Trojan.Vundo? Please Help!

Help, i was virus scanning with my Malwarebytes' Anti-Malware scanner today when It said i had a virus.

Edit 5 minutes later:What the heck just happened? I suddenly had a black screen with a _... or something in it? I quickly turned the power switch off and turned off everything for my computer. Was it a virus?

Ok, well I will post the log of Malwarebytes and please help!

Information:
OS: Windows Vista SP 2?
Manufacturer: Dell
Graphics Card: Nvidia GeForce 8400?
Ram: 3 GB

Extra Info: I was updating my graphics card or something using windows update when the black screen came up

The MBAM log says "C:\Program Files\ESET\Setup\00\krnstp.dll (Trojan.Vundo) -> Quarantined and deleted successfully."


[Saving space, attachment deleted by admin]

http://www.computerhope.com/forum/index.php/topic,46313.0.html

please go to above and complete post the other 2 logs here an expert will see them

I am scared because I looked up on Google if superantispyware is good and it said it is spyware please help me?
And here is the Hijackthis! log

[Saving space, attachment deleted by admin]

anything you are asked to download and run on CH is above board you can do it without fear , harry

Ok, I will scan my computer later today with superantispyware I'll be back in a few hours

Here, I have all the logs! They are with this post. Hijackthis and MBAM logs were on the day of infection found. Superantispyware was today.
By the way, why did superantispyware scan 200,000 files when MBAM and my normal antivirus only scan like 35,000 to 40,000?
I have MBAM and Nod32 just so you know. Also superanti took like 2 hours while the other 2 take 50 minutes?
And superantispyware kept scanning the same files over and over and over. It kept scanning the same 100 files like 30,000 times. Ok but here are the logs anyway.

Can the specialist come?

[Saving space, attachment deleted by admin]

i cannot not answer on sas but it checks every thing were the others may not

its a matter of waiting for an expert

[Malware Removal Specialist]

robles56, could we get an up-to-date HJT log please?

Sure the HJT log is attatched to this post! i just scanned it right now

[Saving space, attachment deleted by admin]

Never mind i wrote something but found out it wasn't a virus, but part of a game

AH i must be confusing you, the Trojan.Vundo is still a virus and i still need help, but the game thing was a WEIRD file i found in my documents even if i delete it comes back. it seems to be from a game, but don't be confused, the Vundo is a completely different thing.

[Malware Removal Specialist]

AH i must be confusing you, the Trojan.Vundo is still a virus and i still need help, but the game thing was a WEIRD file i found in my documents even if i delete it comes back. it seems to be from a game, but don't be confused, the Vundo is a completely different thing.

Can you give me the name of that file?

the file that is actually nothing is called ³Ø½¼ Ç÷¯±× but its not related to the vundo problem.
i found an answer http://answers.yahoo.com/question/index?qid=20080908200926AAjuJQw
a person says The folder named ³Ø½¼ Ç÷¯±× is not the result of a virus but rather a folder installed by one of several Nexon Games such as Combat Arms.

[Malware Removal Specialist]

Hello robles56. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\"
(Description: Adobe reader startup - unnecessarily uses system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

I did the hijackthis fix checked thing i will do combofix tomorrow

Here are the logs. By the way, did ComboFix take away 0.2 GB off my hard drive? look at the bottom of the log it says the bytes free it changed :O?

[Saving space, attachment deleted by admin]

[Malware Removal Specialist]

By the way, did ComboFix take away 0.2 GB off my hard drive? look at the bottom of the log it says the bytes free it changed :O?

robles56, not to worry. We're going to remove it later. Let's run this scan first:

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

I tried what you said but produced no log. It said I had no infections at all. I just left the window minimized and did my homework. When I came back, I saw that the scan was finished. The screen shot of the finished scan is attached. Sorry but no log came out.

[Saving space, attachment deleted by admin]

[Malware Removal Specialist]

Looks good. How's your computer running now?

Normal like usual, except that I'm worried about my free space. Sometimes there is 28 GB free and sometimes 32 and I think one time 40 GB free on my C: drive. I never installed anything ever since September but my space still changes. Now i have 31.8 GB of space free. It's creepy. By the way, how do i remove ComboFix?

[Malware Removal Specialist]

Normal like usual, except that I'm worried about my free space. Sometimes there is 28 GB free and sometimes 32 and I think one time 40 GB free on my C: drive. I never installed anything ever since September but my space still changes. Now i have 31.8 GB of space free. It's creepy. By the way, how do i remove ComboFix?

Every time you go on the internet, files get loaded on your computer. Do you do a regular cleanup?

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Note: The above may not work at the moment because ComboFix has been taken off-line for Maintenance. I'll let you know when it's up and running.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

thanks for the help thank you superdave so much! You just saved my computer!