Another 'i Need Help' Thread

my dad has just put bitdefender on his computer, and it found some stuff but it can't remove or disenfect them. there are those little warning boxes that say bitsefender has blocked the trojans, but they pop up like every few seconds. here is the log.

Virus Statistics

Scan path : C:\

Folders : 3530

Files : 13945

Memory processes scanned : 45

Archives : 3

Runtime packers : 711

Identified viruses : 6

Infected files : 18

Memory processes infected : 4

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 9

I/O errors : 8

Scan time : 00:09:47

Scan speed (files/sec) : 23

Spyware Statistics

Registry keys scanned : 372

Registry keys infected : 5

Cookies scanned : 4

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 1

Virus definitions : 962200

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[X] Programs

[ ] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[ ] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1198644486.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

<System>=>C:\Apps\Powercinema\PCMService.exe (memory dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Apps\Powercinema\PCMService.exe (memory dump) Disinfection failed

<System>=>C:\Apps\Powercinema\PCMService.exe (memory dump) Move failed

<System>=>C:\Apps\Powercinema\PCMService.exe (disk) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Apps\Powercinema\PCMService.exe (disk) Disinfection failed

<System>=>C:\Apps\Powercinema\PCMService.exe (disk) Move failed

<System>=>C:\Apps\Powercinema\PCMService.exe (full dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Apps\Powercinema\PCMService.exe (full dump) Disinfection failed

<System>=>C:\Apps\Powercinema\PCMService.exe (full dump) Move failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (memory dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (memory dump) Disinfection failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (memory dump) Move failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (disk) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (disk) Disinfection failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (disk) Move failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (full dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (full dump) Disinfection failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (full dump) Move failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (memory dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (memory dump) Disinfection failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (memory dump) Move failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (disk) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (disk) Disinfection failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (disk) Move failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (full dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (full dump) Disinfection failed

<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (full dump) Move failed

<System>=>C:\WINDOWS\system32\ctfmon.exe (memory dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\WINDOWS\system32\ctfmon.exe (memory dump) Disinfection failed

<System>=>C:\WINDOWS\system32\ctfmon.exe (memory dump) Move failed

<System>=>C:\WINDOWS\system32\ctfmon.exe (full dump) Infected: Trojan.Dropper.Vundo.D

<System>=>C:\WINDOWS\system32\ctfmon.exe (full dump) Disinfection failed

<System>=>C:\WINDOWS\system32\ctfmon.exe (full dump) Move failed

<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NEROCHECK\EventMessageFile=>C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NEROCHECK.EXE Detected: Trojan.Dropper.Vundo.D

<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NEROCHECK\EventMessageFile=>C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NEROCHECK.EXE Disinfection failed

<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NEROCHECK\EventMessageFile=>C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NEROCHECK.EXE Move failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PCMService=>C:\APPS\POWERCINEMA\PCMSERVICE.EXE Detected: Trojan.Dropper.Vundo.D

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PCMService=>C:\APPS\POWERCINEMA\PCMSERVICE.EXE Disinfection failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PCMService=>C:\APPS\POWERCINEMA\PCMSERVICE.EXE Move failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDMCon=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDMCON.EXE Detected: Trojan.Dropper.Vundo.D

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDMCon=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDMCON.EXE Disinfection failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDMCon=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDMCON.EXE Move failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDAgent=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDAGENT.EXE Detected: Trojan.Dropper.Vundo.D

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDAgent=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDAGENT.EXE Disinfection failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDAgent=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDAGENT.EXE Move failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NBKeyScan=>C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBKEYSCAN.EXE Detected: Trojan.Dropper.Vundo.D

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NBKeyScan=>C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBKEYSCAN.EXE Disinfection failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NBKeyScan=>C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBKEYSCAN.EXE Move failed

C:\APPS\Powercinema\PCMService.exe Infected: Trojan.Dropper.Vundo.D

C:\APPS\Powercinema\PCMService.exe Disinfection failed

C:\APPS\Powercinema\PCMService.exe Moved

C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\PCMService.exe Infected: Trojan.Dropper.Vundo.D

C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\PCMService.exe Disinfection failed

C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\PCMService.exe Moved

C:\Documents and Settings\Owner\Local Settings\Temp\RarSFX1\setup2.exe Infected: Trojan.Agent.APT

C:\Documents and Settings\Owner\Local Settings\Temp\RarSFX1\setup2.exe Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temp\RarSFX1\setup2.exe Moved

C:\Documents and Settings\Owner\My Documents\jacks stuff\stress reducers.exe Detected: Application.Joke.Stressrelief.B

C:\Documents and Settings\Owner\My Documents\jacks stuff\stress reducers.exe Disinfection failed

C:\Documents and Settings\Owner\My Documents\jacks stuff\stress reducers.exe Moved

C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Infected: Trojan.Dropper.Vundo.D

C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Disinfection failed

C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Moved

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe Infected: Trojan.Dropper.Vundo.D

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe Disinfection failed

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe Moved

C:\Program Files\Softwin\BitDefender10\bdagent.exe Infected: Trojan.Dropper.Vundo.D

C:\Program Files\Softwin\BitDefender10\bdagent.exe Disinfection failed

C:\Program Files\Softwin\BitDefender10\bdagent.exe Moved

C:\Program Files\Softwin\BitDefender10\bdmcon.exe Infected: Trojan.Dropper.Vundo.D

C:\Program Files\Softwin\BitDefender10\bdmcon.exe Disinfection failed

C:\Program Files\Softwin\BitDefender10\bdmcon.exe Moved

C:\WINDOWS\system32\mllml.dll Infected: Trojan.Vundo.DUE

C:\WINDOWS\system32\mllml.dll Disinfection failed

C:\WINDOWS\system32\mllml.dll Move failed

C:\WINDOWS\system32\mllml.exe Infected: Trojan.Dropper.Vundo.D

C:\WINDOWS\system32\mllml.exe Disinfection failed

C:\WINDOWS\system32\mllml.exe Moved

C:\WINDOWS\system32\yayvstr.dll Detected: Adware.Virtumonde.XE

C:\WINDOWS\system32\yayvstr.dll Disinfection failed

C:\WINDOWS\system32\yayvstr.dll Move failed

Find more posts tagged with

Comments

alexcrist

Hello intense_cutn,

The virus your dad has is extremely nasty (as you probably noticed, even BitDefender was infected by it).

Please download HijackThis!, make a scan and post the log (but don't attempt to fix anything, unless you know what you're doing!). Maybe we can help you clean it

Cris.