VUNDO malware/trojan/virus?...HELP!

[rleau21]

From my research (general searches of the symptoms and .dll files attemtping to gain access constantly) as well as certain scanners reporting as such, I have the following MAJOR problem:

VUNDO trojan/virus/malware (whatever it's techincally classified as)

Which, obviously, as of it's nature, has opened the door to multiple other malware/spyware.


I will be posting my *limited* information here shortly, as to my scan results and other information.

I say *limited*, because, even though I followed the directions in the sticky thread about what to do before posting, certain logs were NOT possible to obtain. I think the directions to the sticky thread need to be revisited and updated (I imagine the procedures have changed, possibly due to an update in some of the used programs).

Here's what I could not accomplish, while following instructions, step by step:

1. Fine
2. Fine
3. Fine
4. Fine. Nothing suspicious.
5. Fine.
6. Fine. Showed NOTHING (least effective scan of all of them, apparently).
7. PROBLEM! #1...ESET *ONLINE SCANNER* - as directed in the directions, even though I download the regular copy - Did NOT provide a log, even though it DID scan it. I DID however, manually copy the results (it showed two almost identical problems):

'
Probably a variant of Win32/Trojandownloader.Agent Trojan
C:\Documents and Settings\VanDeKerkhove\Desktop\Junk and Extras\XPKeySP2.zip>>ZIP>>XPKeySP2.exe

Probably a variant of Win32/Trojandownloader.Agent Trojan
C:\Documents and Settings\VanDeKerkhove\Desktop\Junk and Extras\XPKeySP2.zip
'

This being the case, I decided I should try Panda Scan. So I did.
I will be attaching that [pretty unspecific-looking] log to my next post.

8A. Fine
8B. Well. this was a huge waste of time - at least for the end result that would help you guys diagnose my situation... Although suspicious of it not going to work, I decided to follow your guys' directions to the letter. After the scan (which if I recall correctly, found 3 problematic areas) I did NOT click "Save Report" until AFTER I clicked "Apply all actions".....Problem being...After I did that, although it seemed to have taken care of the baddies, the SAVE REPORT button was greyed-out...I couldn't save the report. I check the report tab, but no report was generated. Sorry, but I have no log to show of this scan.

I am currently on Step 8C...and because of the lack of a log from AVG, I will be including anything that both Windows Defender and SpybotSD come up with...

But can someone please check into my notes above, and let me know if I'm right, in that there's a couple problems with the sticky thread's instructions up to this point?

THANKS! I WILL BE POSTING LOGS HERE SHORTLY! PLEASE CHECK BACK SOON!
*I am posting this from an uninfected laptop. My main home computer (not sharing any files on a network with this laptop) is the one that's infected. I'm just waiting for Defender and then SpybotSD to scan.

[PhilliePhan]

No worries about the "Read Me First Sticky!"
I will doublecheck the steps when I get some free time.
-- Is there anything in the AVG folder (program Files)? There ought to be a folder for "Reports."

I just tried to cover all the bases - A HijackThis log alone is insufficient these days when trying to fix issues in a forum setting....


You may as well go ahead and do the following:

• Download combofix.exe by sUBs to your computer's Desktop.
  
• Alternate Download
  
• (If you already have a previous version, delete it and download a new version).
• Double click combofix.exe & follow the prompts.
  Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to

• Produce a log for you. ( C:\ComboFix\ComboFix.txt)
• Restore your Internet connection.

IMPORTANT:

• Do not use your computer while Combofix is running.
• Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

Post the log for us and hang in there until Judy can have a look at it. She'll be able to instruct your further.

Best Luck
PP

[rleau21]

Ok, here's pandascan and HJ THis.

Panda scan was done before booting into safe mode. HJ this is current.

I wish I could attach my SpyBot log, but it says it's too big to attach.

HELP! It's really lagging everything (about 20% of my keystrokes aren't even being recognized...I gotta keep proofreading). It's changing homepage. It's got popups. It's got stuff agto install to startup (which I believe they've now done, since I exited EVERY defense I had, to do a HJ This report....It's BAD.

