8d\Disk_Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\P... Read more

A:Solved: Infected with Vundo Trojan and other spywares

16 more replies
Answer Match 50.82%

Hi, i was infected yesterday after installing a program that i have downloaded from Utorrent.
After the infection i got messeges from my Aavast Antivirus, and it says that the trojan is a win32:vundo.
This is the first time that my current computer is infected by this trojan, and the solutions that Avast gives me are not good enough.
Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 13:23:38, on 24/05/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\... Read more

A:Solved: Infected by Win32:Vundo TROJAN, need help

14 more replies
Answer Match 50.82%

Hi,

Please help.

Hardware info: IBM Lenovo T80, Windows XP SP2, Intel Centrino 2GHZ, 2GB RAM

My Laptop is infected with Trojan.Vundo and Infostealer. Ran Symantecs Vundo remover, but it didn't find anything.

Symptoms:

1.) Norton AV finds Vundo and Infostealer and claims to have cleaned up the files, but after reboot, the process repeats and can't seem to get rid of virus.
2.) I am unable to connect to internet, although the "Local area network connection" is still sending and receiving packets
3.) Microsoft Firewall is disabled and greyed out (I cannot change the settings even after "netsh firewall reset" after recommendation)

Thank you in advance for your assistance.
 

A:Solved: Infected with Trojan.Vundo and Infostealer

15 more replies
Answer Match 49.98%

My computer is:
P4 2.4 GHz with 512MB ram and running XP

I also have a program in my "add and remove programs" called "Outerinfo" that I would like removed.

Thanks for your help.
slb5
 

A:Solved: Infected with win32/vundo!generic Please help to remove

13 more replies
Answer Match 49.14%

Hi My system is ifected with spyware ,windows xp,sp2Intially i was unable to search google and yahoo then i installed auperantispyware,then Mcafee after i restated after installing both ,the desktop items and task bar disappeared,then i installed the malware anti bytes ,then i gor desktop and icons back but i got an error dll is missing,when i restated again i didnt get error,but pops increasedi have installed superantispyware,Malware antibytes,hijackthisPlease find the logsSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/18/2008 at 07:37 PMApplication Version : 4.15.1000Core Rules Database Version : 3483Trace Rules Database Version: 1474Scan type : Complete ScanTotal Scan Time : 00:31:29Memory items scanned : 466Memory threats detected : 1Registry items scanned : 6572Registry threats detected : 6File items scanned : 19162File threats detected : 34Adware.Vundo Variant/ResidentC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLTrojan.Vundo-Variant/Small-GENHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32#ThreadingModelAdware.Tracking CookieC:\Documents and Settings\kiran\Cookies\k... Read more

A:Please Help Infected With Adware.vundo Rel/variant And Trojon.vundo

Hello newmember123 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addi... Read more

10 more replies
Answer Match 49.14%

Hi all at BleepingCounter,I have recently got infected with several nasty virus / worms and trojans from my school computers. I have since went to reformat my notebook along with my external hard disk (HDD).But when I did a virus scan with AVG, I found several infections, whereby I immediately google the possible solution to getting rid of these pesky troubles.From the SUPER Anti Spyware thorough scan, I have been infected with the Adware. tracking cookie and Adware. Vundo Varient/Rel. I have tried to delete it several times, but it refused to be deleted with SAS.Then I found this website offering great solutions, so I immediately downloaded the Malwarebyte's Anti-Malware which showed that the vendors were Trojan Vundo, Trojan Agent and Malware trace from the quick scan.And I also saved the logfile of the Trend Micro scan..My operating system is Windows XP, it was downgraded from Windows Vista Business. And I currently have AVG 7.5, Avast! Home Edition 4.0, SAS AND Malwarbyte's Anti-Malware.I am really quite new and ignorant of these viruses and programs, but I am doing whatever I can on my part to save my notebook and I hope that you guys might be able to save my notebook too, it is at present only 3 days old before I received all these nasty viruses!So I copied and pasted the Hijack file file below... And then I also copied and pasted the log from after I clicked removed selected during the Malwarebyte's scan..Am I being paranoid or do I have more viruses?Logfile of... Read more

A:Infected With Trojan.vundo / Adware Vundo Varient/rel

Hello Jacintha and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

10 more replies
Answer Match 49.14%

Hi, this is my first time and I am a novice at this, but I just can't ignore what my TrendMicro OfficeScan software told me it found a WinAntiSpyware2007 spyware and then I scanned my computer with SpyHunter v2.9 and it found a Trojan.vundo file in the registry. Can anyone help! Thanks so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:13 PM, on 8/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32... Read more

A:Solved: Help! Infected by WinAntiSpyware2007 and Trojan.vundo! HiJackThis file included.

