Please help with Vundo and others

**jholland1964** · 08-22-2007, 01:28 PM

While your VundoFix log shows that previously the computer did contain Vundo, it was removed on the 17th, but the Kaspersky log shows the following still there;
C:\WINDOWS\system32\fccawtt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp

Download VirtumundoBegone and save it to your desktop
Now reboot into Safe Mode.
1. This can be done tapping the F8 key as soon as you start your computer
2. You will be brought to a menu where you can choose to boot into safe mode.
3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.
4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,
Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.
Exit when it has finished, and reboot back to normal mode.

Another thing noted in the VundoFix log is the presence of old java version is 1.4.2.3. This really leaves your system at risk as this version is not as secure as the newest. Go to Add/Remove and Uninstall this old version. While you are there search also for SpywareQuake. If you find it, uninstall it, if you don't find it don't worry about it.

The next thing you need to do are the following steps, I would recommend that you print these out so that you will have these to refer to while completing them, because you won't have internet access at that time.

Download SmitfraudFix (by S!Ri) to your Desktop
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt
Post back here with that report.

**Bryanr** · 08-22-2007, 03:06 PM

Did all 3 steps you recommended.

VirtumundoBegone found nothing
SmartfraudFix took about 3 seconds to complete
Java removed.

**jholland1964** · 08-22-2007, 04:32 PM

Download and run this program AnalyzerXP 3.7
Post the log here.

**Bryanr** · 08-22-2007, 05:16 PM

I ran the utility. I wasn't sure what date to put in so I used August 10, 2007, my system was clean then.
Log file with "All files created since...." was too big to upload (227K), so I scanned executables only.
Log attached (18K).

**jholland1964** · 08-22-2007, 05:49 PM

Let me go through this and I will get back with you ASAP.
Judy

**jholland1964** · 08-23-2007, 08:47 AM

With the help of ~TL I have gone through your log.
The Analyzer found several things which need to be removed;
To do this begin by downloading ~TL's

CleanupXP+

Once you have downloaded the program Reboot to Safe Mode

Double click on the program to run it. It will do a standard cleanup and then give you various options for additional clean up.
You are going to want to
1. Remove a File
actually in your case it will be a number of files you will need to remove. Here is a list of those files, you should print these out for reference.
All files with the matching name will be permanently removed from the System Drive (generally C Drive).
Valid file name is the file name plus its extension such as malware.exe or junkfile.txt. The file name is not case sensitive but make sure the write the full file name. The program will stop if there are any process running with the same name then proceed to scan the entire system and silently remove all matching files with that name.

Here are the files to remove;

c:\windows\system32\fccawtt.dll
c:\windows\system32\iwca.dll
c:\windows\system32\linxvdd.dll
c:\windows\system32\msinet.oca
c:\windows\system32\nslbcw.dll
c:\windows\system32\setupkit.dll
c:\windows\system32\superpro.dll
c:\windows\system32\wibukjni.dll
c:\windows\system32\wintay16.dll
C:\WINDOWS\plite731.exe
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
C:\WINDOWS\system32\syschks22\fcadz002.exe

2.remove a folder. You will not need to do this at this time.
3) Skip this Step: Restart the Explorer shell, deletes the utility files and exits the program.

Roboot the system to normal mode and run AnalyzerXP again and post that new log here. We will see what additional steps need to be performed.

**Bryanr** · 08-23-2007, 09:36 AM

Here is the log:

**jholland1964** · 08-23-2007, 09:44 AM

You ran CleanupXP+ correct?

**Bryanr** · 08-23-2007, 11:47 AM

Sorry, yes I did run CleanupXP+ and used the program to manually delete all the files you listed.

**TurcoLoco** · 08-23-2007, 02:28 PM

Hi,

Please save this custom cleaner to your desktop, then reboot in Safe Mode and run it.
Afterwards, reboot in Normal mode and run AnalyzerXP to see if the files are gone or not.

Attach your new log file to your next post please.

Thread: Please help with Vundo and others

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions