Home > Trojan Vundo > Trojan.vundo / Trojan.metajuan

Trojan.vundo / Trojan.metajuan

This trojan may attempt to download additional malware onto the infected computer.   Terminates Processes Vundo may terminate the processes "AD-AWARE.EXE" or "GCASSERVALERT.EXE" if they are running in memory.   Additional Attempting to delete F:\WINDOWS\system32\yjgkjqdh.ini F:\WINDOWS\system32\yjgkjqdh.ini Has been deleted! It cleared some of the files and registry keys, but still couldn't kill off the files such as wvuroli.dll that are used by core processes, such as explorer.exe, etc. I tried scanning with Norton Antivirus + Ad-Aware 2007, but nothing could be found. Source

I believe that the virus is renaming itself, as the description said at wiki. BLEEPINGCOMPUTER NEEDS YOUR HELP! Attempting to delete F:\WINDOWS\system32\mlljh.dll F:\WINDOWS\system32\mlljh.dll Has been deleted! That is normal.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.ComboFix will disconnect the machine from the internet, this prevents fresh malware from coming in.The

Please re-enable javascript to access full functionality. Canada Local time:09:03 AM Posted Yesterday, 08:22 AM Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you C:\DOCUME~1\Owner\Complete\Bigfish Games - Flower Shop - Big City Break + Crack (Reflexive).zip moved successfully. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)Note: Scanning may take longer for large folders.And please post me a fresh LopSD repport

https://forums.techguy.org/threads/solved-help-with-trojan-vundo-trojan-metajuan-trojan-downloader.677894/ cybertech, Feb 1, 2008 #2 fuuko123 Thread Starter Joined: Jan 31, 2008 Messages: 11 hi cybertech, thanks alot for replying...

2008-09-23 21:41 --------- d-----w get spybot, superantispyware, Ccleaner, avg antispywarereboot in safe mode(tap f8 rapidly)make sure all protection are updated..run scans one at a time...

Combofix log(a few days ago) ComboFix 08-02.01.6 - Fai 2008-02-01 22:08:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1369 [GMT 8:00] Running from: F:\Documents and Settings\Fai\Desktop\ComboFix.exe * Created a new restore point http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Vundo.gen!X Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\New Folder (3)\P2kCommander-V3.3.0\P2kAutostart.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO8 - Extra F:\WINDOWS\BM2f219129.xml F:\WINDOWS\pskt.ini . ((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))) . 2008-02-01 22:24 . 2008-02-01 22:24

Some variants function as Browser Helper Objects (BHOs).

I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them.

Attempting to delete F:\WINDOWS\system32\srfesbnu.dll F:\WINDOWS\system32\srfesbnu.dll Could not be deleted. Attempting to delete F:\WINDOWS\system32\pmkjg.dll F:\WINDOWS\system32\pmkjg.dll Has been deleted! Several functions may not work. Check This Out reboot in normal mode....