Apparently my OfficeScan software actually was able to get rid of the spyware after I closed out my Internet explorer session but it just did not remove it from my computer regsitry, but I have been informed that it probably can't hurt anything. My computer has not started acting up on me or anything, so this is all that I can assume.
 

1 more replies
Answer Match 48.72%

Deckard's System Scanner v20071014.68Run by korisnik on 2008-05-28 00:31:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-27 22:32:05 UTC - RP1 - Kontrolna točka sustavaBacked up registry hives.Performed disk cleanup.-- HijackThis (run as korisnik.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 0:32:58, on 28.5.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsv... Read more

A:Infected With Vundo,vundo B,vundo.dll.,virtumonde

Hello dujma and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not cha... Read more

2 more replies
Answer Match 48.3%

Hallo there,as you can see from the topic i have three trojans in my pc which i can't remove. I folowed the "Preparation Guide For Use Before Posting A Hijackthis Log" and i'm posting the log file.Any help appreciated!!!!Dimitris********************************************************************************Logfile of HijackThis v1.99.1Scan saved at 2:19:19 PM, on 5/4/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\lkcitdl.exeC:\WINDOWS\System32\lkads.exeC:\WINDOWS\System32\lktsrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Fil... Read more

A:Infected With Vundo Dlm 13, Vundo Gen, Crypt Xpack Gen

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Dim Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.****************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop C... Read more

9 more replies
Answer Match 47.46%

I recently stumbled upon a warez site in search of some information about a couple programs, and almost instantly I seemed to be infected with numerous nuisances.

The worst one is a program that seems to generate dialers in the form of win(variables).tmp.exe, getting multiple ones there that regenerate after being deleted and pop up annoying ActiveX control can not be used messages every minute or two.

There are other ones too, and they are all very resistant; I have used Adaware, Spybot, AVG, Panda, Windows Defender, and spyware doctor (don't have it registered, use it to detect threats and then manually remove the files/reg keys). Every time I make progress, it is negated usually before I even reboot.

After working on said for several hours in safemode with HJT and the latter programs, I have gotten most of the easily removable viruses out, but the following respawn and I haven't been able to kill them. I'm listing the viruses now with as much info as I've gathered about them.

I would reformatt, but I really don't want to since I don't have all of my driver discs and don't have my winXP disc with me on campus.

Please help :D.

Dialer.AXJ:

Makes following files-
content.ie5\QS3AVBKQ\srvbin4[1].exe
windows\temp\winxy.tmp.exe

Following Processes-
winxy.tmp.exe

Makes a windows notice box about how an activex control failed to work (I think something is blocking it's function).

Rbot.fu:

Makes registry entries-
HKLM&#... Read more

A:Used A Warez Site, Infected To Hell, Not Reformatting

You should not try to fix anything with HJT, unless you have been properly trained in it's use.HJT is a tool used to locate "problems".The removal of these "problems" is sometimes much more involved, than just having HJT fix it.The improper use of HJT could also cause damage to your system.I suggest you post a HJT log for our Team to examine.They'll take you through the fix, step by step.Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

3 more replies
Answer Match 46.62%

ok so I have Vundo on my other laptop....it found me again. help please???
 

A:Solved: Same virus, different computer. I got Vundo again.

