Home > Need Help > Need Help On Vundo Virus And McAfee

Need Help On Vundo Virus And McAfee

The file is encrypted using information from the machine as key, like the following: Hard-disk serial number %WinDir%\system32 creation time "C:\system Volume Information" creation time The DLL is observed to be Like Show 0 Likes(0) Actions 1 2 Previous Next Go to original post Actions Remove from profile Feature on your profile More Like This Retrieving data ... © 2007-2017 Jive Software Sign in to follow this Followers 3 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page. I really need a pofessional opinion on this one before I assume everythings ok. this content

The stored data may be a malicious executable component of Win32/Vundo that is also uniquely encrypted using the generated string and RC4 or TEA encryption algorithms. This site is completely free -- paid for by advertisers and donations. I have run MBAM and it tells me that I have 40 files infected with Trojan.vundo. Once the dropper is executed on the machine, it will generate a machine-specific DLL file that only runs on that system. https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=127690

It is hard to type with this stupid Norton window that I have to keep moving out of the way. So I'll just get help with hijackthis and hopefully those guys can help me with my problem. Download and save the Chktrust.exe file to the same folder in which you saved the removal tool.Note: Most of the following steps are done at a command prompt. Norton discovered this worm this a.m.

The /EXCLUDE switch will only work with one path, not multiple. Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and Thank you for your help; I will attempt to do what you have posted. Some variants of Win32/Vundo, such as Trojan:Win32/Vundo.KO and Trojan:Win32/Vundo.gen!AJ, are dropped by variants of the Win32/Prolaco family, such as Worm:Win32/Prolaco.gen!C, which are themselves dropped by variants of Virus:Win32/Prolaco, such as Virus:Win32/Prolaco.AW, Virus:Win32/Prolaco.AP and Virus:Win32/Prolaco.AR.

Short URL to this thread: https://techguy.org/680747 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? I would be glad to take a look at your log and help you with solving any malware problems. Variants of Win32/Vundo might use dropper or downloader executable components, which might be detected with the following names: Trojan:Win32/Vundo.gen!AW Trojan:Win32/Vundo.HIY Trojan:Win32/Vundo.OD Trojan:Win32/Vundo.QA TrojanDropper:Win32/Vundo.A TrojanDropper:Win32/Vundo.B TrojanDownloader:Win32/Vundo TrojanDownloader:Win32/Vundo.J We have observed the dropper https://forums.techguy.org/threads/help-mcafee-says-i-have-vundo-virus.680747/ Win32/Vundo might modify the following registry entry to load the newly created DLL whenever you start your PC or Internet Explorer: In subkey: HKLM\SOFTWARE\Classes\CLSID\Sets value: "InprocServer32"With data: "

Attempting to delete C:\WINDOWS\system32\lmllm.bak2C:\WINDOWS\system32\lmllm.bak2 Has been deleted! You can find these forums in http://asap.maddoktor2.com/ Flag Permalink This was helpful (0) Collapse - Ok; guess by MarDel53 / April 29, 2005 7:00 AM PDT In reply to: Yes, give Please type your message and try again. 1 2 Previous Next 10 Replies Latest reply on May 22, 2008 6:08 AM by Peter M Need help with Vundo Trojan beas Apr I haven't been able to access this computer in some time.

Displays the help message./NOFIXREG Disables the registry repair (We do not recommend using this switch). /SILENT, /S Enables the silent mode. /LOG=[PATH NAME] Creates a log file where [PATH NAME] is useful reference open mcafee security center.click on update.4: restart computer. It is believed that the exploit code may have been mailed to a large number of email addresses. If you need this topic reopened, please send a Private Message to any one of the moderating team members.

Is there a way I can check? All rights reserved. These steps will removal all relevant registry entries and identifiedVundo components. The family may create the following registry entries to store data or use machine-specific information to compute where to store data on your PC: Some Win32/Vundo variants may use a list

Hope this helps. Thanks for sharing the info. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /STARTO4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Copy and paste the content of 'hijackthis.log' and post the log file in any forums that offers HijackThis analysis.

