Author Topic: vundo? (Read 8461 times)

asunverneth · « **Reply #15 on:** April 04, 2009, 12:17:10 PM »

ok, there wasnt an option for a repair install. just to re-install it with or without backing up the files. so i backed up all my files and re-installed windows. It saved everything into a "my backup" drive. i dont think it deleted the vundo, so now do i pick up where i left off? or should i re-install all of my programs and then start again?

evilfantasy · « **Reply #16 on:** April 04, 2009, 01:33:36 PM »

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start
An information notice will appear, click OK.
This starts a short scan that will scan the files currently running in memory.
If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
If or when something is found, click the Yes button when it asks you if you want to cure it.

Once the short scan has finished, Click Settings > Change Settings
Under the Scanning tab UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

asunverneth · « **Reply #17 on:** April 06, 2009, 07:50:34 PM »

ok, when i tried to update mcafee security center it said that the product is was discontinued. i look it up on their website and i guess it was. so now im stuck with a version from 2006. should i just uninstall it and put in AVG or is there something better?

evilfantasy · « **Reply #18 on:** April 06, 2009, 07:58:36 PM »

Yes you need another AV. One that is outdated isn't much better than not having one at all.

1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal

Helpmeh · « **Reply #19 on:** April 07, 2009, 05:24:37 PM »

http://www.computerhope.com/forum/index.php/topic,80314.0.html

Has a good discussion on which AV scanner you should get/have...and just for the future, if you don't see see your AV scanner updating AT LEAST once a month, something is definatly wrong.

asunverneth · « **Reply #20 on:** April 09, 2009, 09:17:31 AM »

alright here it it

RegUBP2b-Nat.reg;C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
EmptyProcess.exe;C:\My Backup -- 09-04-04 1124AM\Program Files\Cheat Engine;Win32.HLLW.Viking.34;Deleted.;
~.exe;C:\My Backup -- 09-04-04 1124AM\Program Files\Mozilla Firefox;Trojan.Virtumod.1636;Deleted.;
fijiveni.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1662;Deleted.;
gafuhelu.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1662;Deleted.;
gavawase.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1654;Deleted.;
gimikipi.exe;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Fakealert.4154;Deleted.;
hovebipu.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1660;Deleted.;
hufowebi.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1660;Deleted.;
ledirufo.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1660;Deleted.;
lolazonu.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1660;Deleted.;
miwefuru.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1660;Deleted.;
pepimude.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1660;Deleted.;
romazewu.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1636;Deleted.;
sategawa.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1654;Deleted.;
tepidike.exe;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Fakealert.4154;Deleted.;
yagowifu.dll;C:\My Backup -- 09-04-04 1124AM\WINDOWS\system32;Trojan.Virtumod.1636;Deleted.;
A0007446.reg;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.StartPage.1505;Deleted.;
A0007456.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Win32.HLLW.Viking.34;Deleted.;
A0007463.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1636;Deleted.;
A0007475.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1662;Deleted.;
A0007476.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1662;Deleted.;
A0007477.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1654;Deleted.;
A0007478.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Fakealert.4154;Deleted.;
A0007479.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1660;Deleted.;
A0007480.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1660;Deleted.;
A0007481.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1660;Deleted.;
A0007482.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1660;Deleted.;
A0007483.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1660;Deleted.;
A0007484.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1660;Deleted.;
A0007485.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1636;Deleted.;
A0007486.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1654;Deleted.;
A0007487.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Fakealert.4154;Deleted.;
A0007488.dll;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP10;Trojan.Virtumod.1636;Deleted.;

evilfantasy · « **Reply #21 on:** April 09, 2009, 11:27:01 AM »

How is the computer running now?

asunverneth · « **Reply #22 on:** April 09, 2009, 11:44:00 AM »

its a lot faster than it was but its still a little slow. im scanning with AVG right now and it said it found some vundo

evilfantasy · « **Reply #23 on:** April 09, 2009, 03:21:40 PM »

Quote from: asunverneth on April 09, 2009, 11:44:00 AM

im scanning with AVG right now and it said it found some vundo

Where? Can you see the locations it is finding the Vundo?