16 more replies
Answer Match 46.62%

Hello.Could you please help me? A couple days ago, I got hit with a TON of trojans while at Kings of Chaos. McAfee sent up notice after notice that it had caught and "removed" this trojan and that trojan and I don't know how many FakeAlert thingies.A McAfee scan turns up nothing. Spybot Search & Destroy shows a Firewall Bypass and Malwarebytes' Anti-Malware shows two instances of Trojan.Vundo, eight of Trojan.Vundo.H, two Trojan.FakeAlerts, three Fake.SystemTools & one Disabled.SecurityCenter. Since yesterday I've been getting VUNDO.gen.bp "caught and removed" notices from McAfee.I "remove" these with Spybot & Malwarebytes and they keep coming back. They mainly seem to be opening new windows, opening up IE and just causing a pretty heavy lag. I'm getting fake virus removal programs popping up too. Oh, and "Are you sure you want to navigate away from this page?" stuff but that only seems to be happening at Facebook so that could be them I suppose.Thanks for any help you can provide.

A:Infected with Vundo, Vundo.H and FakeAlerts

Hello and welcome.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyRerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install a... Read more

19 more replies
Answer Match 46.62%

Logfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-06 15:52:50Microsoft Windows XP Home Edition Service Pack 3System drive C: has 39 GB (54%) free of 72 GBTotal RAM: 990 MB (40% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:53:06 PM, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Lexmark 3400 Series\ezprint.exeC:\Program Fi... Read more

A:Infected with Vundo.H and other Vundo components

Hello Matt0852 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

5 more replies
Answer Match 46.2%

hi

I seem to have been infected by some kind of virus/trojen...as of yesterday evening radom internet explorer windows would open up (nothing on firefox)...i proceeded to uninstall internet explorer 7. Then i started getting alert windows from windows defender telling me it had found -

1) trojendownloader:Win32/small.gen!D
2) trojen:Win32/Vundo.BR

i ran a scan using AVG 8 (free version) and though it seemed to find these trojens, on restarting the laptop, the same windows defender alerts were displayed and i had 2 RUNDLL error messages -

1) error loading C:\WINDOWS\Pvici.dll the specified module could not be found
2) error loading C:\WINDOWS\zutibeki.dll the specified module could not be found

on the advice of a friend i downloaded and ran a scan using "Glary Registry Repair" but once again on restarting the computer i had all the above mentioned error messages and alerts. PLUS i now have a red circle/white cross icon in system tray and i have lost my desktop wallpaper...all i have is a black background

pls advise on how i can things back to normal...many thanks for your time and assistance


DDS (Ver_09-03-16.01) - NTFSx86
Run by ahansraj at 23:45:52.85 on 23/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.317 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WI... Read more

A:computer infected by Win32/small.gen!D and Win32/Vundo.BR

Hello Golo and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!If ComboFix does run it's full circle, the please try to install Avira An... Read more

8 more replies
Answer Match 46.2%

I have Dell Inspiron 530 and running Windows XP Home Edition service pack 3. I suddenly started getting pop ups and my AVG says I have the Trojan Horse Vundo.KE. It was moved to the virus vault but keeps coming back and now I can't even use my computer because of how slow it is running. I have run CCleaner and Spybot but it doesn't help. It took me several tries to even run the GMER scan. Upon start-up on two separate occasions I got Rundll errors. One said c:\windows\system32\zugotike.dll and the other said c:\windows\system32\gasidufa.dll specified module could not be found. I can't really go anywhere online or even use my computer now.
Please help I need my computer!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Margaret at 23:37:51.32 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.816 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlse... Read more

A:[SOLVED] Vundo Trojan eating my computer

Howdy there Babineaux586 and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this web page for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

11 more replies
Answer Match 46.2%

Worried I might have caught something. vundo has me worried. Could someone check my log?
Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:40:22 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\PROGRA~1\NO995A~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NO995A~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sy... Read more

A:Solved: Computer slowing down....Worried about vundo(HJT log)

14 more replies
Answer Match 45.36%

HELP!!! i just received this anti-virus alert. I paid a computer specialist a few hundred dollars to fix my computer just two weeks ago because of the win virus.Can anyone tell me if I can get rid of this myself? I have windows xp and the specialist installed CA security for my anti-virus,anti-spam.
thanks in advance,
pullgrl
 

A:Solved: win32?vundo!generic virus alert on computer

13 more replies
Answer Match 45.36%

Well this sure is frustrating. I have little experience with viruses and similar because I have not had the displeasure of having to deal with them. Until now. Yesterday my desktop computer icons started flashing on and off and that was the first sign of trouble.

