Vanilla Forums has been nominated for a second time in the CMS Critic "Critic's Choice" awards, and we need your vote! Read more here, and then do the thing (please).
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Vundo'd!

TL DRTL DR Registered User regular
edited February 2009 in Help / Advice Forum
Hi, and thanks in advance.
I'm working on an associate's PC right now. It was given to me because on startup the screen would go black and show only the mouse without loading explorer. Now everything is working fine, but:
-Malwarebytes still catches the Vundo trojan after reboot
-AVG can not run, be updated, or be uninstalled

I have tried Vundofix. Normally I would just format, but this guy has so much data scattered about the hard drive, and I honestly want to figure this one out due to academic interest.

Hijack This log:
Spoiler:

Gracias.

TL DR on
eokNV.jpg

Posts

  • InterjectionInterjection Registered User
    edited February 2009
    All I can say is make sure you check for updates on Malwarebytes.

    I ran all of Malwarebytes, CCleaner, and HijackThis and I was still getting repeated logon attempts and stuff before I realized maybe I needed to update Malwarebytes.

    Also, if a program won't startup maybe try changing the name of it, I know Vundo keeps some programs from running based on filename...I remember I had to change the name of the Malwarebytes installer and the .exe.

    EDIT: I also checked and

    O4 - HKUS\S-1-5-19\..\Run: [meluvepasi] Rundll32.exe "C:\WINDOWS\system32\jegulufo.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [meluvepasi] Rundll32.exe "C:\WINDOWS\system32\jegulufo.dll",s (User 'NETWORK SERVICE')

    seem associated with viruses or trojans and should be deleted

    Those are the only ones that stood out to me...other people might have additional input

    aka kcMasterpiece
  • finalflight89finalflight89 Registered User regular
    edited February 2009
    These DLLs are also bad, at least the ones that aren't avgrsstx.dll and guard32.dll.

    O20 - AppInit_DLLs: avgrsstx.dll c:\windows\system32\kadidika.dll C:\WINDOWS\system32\guard32.dll jotxqg.dll c:\windows\system32\yimazitu.dll crsuxp.dll c:\windows\system32\setorera.dll wdttum.dll vhxkqv.dll

    Maybe try manually deleting these things from outside of Windows?

  • theclamtheclam Registered User
    edited February 2009
    Some variants of Vundo essentially can't be removed. They toss randomly named files all over the computer and infect tons of system files.

    rez_guy.png
Sign In or Register to comment.