asunverneth · « **Reply #24 on:** April 09, 2009, 03:41:32 PM »

heres the AVG log
i think all of the viruses are just in the backup files

"Scan ""Scheduled scan"" was finished."
"Infections";"20";"20";"0"
"Warnings";"50"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Thursday, April 09, 2009, 12:00:01 PM"
"Scan finished:";"Thursday, April 09, 2009, 3:47:29 PM (3 hour(s) 47 minute(s) 28 second(s))"
"Total object scanned:";"1198890"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d814101c22af0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d814101c22af0.bup:\7d814101c22af0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d814123b2d2bf0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d814123b2d2bf0.bup:\7d814123b2d2bf0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d814142b272320.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d814142b272320.bup:\7d814142b272320.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d8171223372130.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d8171223372130.bup:\7d8171223372130.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d8176242cda0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d8176242cda0.bup:\7d8176242cda0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d81762c3a37a0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d81762c3a37a0.bup:\7d81762c3a37a0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d817ea1f1380.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d817ea1f1380.bup:\7d817ea1f1380.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d817ed52ce0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d817ed52ce0.bup:\7d817ed52ce0.bup";"Trojan horse Generic9.AGXT";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d81b71bc29f0.bup";"Virus found Lop";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d81b71bc29f0.bup:\7d81b71bc29f0.bup";"Virus found Lop";"Moved to Virus Vault"
"C:\My Backup -- 09-04-04 1124AM\QooBox\Quarantine\C\WINDOWS\system32\ssttt.dll.vir";"Virus found Vundo";"Moved to Virus Vault"
"C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP11\A0007590.dll";"Trojan horse Generic13.WAY";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\2o7.net.3b7e7590";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\2o7.net.8fc6b540";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\doubleclick.net.ce59db3e";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\revsci.net.26b016c3";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\spinbox.net.dbe8573b";"Found Tracking cookie.Spinbox";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Nat\Application Data\Mozilla\Firefox\Profiles\7qon4nab.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"

evilfantasy · « **Reply #25 on:** April 09, 2009, 03:46:04 PM »

Yes the were in the McAfee quarantine and ComboFix quarantine so they were not actually a threat.

OK I think we can finish up now.

Empty your AVG Quarantined files.

---

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.
.
The above procedure will:

Delete: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

x2543 · « **Reply #26 on:** April 09, 2009, 04:15:29 PM »

not to hack original poster's post, but is SpyBot and/or Adaware still reliable? They were back in the day but ever since i've reformatted and reinstalled windows vista on my machine, I only got an antivirus program, windows firewall on and microsoft's windows defender for which the definitions are being updated via windows update.

evilfantasy · « **Reply #27 on:** April 09, 2009, 04:31:02 PM »

Quote

They were back in the day

The new free tools to have are Malwarebytes' Anti-Malware (MBAM) and SUPERAntiSpyware Free for Home Users .

x2543 · « **Reply #28 on:** April 09, 2009, 08:34:43 PM »

Quote from: evilfantasy on April 09, 2009, 04:31:02 PM

The new free tools to have are Malwarebytes' Anti-Malware (MBAM) and SUPERAntiSpyware Free for Home Users .

Thanks, I did have A-Squared Free but since you already mentioned it's false positive error prone, I was deciding to get a different program that's a bit smarter.

asunverneth · « **Reply #29 on:** April 09, 2009, 10:56:47 PM »

i cant uninstall combofix, its in the backup drive and it won't start up from run. i might have to move it into the new program files folder, unless theres another way to uninstall it

Computer Hope Forum

News:

Author Topic: vundo? (Read 8461 times)

asunverneth

Re: vundo?

evilfantasy

Re: vundo?

asunverneth

Re: vundo?

evilfantasy

Re: vundo?

Helpmeh

Re: vundo?

asunverneth

Re: vundo?

evilfantasy

Re: vundo?

asunverneth

Re: vundo?

evilfantasy

Re: vundo?

asunverneth

Re: vundo?

evilfantasy

Re: vundo?

x2543

Re: vundo?

evilfantasy

Re: vundo?

x2543

Re: vundo?

asunverneth

Re: vundo?