I use Norton Internet Security and Windows Defender. I have used Norton products basically since there have been Norton products. My Norton subscription recently expired and I just have not renewed it yet. I wonder if Norton has failed in this instance because it is expired or because it simply is unable to deal with this particular problem.

Since I cannot open IE browsers on my desktop (the browser itself will open but it just hangs and will not connect), I have downloaded programs to my laptop and moved them to my desktop on a USB key. I do not have any desktop icons but I can Ctrl+Alt+Delete to open Task Manager, then click on File, New Task (Run?) and type in C: - this will bring up the desktop icons temporarily and I can then click on My Computer and get into my USB key if I do it quickly! The programs I have tried so far are Spybot S&D, Symantec FixVundo, Atribune VundoFix, SpywareBlaster and AVG Anti-Rootkit.

Some identified items are:
C:\WINDOWS\system32\opnklkk.dll - [B] >> Generic.Malware
C:\WINDOWS\system32\geeda.dll - [B] >> Trojan.Vundo
C:\WINDOWS\mrofinu572.exe - [B] >> Generic.Malware

I have not been able to remove any of these. I did go into msconfig Start... Read more

A:[SOLVED] Desktop flashing - vundo, geeda. Crippled computer!

Please disregard this thread. And I will mark it as solved. I back up my entire hard drive once a month with Norton Ghost and decided to go that route. I had never actually done a restore before (the need never arose before) so I did so with some fear that it might not work right but it appears to have worked just fine. Thank you for your time.

1 more replies
Answer Match 45.36%

I can not scan my computer...ie: virus scan, spyware scan, file search...without my computer giving me the BSOD.

I have written down them stop numbers.

stop:0x0000000A (0xC1042252, 0x000000FF, 0x00000000, 0x8057E8AF)

I think it then said IRQL_NOT_LESS_OR_EQUAL....I forgot to write that down again. I could get my computer to BSOD again by scanning but I really hate too do it.

I used to get it for a bad driver, however I removed the programs that were causing it from my computer.

Thanks for any help. I am ready to pull my hair out over this.
 

A:Solved: Can't scan computer without BSOD [moved from XP; possible Vundo variant]

16 more replies
Answer Match 44.52%

Am currently writing this using my laptop computer. I need help in formatting my desktop pc. It runs Windows Vista Home Basic, and as you know the *restore to factory* recovery info is contained on the hard drive(which I cannot access) Is there any other way I can format it?

Here is the problem with the other computer....
I push the *power* button to boot up computer but it takes 20 minutes to an hour to boot to the desktop...in process I see no *logo* screen, so cannot tap F8 to gain access to the advanced boot menu screen. Then suddenly it boots to the desktop. I can acccess anything ON the desktop but cannot access IE, nor will Add/Remove programs work. I click to uninstall a program, and it says *its working* but it basically freezes and doesnt uninstall anything, AND doesn't really do anything. I had to use ctrl/alt/del to shut it down. Restart does not work, same problem with booting.

Bad me, I had loaned the computer to a friend for a few months while I was preparing to move, and moving as well. I just got the computer back last week. YESTERDAY my friend tells me the pc has been *misbehaving* for about 2 months and never before had any problems while in my home. I know, never loan computer to *friend*...but lesson learned.

I really need to know how to format. Am wondering if I should create a boot disk for it from this computer and then try that.....but will wait for your advice.

PS: I have been waiting for the computer to reboot now for about 1.5 hours... Read more

A:PLEASE! I need help in reformatting my other computer...

what are you running
video card
cpu
m/board
ram
power supply
brand
wattage

check the listings in the bios for voltages and tempretures and post them

because of it being moved something could have worked loose check the connections
in the bios disable the the gui[logo]
try a cmos reset
turn the computer off
remove the power lead from the back
take the side off
remove the cmos battery
move the cmos jumper from pins 1 and 2 to pin 2 and 3 and the back to pins 1 and 2
reinsert the battery
put the side on
replug in the power lead
boot the computer

there can be 2 solder points you touch with a screwdriver
2 pins you touch with a screwdriver or use a jumper
a cmos clear switch or button

to restore to factory you usually put in the recovery disk and hit one of the F keys as it is booting up
then the recovery cd and the recovery partition work in conjunction with one another to impliment the restore
there will be a diagram and instructions in your manual

then see if you can get safe mode[low resolution mode]

9 more replies
Answer Match 44.52%

Hi, I'm trying to reformat my computer. When i put the window XP cd in, and i reboot my computer. I don't get the blue screen to full reformat my computer. I tried turning off my computer, and turning it back on. Putting the cd in and i don't get the blue screen. I reformat my computer before and i get the blue screen, but some reason i don't get it today.

