Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Vundo.dvs Once Again.....

Options
garfieldthecat
garfieldthecat
in Malware talk

got a dose of vundo again, anyone able to help?


reported infestation of vundo.dvs


thanks


Garf

Comments

  • rootkit
    rootkit ✭✭✭
    edited July 2008
    Options

    Please post HERE a Hijackthis log !


    Instructions: http://forum.bitdefender.com/index.php?showtopic=5668

  • garfieldthecat
    garfieldthecat
    Options
    Please post HERE a Hijackthis log !


    Instructions: http://forum.bitdefender.com/index.php?showtopic=5668


    Logfile of HijackThis v1.99.1


    Scan saved at 14.48.55, on 02/07/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Programmi\Windows Defender\MsMpEng.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe


    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe


    C:\Programmi\Alwil Software\Avast4\ashServ.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe


    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe


    C:\Programmi\Logitech\iTouch\iTouch.exe


    C:\Programmi\Windows Defender\MSASCui.exe


    C:\Programmi\iTunes\iTunesHelper.exe


    C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe


    C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe


    C:\WINDOWS\RTHDCPL.EXE


    C:\WINDOWS\system32\RUNDLL32.EXE


    C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe


    C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    C:\WINDOWS\system32\rundll32.exe


    C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe


    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe


    C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe


    C:\Programmi\filehippo.com\UpdateChecker.exe


    C:\Programmi\Skype\Phone\Skype.exe


    C:\Programmi\Google\Google Updater\GoogleUpdater.exe


    C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe


    C:\Programmi\Logitech\SetPoint\SetPoint.exe


    C:\Programmi\12Ghosts\12wash.exe


    C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\DesktopComic.exe


    C:\Programmi\Alice ti aiuta\bin\mpbtn.exe


    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Programmi\Bonjour\mDNSResponder.exe


    C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe


    C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe


    C:\WINDOWS\system32\nvsvc32.exe


    C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe


    C:\WINDOWS\system32\oodag.exe


    C:\WINDOWS\system32\PnkBstrA.exe


    C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE


    C:\Programmi\UPHClean\uphclean.exe


    C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe


    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe


    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe


    C:\Programmi\iPod\bin\iPodService.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Programmi\Skype\Plugin Manager\skypePM.exe


    C:\Programmi\Windows Live\Messenger\usnsvc.exe


    C:\PROGRA~1\Mozilla Firefox\firefox.exe


    C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE


    C:\Programmi\µtorrent 1.7.5 Emu 1.6 LP\utorrent 1.7.5_original.exe


    C:\Programmi\BitDefender\BitDefender 2008\seccenter.exe


    C:\Programmi\BitDefender\BitDefender 2008\uiscan.exe


    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti


    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll


    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll


    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


    O4 - HKLM\..\Run: [samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun


    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"


    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe


    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe


    O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide


    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE


    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"


    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe


    O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe


    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE


    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG Utility] C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe


    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"


    O4 - HKLM\..\Run: [bDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"


    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe


    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background


    O4 - HKCU\..\Run: [filehippo.com] "C:\Programmi\filehippo.com\UpdateChecker.exe" /background


    O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized


    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    O4 - Startup: 12Ghosts Wash.lnk = C:\Programmi\12Ghosts\12wash.exe


    O4 - Startup: DesktopComic.exe


    O4 - Startup: hamachi.lnk = C:\Programmi\Hamachi\hamachi.exe


    O4 - Startup: ubisoft register.lnk = C:\Programmi\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe


    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe


    O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe


    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe


    O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe


    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present


    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL


    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll


    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll


    O9 - Extra button: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe


    O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll


    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab


    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab


    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195688068937


    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab


    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab


    O17 - HKLM\System\CCS\Services\Tcpip\..\{470A2ADC-7B3E-4E13-8D7B-FB5E355F76B6}: NameServer = 85.37.17.55 85.38.28.93


    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL


    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll


    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL


    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL


    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL


    O20 - Winlogon Notify: LBTWlgn - c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll


    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll


    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll


    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe


    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe


    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe


    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)


    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)


    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe


    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe


    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)


    O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe


    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe


    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)


    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)


    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

  • Niels
    Niels
    Options

    Hello garfieldthecat,


    Were did BitDefender detected vundo.dvs? If found in the system volume information folder follow the instructions that are mentionned here. To obtain that information right click on the red BitDefender icon near the system tray and press on show after that press on history. Click on the antivirus section and look for the latest entry where scan was finished. Press on scanlogbook and please post the locations.


    Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.


    Kind regards,


    Niels

  • garfieldthecat
    garfieldthecat
    Options

    Mmmmmmmmmmmm run the Bit def again and its gone.....


    its only visible in the quaritine section.


    with a re scan its gone....


    too easy.... or not?


    thanks for the assistance.


    garf.

  • Niels
    Niels
    Options

    Hello garfieldthecat,


    I still recommend that you post also a combofix logfile. Just to be sure. Did you ran a deep scan with BitDefender? It might be gone but to know that I need that logfile.


    Kind regards,


    Niels

All Time Leaders

Categories

Defenders of the month