Vundo and more...won't go away!

hi,


i have a number of problems which are being picked up when i do


a deep system scan and also being picked up by bitdef antivirus.


I have tried a few vundo fixes to no avail. any help much appreciated!


thanks,


tom


below is the results of deep system scan..


//-----------------------------------------------------------------


//


// Product BitDefender Antivirus v10


// Product 10.2


//


// Created on: 30/05/2007 17:13:32


//


//-----------------------------------------------------------------


Virus Statistics


Scan path : C:\


F:\


Folders : 7882


Files : 324752


Memory processes scanned : 18


Archives : 2293


Runtime packers : 25036


Identified viruses : 8


Infected files : 16


Memory processes infected : 0


Suspect files : 0


Warnings : 0


Disinfected files : 0


Deleted files : 0


Moved files : 10


I/O errors : 29


Scan time : 00:56:21


Scan speed (files/sec) : 96


Spyware Statistics


Registry keys scanned : 1766


Registry keys infected : 0


Cookies scanned : 54


Cookies infected : 0


Spyware files infected : 0


Spyware threats detected : 0


Virus definitions : 557133


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 6


Mail plugins : 6


System plugins : 5


Virus scan options


Detection


[X] Scan boot sectors


[X] Memory Processes


[X] Scan archives


[X] Scan runtime packers


[X] Scan email


File mask


[ ] Programs


[X] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Move to quarantine


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[X] Move to quarantine


[ ] Prompt user


Virus scan options


[X] Enable warnings


[X] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1180541611.log


Spyware scan options


[X] Scan for riskware


[ ] Skip dial and applications from scan


[X] Registry keys


[X] Cookies


Summary:


C:\Documents and Settings\Owner\3.tmp Infected: Trojan.Clicker.Costrat.AS


C:\Documents and Settings\Owner\3.tmp Disinfection failed


C:\Documents and Settings\Owner\3.tmp Moved


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>BlackBox.class Infected: Java.Trojan.Exploit.Bytverify


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>BlackBox.class Disinfection failed


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>VerifierBug.class Infected: Java.Trojan.Exploit.Bytverify.C


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Dummy.class Infected: Java.Trojan.Exploit.Bytverify


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Dummy.class Disinfection failed


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Beyond.class Infected: Java.Trojan.Exploit.Bytverify.C


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5 Moved


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>BlackBox.class Infected: Java.Trojan.Exploit.Bytverify


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>BlackBox.class Disinfection failed


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>VerifierBug.class Infected: Java.Trojan.Exploit.Bytverify.C


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Dummy.class Infected: Java.Trojan.Exploit.Bytverify


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Dummy.class Disinfection failed


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Beyond.class Infected: Java.Trojan.Exploit.Bytverify.C


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f Moved


C:\puqnymc.exe Infected: DeepScan:Generic.Malware.Fdld!!.6D73E5E5


C:\puqnymc.exe Disinfection failed


C:\puqnymc.exe Moved


C:\VundoFix Backups\qomnmno.dll.bad Detected: Adware.Virtumonde.GES


C:\VundoFix Backups\qomnmno.dll.bad Disinfection failed


C:\VundoFix Backups\qomnmno.dll.bad Moved


C:\WINDOWS\system32\qomjkii.dll.vir Infected: Trojan.Vundo.BA


C:\WINDOWS\system32\qomjkii.dll.vir Disinfection failed


C:\WINDOWS\system32\qomjkii.dll.vir Moved


C:\WINDOWS\system32\winsys64.exe Infected: Dropped:Trojan.Downloader.Agent.YCY


C:\WINDOWS\system32\winsys64.exe Disinfection failed


C:\WINDOWS\system32\winsys64.exe Moved


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Infected: Trojan.Vundo.BA


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Disinfection failed


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Moved


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Infected: Trojan.Vundo.BA


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Disinfection failed


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Moved


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Infected: Trojan.Vundo.BA


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Disinfection failed


F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Moved

Comments

  • Hi Tom


    I recommend that you download :


    superantispyware : http://downloads2.superantispyware.com/dow...AntiSpyware.exe Update it. After that reboot into safe mode by pressing several times on the f8 button before the windows loadingscreen. Choose safe mode.


    rogueremover: http://www.majorgeeks.com/RogueRemover_d5360.html Check for updates and let it run.


    Regards


    Niels

  • Hi,Neils


    My PC was infected a month ago.Bitdenfender scaned and found out a virus named DeepScan:Generic.Virtumonde.1.9EF8A3E8.But it cant either disinfect or move to that file to Quarantine.That file is vtsqn.dll in system32.I've done what you told above but I still cant remove it.Please help me.


    Virus Statistics


    Scan path : C:\WINDOWS\system32\vtsqn.dll


    Folders : 0


    Files : 4


    Memory processes scanned : 0


    Archives : 0


    Runtime packers : 2


    Identified viruses : 1


    Infected files : 1


    Memory processes infected : 0


    Suspect files : 0


    Warnings : 0


    Disinfected files : 0


    Deleted files : 0


    Moved files : 0


    I/O errors : 0


    Scan time : 00:00:05


    Scan speed (files/sec) : 0


    Virus definitions : 1358925


    Scan plugins : 16


    Archive plugins : 41


    Unpack plugins : 6


    Mail plugins : 6


    System plugins : 5


    Summary:


    C:\WINDOWS\system32\vtsqn.dll Infected: DeepScan:Generic.Virtumonde.1.9EF8A3E3


    C:\WINDOWS\system32\vtsqn.dll Disinfection failed


    C:\WINDOWS\system32\vtsqn.dll Move failed

  • There are very big chances that the trojan injects it's code into other processes, like explorer or winlogon. Though, you should try to make a deep system scan in safe mode, and see if that solves the problem. See this topic on how to scan your PC in safe mode with BitDefender. If this won't solve the problem either, you may try an unlocker. Donwload the unlocker here, install it, right-click on the trojan's dll, click "Unlocker" and try to delete it. If that won't work either, you should follow Cd-Man's topic here on how to remove this kind of malware files.


    Andrei

  • JGray152
    edited August 2007

    I have had experience with a few Vundo issues on 2 computers. They like to run one file under explorer and winlogin. If you attempt to disable one or the other, they will simply come back.


    I find unlocker is the only way to go when manually deleting Vundo files.


    There is also a program out there called Pocket Killbox. This helps to delete stuborn files as well. Try both out but you should be set with Unlocker.


    I would Reccomend running CCleaner first. This cleans up your system VERY well.