A:Need help on reformatting my computer

Is the BIOS set to boot to CD first and then hard drive?

18 more replies
Answer Match 44.52%

c:\WINDOWS\system32\presetup.cmd - FILE NOT FOUND!
c:\WINDOWS\system32\setupORG.exe - FILE NOT FOUND!
(setupORG.exe ->Original windows Setup.exe)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
POSSIBLE CAUSE:
1."Preset.cmd" not exist in the i386 folder in UXPCD
"setupORG.exe" not exist in the i386 folder in UXPCD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2. Check your "txtsetup.sif" in the i386 folder on UXPCD
---Txtsetup.sif---------------------------
[SourceDiskFiles]
setupORG.exe=1,,,,,,,,2,0,0 ; must exist
prestup.cmd =1,,,,,,,,2,0,0 ; must exist
---------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now this is very similar to the post found on these forums but it doesn't solve my problem.

To walk you all through what i've done so far.
____________________________________________________________________________
Trying to clean up my dads XP Home ED comp. I went out and bought Windows XP PRO.

Now i'm not used to HP, the BIOS is all weird so I had to insert the disk and start the installation process instead of just restarting and booting from the disk.

Now I wasn't able to delete the Windows XP Home ED. Partition so I just merged the two since they have similar files.

Everything was installing fine until I got the error message as posted above.

I've checked the windows disk, everything ... Read more

A:Reformatting Hp Computer

Now i'm not used to HP, the BIOS is all weird so I had to insert the disk and start the installation process instead of just restarting and booting from the disk.Why can't you boot from the CD? Familiarize yourself with the BIOS and look for a 'boot order' option and make the CD first.

5 more replies
Answer Match 44.52%

I no doubt have viruses/malware and due to a failed reformat a long time ago, their is more than one operating system on my comp, and I just want to kill 2 birds with one stone and just reformat it and get it done with.

However, I have a few questions.

1) I don't have any of the CD's that came with the computer. If I go buy an XP cd, for all the other software (Microsoft Word, etc), how do I transfer it back to the comp without having to go buy it again to install it?

2) Is it possible that I transfer the viruses/malware when I put back the file I save after it reformats?

3) Any simplistic reformatting guides out there? I'm hardly computer illiterate, but I'm no technician...

A:About reformatting my XP computer...

Is your computer a brand name? There can be specific steps to take and you can often buy replacement recovery or reinstall disks for less than 20.00

List the brand model and service tag/ part number if any or describe the mainboard model and revision which is often a splash screen early in the boot process and is also written on the motherboard.

29 more replies
Answer Match 44.52%

Hi. Recently I had some trojan rootkit hit my computer, and decided maybe it'd be best if I reformat it and re-install windows. Catch is, I'm not really good with computers and don't really know how to do this.

It's a dell laptop, and I have windows XP running on it. Still have most of, if not all, the original cds that came with it when I purchased it. What I'm wondering is how hard this is to do? Could I risk wrecking more than I do good by attempting this when I don't really know what I'm doing?

Let me know if your need to know anything else, like what model and other stuff, and I'll get back with it. Any help'd be appreciated, thanks.

A:Reformatting My Computer

Hello tofte

I have a fairly standard procedure that I follow, after backing up what data I can safely save and then restoring the computer
I apply any driver updates that seem necessary, you have to go to your model's web page and compare dates, if you see newer drivers, it's best to load/update them. Next I clean the computer of useless crud and adware installed by the manufacturer. Same thing for something like norton's trial subscription, there's a special uninstaller for that.

