Another 'i Need Help' Thread

intense_cutn
intense_cutn
in Malware talk

my dad has just put bitdefender on his computer, and it found some stuff but it can't remove or disenfect them. there are those little warning boxes that say bitsefender has blocked the trojans, but they pop up like every few seconds. here is the log.


Virus Statistics


Scan path : C:\


Folders : 3530


Files : 13945


Memory processes scanned : 45


Archives : 3


Runtime packers : 711


Identified viruses : 6


Infected files : 18


Memory processes infected : 4


Suspect files : 0


Warnings : 0


Disinfected files : 0


Deleted files : 0


Moved files : 9


I/O errors : 8


Scan time : 00:09:47


Scan speed (files/sec) : 23


Spyware Statistics


Registry keys scanned : 372


Registry keys infected : 5


Cookies scanned : 4


Cookies infected : 0


Spyware files infected : 0


Spyware threats detected : 1


Virus definitions : 962200


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 7


Mail plugins : 6


System plugins : 5


Virus scan options


Detection


[X] Scan boot sectors


[X] Memory Processes


[ ] Scan archives


[X] Scan runtime packers


[X] Scan email


File mask


[X] Programs


[ ] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Move to quarantine


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[X] Move to quarantine


[ ] Prompt user


Virus scan options


[X] Enable warnings


[ ] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1198644486.log


Spyware scan options


[X] Scan for riskware


[ ] Skip dial and applications from scan


[X] Registry keys


[X] Cookies


Summary:


<System>=>C:\Apps\Powercinema\PCMService.exe (memory dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Apps\Powercinema\PCMService.exe (memory dump) Disinfection failed


<System>=>C:\Apps\Powercinema\PCMService.exe (memory dump) Move failed


<System>=>C:\Apps\Powercinema\PCMService.exe (disk) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Apps\Powercinema\PCMService.exe (disk) Disinfection failed


<System>=>C:\Apps\Powercinema\PCMService.exe (disk) Move failed


<System>=>C:\Apps\Powercinema\PCMService.exe (full dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Apps\Powercinema\PCMService.exe (full dump) Disinfection failed


<System>=>C:\Apps\Powercinema\PCMService.exe (full dump) Move failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (memory dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (memory dump) Disinfection failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (memory dump) Move failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (disk) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (disk) Disinfection failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (disk) Move failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (full dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (full dump) Disinfection failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdmcon.exe (full dump) Move failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (memory dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (memory dump) Disinfection failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (memory dump) Move failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (disk) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (disk) Disinfection failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (disk) Move failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (full dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (full dump) Disinfection failed


<System>=>C:\Program Files\Softwin\BitDefender10\bdagent.exe (full dump) Move failed


<System>=>C:\WINDOWS\system32\ctfmon.exe (memory dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\WINDOWS\system32\ctfmon.exe (memory dump) Disinfection failed


<System>=>C:\WINDOWS\system32\ctfmon.exe (memory dump) Move failed


<System>=>C:\WINDOWS\system32\ctfmon.exe (full dump) Infected: Trojan.Dropper.Vundo.D


<System>=>C:\WINDOWS\system32\ctfmon.exe (full dump) Disinfection failed


<System>=>C:\WINDOWS\system32\ctfmon.exe (full dump) Move failed


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NEROCHECK\EventMessageFile=>C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NEROCHECK.EXE Detected: Trojan.Dropper.Vundo.D


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NEROCHECK\EventMessageFile=>C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NEROCHECK.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NEROCHECK\EventMessageFile=>C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NEROCHECK.EXE Move failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PCMService=>C:\APPS\POWERCINEMA\PCMSERVICE.EXE Detected: Trojan.Dropper.Vundo.D


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PCMService=>C:\APPS\POWERCINEMA\PCMSERVICE.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PCMService=>C:\APPS\POWERCINEMA\PCMSERVICE.EXE Move failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDMCon=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDMCON.EXE Detected: Trojan.Dropper.Vundo.D


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDMCon=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDMCON.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDMCon=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDMCON.EXE Move failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDAgent=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDAGENT.EXE Detected: Trojan.Dropper.Vundo.D


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDAgent=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDAGENT.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BDAgent=>C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\BDAGENT.EXE Move failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NBKeyScan=>C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBKEYSCAN.EXE Detected: Trojan.Dropper.Vundo.D


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NBKeyScan=>C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBKEYSCAN.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NBKeyScan=>C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBKEYSCAN.EXE Move failed


C:\APPS\Powercinema\PCMService.exe Infected: Trojan.Dropper.Vundo.D


C:\APPS\Powercinema\PCMService.exe Disinfection failed


C:\APPS\Powercinema\PCMService.exe Moved


C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\PCMService.exe Infected: Trojan.Dropper.Vundo.D


C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\PCMService.exe Disinfection failed


C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\PCMService.exe Moved


C:\Documents and Settings\Owner\Local Settings\Temp\RarSFX1\setup2.exe Infected: Trojan.Agent.APT


C:\Documents and Settings\Owner\Local Settings\Temp\RarSFX1\setup2.exe Disinfection failed


C:\Documents and Settings\Owner\Local Settings\Temp\RarSFX1\setup2.exe Moved


C:\Documents and Settings\Owner\My Documents\jacks stuff\stress reducers.exe Detected: Application.Joke.Stressrelief.B


C:\Documents and Settings\Owner\My Documents\jacks stuff\stress reducers.exe Disinfection failed


C:\Documents and Settings\Owner\My Documents\jacks stuff\stress reducers.exe Moved


C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Infected: Trojan.Dropper.Vundo.D


C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Disinfection failed


C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Moved


C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe Infected: Trojan.Dropper.Vundo.D


C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe Disinfection failed


C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe Moved


C:\Program Files\Softwin\BitDefender10\bdagent.exe Infected: Trojan.Dropper.Vundo.D


C:\Program Files\Softwin\BitDefender10\bdagent.exe Disinfection failed


C:\Program Files\Softwin\BitDefender10\bdagent.exe Moved


C:\Program Files\Softwin\BitDefender10\bdmcon.exe Infected: Trojan.Dropper.Vundo.D


C:\Program Files\Softwin\BitDefender10\bdmcon.exe Disinfection failed


C:\Program Files\Softwin\BitDefender10\bdmcon.exe Moved


C:\WINDOWS\system32\mllml.dll Infected: Trojan.Vundo.DUE


C:\WINDOWS\system32\mllml.dll Disinfection failed


C:\WINDOWS\system32\mllml.dll Move failed


C:\WINDOWS\system32\mllml.exe Infected: Trojan.Dropper.Vundo.D


C:\WINDOWS\system32\mllml.exe Disinfection failed


C:\WINDOWS\system32\mllml.exe Moved


C:\WINDOWS\system32\yayvstr.dll Detected: Adware.Virtumonde.XE


C:\WINDOWS\system32\yayvstr.dll Disinfection failed


C:\WINDOWS\system32\yayvstr.dll Move failed

Comments

  • alexcrist
    alexcrist
    edited December 2007

    Hello intense_cutn,


    The virus your dad has is extremely nasty (as you probably noticed, even BitDefender was infected by it).


    Please download HijackThis!, make a scan and post the log (but don't attempt to fix anything, unless you know what you're doing!). Maybe we can help you clean it :)


    Cris.

All Time Leaders

Categories

Defenders of the month - March