Home > Hijackthis Log > Hijackthis Log. Vundo?

Hijackthis Log. Vundo?

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey Wonder what Boot mode: Normal Log looks like ! $.02 floplot Guru Norton Fighter25 Reg: 11-Apr-2009 Posts: 21,455 Solutions: 471 Kudos: Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. have a peek here

Select Print this topic.)You have a mixture of malware with Trojans including the dreaded Virtumonde (Vundo) infection. If you are interested, Firefox may be downloaded from here:http://www.mozilla.o...oducts/firefox/Please also read Tony Klein's excellent article: How I got Infected in the First PlaceHopefully this should take care of your problems! But I think it wasn't fully deleted because my computer started to exhibit symptoms again. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Now that the automated Vundofix has

Back to top #12 Mieke Mieke HJT Helper Retired Staff - Helper 265 posts Posted 06 July 2007 - 04:03 PM Glad we could help. Windows 7 Pro 64 bit NSBU 22.8.1.14 IE 11 bjm_ Guru Norton Fighter25 Reg: 07-Sep-2008 Posts: 13,706 Solutions: 280 Kudos: 2,010 Kudos0 Re: HijackThis Log concerning Trojan Vundo Posted: 03-Aug-2010 | scan completed successfully hidden files: 0 ************************************************************************** . Please right click on hijackthis.exe and rename it to crusty.exeNow please rescan with the newly named file and post the log into this thread by using the ADD REPLY button on

Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an All rights reserved. delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos0 Re: HijackThis Log concerning Trojan Vundo Posted: 03-Aug-2010 | 3:18PM • Permalink It might be more helpful to see

That may cause it to stall----------------------------------------* Please post the logs listed here at your next reply, please post them into the right order:1. Show Ignored Content As Seen On Welcome to Tech Support Guy! I downloaded and ran Highjackthis, log attached. CPU is running +50% constantly.

Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? The contents of the ComboFix log3. Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where To learn more and to read the lawsuit, click here.

Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe" O4 - HKCU\..\Run: [Aedu] "C:\PROGRA~1\COMMON~1\MANTEC~1\alg.exe" -vt yazb O4 - HKCU\..\Run: [Piwwkq] "C:\Program Files\Common Files\??crosoft.NET\r?gsvr32.exe" O4 Advertisement Recent Posts Computer slow on internet but... by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to Completion time: 2007-10-20 19:08:56 - machine was rebooted . --- E O F --- bigwag, Oct 19, 2007 #2 bigwag Thread Starter Joined: Oct 19, 2007 Messages: 33 Ran This

Please do not run any of these yet!1) Download and install CleanUp!2) Please download VundoFix by Atribune from here:http://www.atribune..../click.php?id=4 and place it on your desktop.3) Please download ComboFix from Here or navigate here Short URL to this thread: https://techguy.org/711413 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Back to top #7 Mieke Mieke HJT Helper Retired Staff - Helper 265 posts Posted 04 July 2007 - 07:31 AM Hi GACGustie, * Please open notepad and copy/paste the text

Yes, my password is: Forgot your password? Already have an account? Thanks a lot. Check This Out Back to top #8 GACGustie GACGustie Member Full Member 6 posts Posted 04 July 2007 - 12:52 PM Complete scanning result of "EBCC9BD9FE.sys", received in VirusTotal at 07.04.2007, 19:29:05 (CET).Antivirus Version

If we have ever helped you in the past, please consider helping us. KKincaid33 replied Jan 24, 2017 at 6:10 PM internal hard drives johnnyquest replied Jan 24, 2017 at 6:09 PM HD/DVD connector bassfisher6522 replied Jan 24, 2017 at 6:08 PM A-Z Animals The NIS 2009 is probably the trial that was installed in the factory settings for my computer.

If you fixed anything wrong you can put it back with these backups.But now your HijackThis.exe locates in a temp folder and can't make any backups at all.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. or read our Welcome Guide to learn how to use this site. Should I post another hijackthis log? Join the community here.

Stay logged in Sign up now! Right-click the My Computer icon and click Properties.3. Vundo Problems - HijackThis Log included Started by GACGustie, Jun 28 2007 05:51 PM This topic is locked 11 replies to this topic #1 GACGustie GACGustie Member Full Member 6 posts http://softsystechnologies.com/hijackthis-log/hijackthis-log-of-vundo-aftermath.html Join our site today to ask your question.

Click here to Register a free account now! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys R2 wcvs;Windows Certificate Verification Service;C:\WINDOWS\wcvs.exe R2 WzaSvc;Windows Zero Adapter;"C:\WINDOWS\csnsvc.exe" R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f7d1f6-c371-11db-bbf3-0007e97b8cd3}] AutoRun\command It's a lot easier than trying to remember everything.------------------------------------------------* Please put HijackThis.exe in it's permanent folder, if you fix something with hijackThis, it will create a backup. Repeat as many times as necessary to remove each Java version.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. No, create an account now. Reboot your computer once all Java components are removed.

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Login _ Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users. Check out the forums and get free advice from the experts. Back to top Back to Resolved or inactive Malware Removal 2 user(s) are reading this topic 0 members, 2 guests, 0 anonymous users Reply to quoted postsClear SpywareInfo Forum →

Thanks Logfile of HijackThis v1.99.1 Scan saved at 18:10, on 2007-10-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe Register now to gain access to all of our features, it's FREE and only takes one minute. I thought the Virus was gone when I used Hijackthis as well as many other anti-spyware programs(superantispy, malware, adaware, spybot) to get rid of it a few weeks ago. Quads Replies are locked for this thread.

Spyder_1386 P.S. Advertisements do not imply our endorsement of that product or service.