Next I will apply the latest service pack, having the latest drivers and no security software to interfer

Then I load my security software

Last I connect to the internet

This is a pain but I believe it to be the safest approach

In your log I noticed you were running norton's and PrevxCSI, and teatimer, avoid any combination of security software that
might conflict

22 more replies
Answer Match 44.52%

So I'm going to help a friend reformat and old computer and put XP on it......
I don't know if formatting old computers with XP is safe? She says its pretty old, like '99 and she got it for free from a friend for work (she can't afford anything else right now)
So it's not like we can go out and buy a bunch of stuff for it....I think it's running on Windows 98 & I know nothing about the drivers and I know she doesn't have any CD's for the drivers....

SO any advice on how to go about doing this would be awesome.
Thanks!
 

A:Reformatting an old computer...

I would have serious doubts about a '99 PC being able to run XP.

You really need about a 500 MHz CPU and 256 MB of RAM to make it run in a useable manner. Do you have that on the old PC?

Apart from that you just put the XP CD in the drive and let the PC boot from it, following the menu's. Remember it has to be a copy of XP that is not in use on any PC and was never supplied "with a PC", or the operating system may refuse to activate and lock you out.

1 licence per PC.

Then you need to know the make and model of PC or the make and model of the motherboard so you can get the correct XP drivers from the makers website (if any were ever released, given it's an old PC)
 

2 more replies
Answer Match 44.52%

I have a computer with windows xp professional Edition which was infected with a rogue virus. I was able to remove this virus, however it infected the registry. All the periferals were disabled included the cd-rom, network drivers, processor drivers. I ended up deciding to reformat the computer. It has raid 0, with 2 hard drives.

When I formated it I got a BSOD 0x0000007b. I put in the raid controller driver on a floppy drive. I was looking online for any solution to this problem, I found a few but nothing that would help me resolve the problem.

This is a 7 year old computer but I'm used to it and do not want to buy a new computer.

I am hoping someone has experienced a similar problem and can tell me how to fix it

I ran a chkdsk on the hard drive, they were fine.

A:reformatting computer

System manufacturer and model?

What exact steps did you take to reformat/reinstall Windows?

Do you have a MS Genuine XP CD sold by Microsoft?

Louis

9 more replies
Answer Match 44.52%

Hello, new to this site. I want to reformat my computer and would like to find step by step instructions on how to do so. I already backed up my comp with Carbonite and a stand alone back up unit as well. Its a Dell laptop,AMD Sempron, Processor 3500+, 1.58 GHz, 896 MB of RAM/ Windows XP Home Edition 2002. What next? Any assistance would be appreciated!

A:reformatting my computer

Are you just looking to format or format/reinstall windows?The easiest way to do it is just insert your recovery discs, or other windows installation disc, and go forwards as if you were going to install windows.Microsoft provides a guide to do so http://support.microsoft.com/kb/978307When you get to the point where it tells you that it is checking the drive you can eject the disc and shutdown the machine, or go through with the install if that was the plan.There are other programs to format as well, but if you were going to reinstall windows this is the easiest way.

7 more replies
Answer Match 44.52%

Hi, I have decided to reformat my computer and I have never done this before and I was wondering what I would need to reformat my computer. I run Windows XP.
 

A:Reformatting Computer

16 more replies
Answer Match 44.52%

This is a huge thread. I had no idea what forum to put this under, but I don't think it should have to go anywhere else other than here. This is a question about reformatting my computer, with no real full answers.

I have really started to notice how slow my computer has become, so I have decided to reformat the computer. Thing is, I am not going to just put back the back-up file, and I am not wanting to lose everything. Thanks to a second hard drive, I have decided to try and go through everything we need and put it on there manually, so to not include what I don't want. I just wanted to know, what do you think I should try and save from this reformat of a computer?

My list:
Program files (the instillation file)
Start-up files / 'All Programs' (much the same as ^)
Browser information (bookmarks, settings, saved passwords, forms (anything else?))
Bits of set up information (internet connection, drivers (must check my CD collection))
My document files (for all users) / Files stored on c drive (my folder, and everyone elses)
Documents and settings (go through them and have a look, not forgetting limewire shared downloads)
And your suggestions and reminders

Before doing any of this, I will have to create a few back-up files on DVD's just in case. I have not gone through with it yet, but DriveImage XML seems to be my best option so far. After that is done, I will get onto doing this eventually.
What do you think I could be missing?

Will this h... Read more

A:Reformatting the computer

11 more replies
Answer Match 44.52%

Hello,



I would like to reformat my computer or set it back to the original settings. I cannot find the windows xp installation cd / boot disk.

