0

Hi, after i downloaded this program my antiviures went crazy ...Autodelete/////.....etc

i took a highjack this log. plz help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:02 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\WINDOWS\system32\LEXBCES.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\LEXPPS.EXE
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\BeAnywhere Personal Edition\Server\BA2Serv.exe
H:\Program Files\Gizmo Project\mDNSResponder.exe
H:\Program Files\GizmoPlugin\GizmoPlugin.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\WINDOWS\ALCWZRD.EXE
H:\WINDOWS\ALCMTR.EXE
H:\Program Files\Visioneer OneTouch\OneTouchMon.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\AGRSMMSG.exe
H:\Program Files\SiteAdvisor\6172\SiteAdv.exe
H:\PROGRA~1\McAfee.com\Agent\mcagent.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
H:\Program Files\PowerISO\PWRISOVM.EXE
H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
H:\Program Files\BeAnywhere Personal Edition\Server\BA2ServCnfg.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\Raxco\PerfectDisk\PDAgent.exe
H:\Program Files\abcMover\abcMov13.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\SiteAdvisor\6172\SAService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Bell\Access Manager\app\TangoService.exe
H:\Program Files\TurboFTP\tftpsvc.exe
H:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Raxco\PerfectDisk\PDEngine.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
H:\Program Files\HiDownload\HiDownload.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
H:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
H:\WINDOWS\system32\taskmgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\taskmgr.exe
H:\hidownload\imabunny.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - H:\Program Files\Best_Security_Tips\tbBest.dll
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - H:\Program Files\Live_TV\tbLive.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - H:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <meta http-equiv="Content-Language" content="en-us">
O1 - Hosts: <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
O1 - Hosts: <meta name="ProgId" content="FrontPage.Editor.Document">
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
O1 - Hosts: <title>OOPS!</title>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#848484">
O1 - Hosts: <p>&nbsp;</p>
O1 - Hosts: <p>&nbsp;</p>
O1 - Hosts: <div align="center">
O1 - Hosts: <center>
O1 - Hosts: <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="617" height="77" id="AutoNumber1">
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="7" bgcolor="#FF931F">
O1 - Hosts: <p align="center"><i><font face="BatangChe"><b>OOPS!</b></font></i></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="50" bgcolor="#CFD9DF">
O1 - Hosts: <p align="center"><font face="Garamond"><b>This page "/update/hosting/old/hosts" doesn't exist or
O1 - Hosts: never existed in the first place. </b></font></p>
O1 - Hosts: <p align="center">
O1 - Hosts: <a href="http://www.GamingAddix.com" style="text-decoration: none; font-weight: 700">
O1 - Hosts: <font color="#000000" face="Garamond">www.GamingAddix.com</font></a></p>
O1 - Hosts: <p align="center">Your IP:
O1 - Hosts: 64.231.65.241<br>
O1 - Hosts: Browser:
O1 - Hosts: Microsoft URL Control - 6.00.8862<br>
O1 - Hosts: Has been Logged for better performance.<br>
O1 - Hosts: <br>
O1 - Hosts: </p>
O1 - Hosts: <p align="center">&nbsp;</p>
O1 - Hosts: <p align="center"><i><font face="Garamond"><b>Your Required Dose Of Game</b></font></i></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="12" bgcolor="#FF931F">&nbsp;</td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: </center>
O1 - Hosts: </div>
O1 - Hosts: <p align="center">&nbsp;</p>
O1 - Hosts: <p align="center">
O1 - Hosts: <img border="10" src="http://i4.photobucket.com/albums/y150/hitman3266/oops.jpg" width="700" height="150"></p>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - H:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - H:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE} - H:\WINDOWS\system32\wvusrro.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - H:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30D369D4-4C5F-4BA5-A054-4F4071C8367A} - H:\WINDOWS\system32\jkkjk.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - H:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - H:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - H:\Program Files\Live_TV\tbLive.dll
O2 - BHO: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - H:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - H:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - H:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - H:\Program Files\Live_TV\tbLive.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] H:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiteAdvisor] H:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] H:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 H:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] H:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] H:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] H:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BA2Config] "H:\Program Files\BeAnywhere Personal Edition\Server\BA2ServCnfg.exe" -silent
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] H:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Registry Fix] "H:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - Startup: abcMover1.3.lnk = H:\Program Files\abcMover\abcMov13.exe
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: Download All Files by HiDownload - H:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - H:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download with GetRight - H:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with NetPumper - H:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Open with GetRight Browser - H:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FreshDownload - {25EA0126-8085-4BAF-A9A3-17D9306D5219} - H:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - H:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.samphacks.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E26E32-2AAE-47D4-AF6E-61B2138EB42C} (BAUserManageFormX Control) - https://secure.beanywhere.com/AX/BAUserManageAX.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8F79E180-826C-4162-88AC-6C573D809BBB} (BAFormX Control) - https://secure.beanywhere.com/AX/BAPEAX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvusrro - H:\WINDOWS\SYSTEM32\wvusrro.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BeAnyWhere Personal Edition Server (BA2Server) - MN - H:\Program Files\BeAnywhere Personal Edition\Server\BA2Serv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - H:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Client32 - NetSupport Ltd - H:\Program Files\NetSupport\NetSupport Manager\client32.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - H:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MySQL - Unknown owner - H:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - H:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - H:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - H:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - H:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - H:\Program Files\TurboFTP\tftpsvc.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies. - H:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe

--
End of file - 16713 bytes

3
Contributors
7
Replies
8
Views
9 Years
Discussion Span
Last Post by kylethedarkn
0

You are infected. I pulled out an example line in a very complex HJT that I suspect nobody can be arsed to fully analyse!
---------------------------------------------------------
O2 - BHO: (no name) - {30D369D4-4C5F-4BA5-A054-4F4071C8367A} - H:\WINDOWS\system32\jkkjk.dll
---------------------------------------------------------

I suspect Vitumonde/Vundo. The OLVED threads in this forum contain an end to end narrative of what to do using HJT, ComboFix, Smitfraud, VundoFix and other tools.

SPYBOT and AVG Anti-Spyware are must have detection and removal tools. Your biggest problem will be removing files that are currently in use and refuse to be deleted.

You can also find an alternative method for solving this sort of thing in a post I made on 3rd September; search on the mis-spelt keyword "Virtunonde".

Good luck.

0

Well my avg syware scan is running right now.

ill nofity u of results if u want me 2

0

Can you plz gudie my through the process of fixing this plz/ i really appreactiate. it.

0

If you use my own method (posted 3-Sep-07) and reachable by searching on the mis-spelt term "Virtunonde", it's all detailed step by step.

The other method, the one used by Crunchie in this forum, is well documented if you just follow one of the threads. I'd much rather you did the work; your HJT files are abnormally long and unless there's anothe knight on the forum prepared to give the time, you should do this yourself - coming back to us where you might have a point of clarification, of course.

1

If you use my own method (posted 3-Sep-07) and reachable by searching on the mis-spelt term "Virtunonde", it's all detailed step by step.

The other method, the one used by Crunchie in this forum, is well documented if you just follow one of the threads. I'd much rather you did the work; your HJT files are abnormally long and unless there's anothe knight on the forum prepared to give the time, you should do this yourself - coming back to us where you might have a point of clarification, of course.

I'll take a crack at it if you don't mind.

Ok heres the process of getting rid of virtumondo via vundofix.

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt.

Also after running Vundofix run HJT again and post a new hjt log along with the vundofix log, and we'll go from there.

Votes + Comments
The virtue of patience or the antidote to boredom!
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.