Thanks!

*I'll post that combofix in a moment...

[jholland1964]

Why don't you have an onboard anti-virus program?

[rleau21]

Here's my combofix log.

I don't run an ACTIVE virus scanner (AVG) and spyware scanner (, because I have 512 RAM, and it brings it to a crawl (not quiiite as bad as this virus does...but about half as bad, when actively running... Soooo...yeah). I run it more than once a week, when the computer's idle for a few hours. And IIIII personally don't go to any ridiculously dangerous sites that I'm unfamiliar with. My brother's an idiot, and as my previous post shows, I'm sure you can tell how he got this virus in the first place. I told him I'd just download a freeware version of office...But yeah....Anywho, there's my combofix log.

THANKS!

[rleau21]

Well, just scanned with AVG (default settings).

Here's the log...oddly, it doesn't show much...

[rleau21]

No, I did not find any "Reports" folder in my AVG folder.
BUT, that might be because I only checked that after I deleted AVG.

I did that because I have WinPatrol, and it was throwin' up red flags like crazy, and I wasn't sure if the malware was trying to leech onto my antivirus programs or what (Because it was asking me if "AVG/..../.../...dll" was ok to allow... and the .dll's were the original problem, although I'm not sure which ones specifically. But I do know that this virus can disguise itself as part of some scanners, as I've seen in other forums) - so I just disabled them all.

I have since reinstalled AVG (and Defender), and am doing a new scan now, and will post anything that I may be able to find in any folder such as "reports", ASAP.

[jholland1964]

AVG SHOULD have been ok'ed...it was probably updating! Anti-virus programs update all the time. You are infected because you DON'T have an active anti-virus program. Yes, WinPatrol would ask you...it is supposed to but AVG is SUPPOSED to have access, it cannot protect you unless it does.

[rleau21]

AVG SHOULD have been ok'ed...it was probably updating! Anti-virus programs update all the time. You are infected because you DON'T have an active anti-virus program. Yes, WinPatrol would ask you...it is supposed to but AVG is SUPPOSED to have access, it cannot protect you unless it does.

Yeah, I realize I should have OK'd AVG... I KNOW they update quite frequently. Please calm down I'm not a noob. I've dealt with quite a few on my own before. Like I said though...I've read other posts (not on this site, but others) that this virus can add fake files that add the suffix of a currently-installed virus scanner on your computer (i.e. "sbsd/dsfgddgfdgdfg.dll" or whatever) so that you choose to allow them and/or ignore them when you're trying to fix the problem. And like I said...it was the ".dll" ending that scared me...usually when scotty asks if a certain program is OK, it's a clear-cut ".exe" that I'm fully familiar with.

I know why I got infected. Like I said though, with 512 RAM, and other programs in use = sloooooow computer, 24/7 if I have an active scanner on (to the point where it's more of a nuissance than a suuuuper rare, once-every-3-or-4-years, super slow virus problem). Winpatrol has proven efficient for the minimal browsing I do, given it's minimal resource usage. And my brother usually never uses this computer, except for homework....(which, under the circumstances is also coincadentally why this happened, but shouldn't have, if he'd just listen to my advice and have a liiiittle patience).

Anywho, I'm sorry. I just don't want you to think I know nothing about how to protect myself. I am the primary user of this computer. I use it 90% of the time, I'd say. My brother, the other 10%. And he raaaarely ever uses it for ANYTHING other than homework. It was just an assanine move by him - one unforeseeable by me. If I were doing what he was doing at the time he got it on here, I would have had a dozen defense programs running.

Again, sorry to sound snippy. I just want you to know that I'm not a stupid idiot about this stuff.
Thanks, hope you understand.

Anywho... Alright, so what's my next course of action?

[jholland1964]

I haven't a clue as to why your brother is mentioned here...you are the one without the anti-virus program. You keep talking about a previous post and downloading office...what previous post?