I brought the computer legally so I have no idea why I didn't get them, I have all the other details of purchase and stuff.

I remember being asked to make a disk when I first switched on the computer but this was my first computer so I didn't have any disks or understand what it was doing.

Is there anyway I can reformat my computer or reset the settings?
 

A:Reformatting my computer

9 more replies
Answer Match 44.52%

i tried my best to catch up to what our i.t specialist have taught me but he was so fast and very busy lately. please kindly jot down step by step how to reformat a computer.

A:Computer Reformatting

Assuming that you want to reinstall the OS, It depends on the computer and what disks you have.
If this is a retail computer, you should have a set of recovery disks or you might need an original Windows CD
What is the make and model of your computer?

4 more replies
Answer Match 44.52%

How do I reformat my HP PC?
The model is dx5150.

I heard about various methods such as using F10 when in the blue HP screen during startup to reformat it. But it doesn't work for me 'cause I don't have a blue HP screen.

By the way, I don't have a Windows XP CD or any boot disks or such.
Is there anyway to reformat without an XP CD?

A:Reformatting the Computer

Well you need to have some kind of boot disc whether it be a cd or a floppy. You can use DBAN put it on a floppy and wipe the drive that way. And if you plan on using the computer again you need to have an OS disc to do a reinstall otherwise it is useless without an OS.

13 more replies
Answer Match 44.52%

Hello....

I want to KILLLLLLLLLLLLLLLLLLLLLLLLLLLL my computer!!!!!!!!!!!!!

I hate it, I can't stand it... eitherway..... so it's win xp home

Tried to reboot that bleep of trash and pressing F8 then F10 then F4 constantly and it didn't work.... tried delete and got into bios

Problem - I was NOT given a CD... Futureshop and Canadian Electronic stores practice Tyranny

So.... Through my reading I found out about the I386 folder - mine was deleted so I re-installed SP2... BUT no winnt files that are exe

Now what? Any ideas?

A:Reformatting Computer - No Cd

by law your computer maker must furnish you a way to reinstall, sometimes it's a hidden partition on your hard drive, others even have you burn the cd's, if you neglect to do this or lose the manual telling you how to reinstall, companies will send you a reinstall package for a small fee, the important thing is your certificate of authenticty where you have a valid number.

call them up

4 more replies
Answer Match 44.52%

windows 2000 upgraded from windows MEcomputer totally messed up after someone went in and deleted everything from add/remove programs, all other programs and files etc deleted also.internet explorer still works and it will still connect to the internet but it won't install any necessesary programs such as avg antivirus or spybottried to reformat with win2000 cd, but it wouldn't complete the format. a message keeps popping up in a gray box: "the application must be installed to run. please set up fromt he location where you originally installed the application"went to http://windows2000.windowsreinstall.comshould I try Windows 2000 Pro install on used Hard Drive or Windows 2000 Pro Repair install ?the cd is a full installation disk.is there a way to format the hard drive to get rid of everything and then install win2000 from the cd? there is nothing to back up or save on the computer.

A:need help with reformatting computer

Pop in the win 2000 disk.....go to the setup menu..and instead of formatting the drive, delete the partitions and remake them. Then install.

2 more replies
Answer Match 44.52%

Okayzzz

So I reformatted my computer (from CD)... I had 2 problems DURING reinstall-ation

1- missing duser.dll file (so I skipped it)
2- when it was "updating" for some fun reason it said I had some setup something unabled....
So now I'm trying to connect to the internet and no luck.... I installed Mozilla from a USB... IE7 and Mozilla exist but neither connects....

I went to control panel -> Network Connections -> Add New Connection -> Get error "The New Connection Wizard was unable to open the following location on your machine: C:\Program Files\Online Services"

I can reinstall windows again but it asks if I should update (recommended) but I can't even connect to the net... and YES the internet is connected to the other computer and the Ethenet is green - the plugs are working so is the machine
Anywayz I did add Duser.dll to my other computer (in the system32 folder) - but that's still not giving it the ability to go onto the internet.... still same error... in a sense the computer looks screwed but I need to somehow get onto the net so that I can reinstall windows with the updates and such

A:Reformatting My Computer

Try reinstalling it again, and make sure the CD your using is clean. If theres dirt or a scratch over a certain part of the CD, whatever file was there, the setup will skip. If you get the same error but your cd doesn't have any scratches on it, than it's something else. Try reinstalling it, that would be your best bet right now.

