DaniWeb IT Discussion Community - View Single Post

Re: Can't get rid of these popups

Jan 14th, 2009

I've ran a total of 3 runs today. Here are the first two logs. The first one didn't get ran all the way through. I had to interrupt it shortly after starting it.

Log 1
Malwarebytes' Anti-Malware 1.28
Database version: 1257
Windows 5.1.2600 Service Pack 3

1/13/2009 4:51:28 PM
mbam-log-2009-01-13 (16-51-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 1986
Time elapsed: 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6805da5a-cac8-4684-96fd-4b77fd8f1394} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6805da5a-cac8-4684-96fd-4b77fd8f1394} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\efcbXpOI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcbXpOI.dllbox (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\c:\windows\system32\efcbxpoi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IOpXbcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IOpXbcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iaahjktt.dll (Trojan.BHO.H) -> Delete on reboot.

Here is log 2:
Malwarebytes' Anti-Malware 1.28
Database version: 1257
Windows 5.1.2600 Service Pack 3

1/13/2009 8:45:26 PM
mbam-log-2009-01-13 (20-45-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 149339
Time elapsed: 52 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\vuauicwy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXQICRk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkkhHXR.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26c0a78f-eaaa-4e65-8f5b-4f334e756e5a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{26c0a78f-eaaa-4e65-8f5b-4f334e756e5a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkhhxr (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10697e8a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\byXQICRk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXQICRk.dllbox (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\c:\windows\system32\byxqicrk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kRCIQXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kRCIQXyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuauicwy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ywciuauv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkkhHXR.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\SJWHH6RM\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\geBRlkLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

And log 3 is posted in the previous post of mine.

Thanks.