Home > Trojan Vundo > Trojan.vundo / Trojan.metajuan

Trojan.vundo / Trojan.metajuan

This trojan may attempt to download additional malware onto the infected computer.   Terminates Processes Vundo may terminate the processes "AD-AWARE.EXE" or "GCASSERVALERT.EXE" if they are running in memory.   Additional Attempting to delete F:\WINDOWS\system32\yjgkjqdh.ini F:\WINDOWS\system32\yjgkjqdh.ini Has been deleted! It cleared some of the files and registry keys, but still couldn't kill off the files such as wvuroli.dll that are used by core processes, such as explorer.exe, etc. I tried scanning with Norton Antivirus + Ad-Aware 2007, but nothing could be found. Source

Using the site is easy and fun. Thread Status: Not open for further replies. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List This applies only to the original topic starter.

I believe that the virus is renaming itself, as the description said at wiki. BLEEPINGCOMPUTER NEEDS YOUR HELP! Attempting to delete F:\WINDOWS\system32\mlljh.dll F:\WINDOWS\system32\mlljh.dll Has been deleted! That is normal.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.ComboFix will disconnect the machine from the internet, this prevents fresh malware from coming in.The

Please re-enable javascript to access full functionality. Canada Local time:09:03 AM Posted Yesterday, 08:22 AM Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you C:\DOCUME~1\Owner\Complete\Bigfish Games - Flower Shop - Big City Break + Crack (Reflexive).zip moved successfully. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)Note: Scanning may take longer for large folders.And please post me a fresh LopSD repport

Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 1 user(s) are reading this topic 0 members, 1 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! BLEEPINGCOMPUTER NEEDS YOUR HELP! https://forums.techguy.org/threads/solved-help-with-trojan-vundo-trojan-metajuan-trojan-downloader.677894/ cybertech, Feb 1, 2008 #2 fuuko123 Thread Starter Joined: Jan 31, 2008 Messages: 11 hi cybertech, thanks alot for replying...

If you see a certain entry or program you're unsure about, please don't hesitate to ask! Scan started at 3:16:15 PM 1/31/2008 Listing files found while scanning.... Companion
2008-09-25 19:13 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 07:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 08:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-24 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 21:41 --------- d-----w get spybot, superantispyware, Ccleaner, avg antispywarereboot in safe mode(tap f8 rapidly)make sure all protection are updated..run scans one at a time...

Combofix log(a few days ago) ComboFix 08-02.01.6 - Fai 2008-02-01 22:08:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1369 [GMT 8:00] Running from: F:\Documents and Settings\Fai\Desktop\ComboFix.exe * Created a new restore point http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Vundo.gen!X Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\New Folder (3)\P2kCommander-V3.3.0\P2kAutostart.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO8 - Extra F:\WINDOWS\BM2f219129.xml F:\WINDOWS\pskt.ini . ((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))) . 2008-02-01 22:24 . 2008-02-01 22:24

d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-01 22:23 . 2008-02-08 03:35 d-------- Some variants function as Browser Helper Objects (BHOs).

BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. this contact form F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\Ati2evxx.exe F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\Program Files\a-squared Free\a2service.exe F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe F:\WINDOWS\system32\inetsrv\inetinfo.exe F:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE F:\WINDOWS\RTHDCPL.EXE F:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE F:\Program Files\Common Files\Symantec Shared\ccApp.exe F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe F:\Program Files\Spyware Terminator\sp_rsser.exe You need to disable your Symantec/Norton Antivirus before running ComboFix, as it will prevent it from running. If we have ever helped you in the past, please consider helping us.

remove what they find... I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. To learn more and to read the lawsuit, click here. have a peek here Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

my computer in general has been very slow. FULL!.zip C:\DOCUME~1\Owner\Complete\WGA Patcher Windows keygen updated 11 11 06 by DvS Radar rar 3591100 TPB.zip C:\DOCUME~1\Owner\Complete\Winamp 5 32 Pro - Full + Keygen rar.zip C:\DOCUME~1\Owner\Complete\Windows Genuine Advantage Validation LATEST and crack FULL!!.zip C:\DOCUME~1\Owner\Complete\Steam Keygen Unlock all games.zip C:\DOCUME~1\Owner\Complete\The GodFather-The Game- PC with Crack,Trainer & Daemon Tools.zip C:\DOCUME~1\Owner\Complete\Tom Clancys Rainbow Six Vegas CRACK ONLY-HATRED NewTorrents.info ownz .zip C:\DOCUME~1\Owner\Complete\TuneUp Utilities 2007 6.0.1255.0 FINAL with

C:\DOCUME~1\Owner\Complete\Bigfish Games - Jewels of Cleopatra + Crack (Reflexive).zip moved successfully.

Companion [05/14/2007|11:54] C:\DOCUME~1\APPLIC~1\APPLIC~1\

Microsoft [03/31/2005|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Identities [03/31/2005|06:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Intuit [03/31/2005|06:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft [03/31/2005|06:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Symantec [10/20/2006|02:13] C:\DOCUME~1\Guest\APPLIC~1\ Adobe [10/20/2006|08:18] C:\DOCUME~1\Guest\APPLIC~1\ Google [03/31/2005|04:50] C:\DOCUME~1\Guest\APPLIC~1\ Identities [03/31/2005|06:03] C:\DOCUME~1\Guest\APPLIC~1\ Intuit [10/20/2006|08:24] C:\DOCUME~1\Guest\APPLIC~1\ Macromedia C:\DOCUME~1\Owner\Complete\Adobe Photoshop CS2 v9 0 FinaL KeyGeN by DvS Radar rar 3591305 TPB.zip C:\DOCUME~1\Owner\Complete\Age of Empires III Full Game + No DVD CPU Crack[k] - [www slotorrent net].zip C:\DOCUME~1\Owner\Complete\BearShare PRO 6 Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Yahoo!

Attempting to delete F:\WINDOWS\system32\srfesbnu.dll F:\WINDOWS\system32\srfesbnu.dll Could not be deleted. Attempting to delete F:\WINDOWS\system32\pmkjg.dll F:\WINDOWS\system32\pmkjg.dll Has been deleted! Several functions may not work. Check This Out reboot in normal mode....

C:\DOCUME~1\Owner\Complete\Google Earth Pro Map with Crack by DvS Radar.zip moved successfully.