3 more replies
Answer Match 44.52%

I have been having issues with my computer. I was having problems with a virus and I thought it was gone and then I went to turn on my computer and all I get is my desktop background picture and no start menu and no desktop icons or anything. When I hit Ctrl Alt delete nothing happens at all. No one has been able to help me with this problem. One person told me I would need to find the cd for my computer to basically reformat it. I thought I found the cd and put it in and again nothing happened. These are the cds I have, Operating System reinstallation cd. Drivers and Utilities. And I have a couple that say Application on them. Are any of these the ones I need or am I doing something wrong? I really need my computer soon and just need some help. Thank you.

A:reformatting my computer

Also my computer will not go into safe mode either. I have tried that.

12 more replies
Answer Match 44.52%

Hello,
I want to know if there is any way to reformat my computer (HP) without having the default factory programs (AOL 3 Months Included, Get Vonage, My HP Games, Norton Internet Bullsh*t, and all this other crap) installed.
If there IS any way, can you please explain the procedure?

Thank you,
Eli
 

A:Reformatting a computer...

6 more replies
Answer Match 44.1%

Hi everyone,

I've been receiving these few BSODs for many months. I've tried running memtest and update as many drivers as i can but to no avail. I've just reformatted my computer yesterday but still facing the same problem

The BSODs are:

-Page fault in nonpaged area
- System service exception
- Irql_not_less_or_equal
- Bad pool header

Many thanks in advance

A:BSOD even after reformatting computer.

STOP 0x0000003B: SYSTEM_SERVICE_EXCEPTION
Usual causes: System service, Device driver, graphics driver, ?memory

STOP 0x0000000A: IRQL_NOT_LESS_OR_EQUAL
Usual causes: Kernel mode driver, System Service, BIOS, Windows, Virus scanner, Backup tool, compatibility

- Uninstall Norton. They are known to cause BSODs

Code:
Start Menu\Programs\Norton Online Backup Public:Start Menu\Programs\Norton Online Backup Public
Recommended to use Microsoft Security Essential from BSOD perspective, and Malwarebytes
Microsoft Security Essentials - Microsoft Windows
Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer

- Do a series of testing using memtest86+. Bad RAM chip could be one of the cause here
RAM - Test with Memtest86+
Pay attention to #3, do the test for at least 8 passes

- Update these drivers as they are pretty old. Outdated driver sometimes cause crashes which is fixed thru update

Code:
Image path: \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
Image name: mwlPSDVDisk.sys
Timestamp: Tue Jun 02 17:15:29 2009 (4A24FBC1)
mwlPSDVDisk.sys Driver Download Page

Code:
Image path: \SystemRoot\system32\DRIVERS\iaStor.sys
Image name: iaStor.sys
Timestamp: Thu Dec 10 08:39:43 2009 (4B20515F)
iaStor.sys Driver Download Page

You can find the rest of the info here: Driver Reference Table (DRT)


Code:
Image path: \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
... Read more

3 more replies
Answer Match 44.1%

So i just recently purchased a new computer and i got that blue screen so i decided to reformat. when i boot from the cd it gets to the screen inquiring if i want to install windows (enter), repair windows (r), and one other option.

after i hit enter, it goes to a blue screen and at the bottom it says examining fjsdklfsafdsa (i dont rememeber exactly what)

I think its examining my hard drive but it wont get past there. i left it on overnight and nothing changed from that screen.

I reformatted my laptop right after this to see if it was an issue with the cd but my laptop reformatted just fine.

Both the cd and OS are windows xp for both the laptop and desktop. I just reformatted my laptop to test the cd and make sure it was good.

Is there any way i can reformat my computer without wiping my hd? i have it partitioned right now and would like to save the stuff on my other partition since i didnt get a chance to back it up before my computer died.

Please help me resolve this situation, if more info is needed please just let me know and ill find whatever i can. Thanks!

A:Computer gets stuck when reformatting

anyone? please, your help would be much appreciated.

3 more replies