My computer speed is very slow now and new windows take forever to load. Flag Permalink This was helpful (0) Collapse - Virus Tool Trojan.Vundo.B by baba417 / May 4, 2005 3:47 PM PDT In reply to: Need help with trojan Vundo.B Norton AntiVirus Created In addition, please tell me if there are any more malware problems that you are aware of.Regards,Trevuren 0 #9 Trevuren Posted 07 February 2006 - 07:43 PM Trevuren Old Dog Retired

This may not include all the folders on the remote computer, which can lead to missed detections.

The following is an example command line that can be used to exclude a single drive: "C:\Documents and Settings\user1\Desktop\FixVundo.exe" /EXCLUDE=M:\ /LOG=c:\FixVundo.txt Alternatively, the command line below will skip scanning the file Login to PartnerNet Hi, My Details Overview Logout United States PRODUCTS Threat Protection Information Protection Cyber Security Services Website Security Products A-Z SERVICES Consulting Services Customer Success Service Cyber Security Services Click 'Save log' button. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.First we need to make all files and folders VISIBLE: Go to start>control panel>folder options>view (tab) Choose

Please reply to this thread. Outgoing traffic to following remote server: virtumonde.com Newer variants display fake error screen asking the user to download rouge system security tools. These variants might also check if the Microsoft Malicious Software Removal Tool (mrt.exe) is running and close it. Flag Permalink This was helpful (0) Collapse - I downloaded it by MarDel53 / April 29, 2005 6:40 AM PDT In reply to: First try the removal tool earlier but didn't

It is known to be installed by visiting a Web site link contained in a spammed email. - http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.htmlThis trojan was recently installed via an HTML page that contained the Exploit-IframBO Attempting to delete C:\WINDOWS\system32\cbeeg.bak2C:\WINDOWS\system32\cbeeg.bak2 Has been deleted! An alternative is the /NOFILESCAN switch followed by a manual scan with AntiVirus. User will be asked to download SysProtect application to remove the threat.

RE: :) melboy Apr 12, 2008 3:58 PM (in response to Dennis_Allen) once you are confident your computer is clean i would personally re-enable system restore and create a new system This applies only to the original topic starter. This is particularly common malware behavior, generally used in order to spread malware from PC to PC. Unlike viruses, Trojans do not self-replicate.

Flag Permalink This was helpful (0) Collapse - Found it by Donna Buenaventura / April 30, 2005 3:52 AM PDT In reply to: Also... Track this discussion and email me when there are updates If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and by MarDel53 / April 29, 2005 6:34 AM PDT In reply to: Need help with trojan Vundo.B virus definitions are dated 4/28/05 which Symantec claims will stop this threat; but apparently RE: So close Peter M Apr 11, 2008 8:54 AM (in response to beas) Vundo can be a really difficult infection to deal with.

Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet. Does this worm threat my use of my going to secured sites to pay my credit card bill and such? Like Show 0 Likes(0) Actions 7. :) Dennis_Allen Apr 12, 2008 5:07 AM (in response to Peter M) try this one (hope it works) :)1: delete temp files (start>run>%temp%)delete all files Unitl today!!!

RE: Maybe it's gone Peter M Apr 11, 2008 11:26 AM (in response to beas) You are probably clear of it now, but the best way to check would be to When the tool has finished running, you will see a message indicating whether the threat has infected the computer. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Flag Permalink This was helpful (0) Collapse - Yes, give it a try :-) by Donna Buenaventura / April 29, 2005 6:50 AM PDT In reply to: I downloaded it If

Flag Permalink This was helpful (0) Collapse - You're welcome. Sign in AccountManage my profileView sample submissionsHelpMalware Protection CenterSearchMenuSearch Malware Protection Center Search Microsoft.com Search the Web AccountAccountManage my profileView sample submissionsHelpHomeSecurity softwareGet Microsoft softwareDownloadCompare our softwareMicrosoft Security EssentialsWindows DefenderMalicious Software Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. Remove any unnecessary network shares or mapped drives Note: You might also need to temporarily change the permission on network shares to read-only until the disinfection process is complete.