Home > Trojan Vundo > Trojan Vundo And MemCheck.exe Error

Trojan Vundo And MemCheck.exe Error

Score UserComments Virus beeper File size in the current version (version 7) of SystemSuite/Fix-It is 57,344 bytes. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{baba5bdb-4eff-48db-b443-679651d37128} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. navigate here

But it tried twice to delete the file, but everytime it says, that deletion will be take place when machine get reboots. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Looking through other posts, most people get there's. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Do this.... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Josh\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - Please check your installation diskette.

  1. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dcfa5d1b-36ad-403f-ac21-f0ca63b84498} (Trojan.Vundo) -> Quarantined and deleted successfully.
  2. HKEY_CLASSES_ROOT\vac.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  3. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e99d4d0c-eb54-46af-b62a-3aa1f31d53e5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra No, create an account now. HKEY_CLASSES_ROOT\Interface\{ef94a58f-599b-4602-9c34-99683c5859b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. Please try the request again. C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully. VundoFix V7.0.6 Scan started at 11:17:11 PM 7/12/2009 Listing files found while scanning....

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ef94a58f-599b-4602-9c34-99683c5859b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully. J. Should you experience an actual problem, try to recall the last thing you did, or the last thing you installed before the problem appeared for the first time.

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File uRun: [LMgrOSD] c:\program files\launch manager\OSDCtrl.exe uRun: [CtrlVol] Im not sure what you're asking of me though... also, i tried downloading the drivers from manufaturers list. To start viewing messages, select the forum that you want to visit from the selection below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. http://gsdclb.org/trojan-vundo/trojan-vundo-also.php HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{898176ab-1471-4edb-b17b-4faddb742275}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.107,85.255.112.121 -> No action taken. C:\WINDOWS\system32\dNmSDMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. let me know please.

Check Applications and also System logs. 0 OPDiscussion Starter misterjosh 8 Years Ago in applications i see repeated Winlogon going on, saying "The shell stopped unexpectedly and Explorer.exe was restarted." Right HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully. Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! http://gsdclb.org/trojan-vundo/trojan-vundo-need-help-getting-rid-of-it.php Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

any .mp3's i try playing come up with errors, and movies are silent. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d060e6db-c43b-4519-a7a4-cfa606ebdd10} (Trojan.Vundo) -> Quarantined and deleted successfully.

Once the scan is complete it will display if your system has been infected.

Done! Also, i would like to draw your notice, that i have Norton Internet Security 2009, and it shows i have a virus named Trojan Vundo on my system. Beginning removal... C:\check_LSA7.txtC:\WINDOWS\cookies.iniC:\WINDOWS\system32\_000002_.tmp.dllC:\WINDOWS\system32\_000006_.tmp.dllC:\WINDOWS\system32\_000007_.tmp.dllC:\WINDOWS\system32\_000008_.tmp.dllC:\WINDOWS\system32\_000011_.tmp.dllC:\WINDOWS\system32\_000012_.tmp.dllC:\WINDOWS\system32\_000017_.tmp.dllC:\WINDOWS\system32\gjkmp.bak1C:\WINDOWS\system32\gjkmp.bak2C:\WINDOWS\system32\gjkmp.iniC:\WINDOWS\system32\gjkmp.ini2C:\WINDOWS\system32\gjkmp.tmpC:\WINDOWS\system32\pmkjg.dll .((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 ))))))))))))))))))))))))))))))). 2007-09-22 16:20 51,200 --a------ C:\WINDOWS\NirCmd.exe2007-09-16 18:15

d-------- C:\Program Files\Trend Micro2007-09-16 15:21 d-------- C:\VundoFix Backups2007-09-16 14:08 d-------- C:\Program Files\RogueRemover FREE2007-09-12

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdsmnd -> Delete on reboot. If yours is not listed and you don't know how to disable it, please ask. Attempting to delete C:\Windows\system32\pbrrloru.dll C:\Windows\system32\pbrrloru.dll Could not be deleted. weblink just tell me what to do now ^_^ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:32:27 AM, on 12/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00

i downloaded HJT and got a log... That may cause it to stall** Make sure, you re-enable your security programs, when you're done with Combofix. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.