Vundo and more...won't go away!

tomleen

hi,

i have a number of problems which are being picked up when i do

a deep system scan and also being picked up by bitdef antivirus.

I have tried a few vundo fixes to no avail. any help much appreciated!

thanks,

tom

below is the results of deep system scan..

//-----------------------------------------------------------------

// Product BitDefender Antivirus v10

// Product 10.2

// Created on: 30/05/2007 17:13:32

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\

F:\

Folders : 7882

Files : 324752

Memory processes scanned : 18

Archives : 2293

Runtime packers : 25036

Identified viruses : 8

Infected files : 16

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 10

I/O errors : 29

Scan time : 00:56:21

Scan speed (files/sec) : 96

Spyware Statistics

Registry keys scanned : 1766

Registry keys infected : 0

Cookies scanned : 54

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 557133

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1180541611.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

C:\Documents and Settings\Owner\3.tmp Infected: Trojan.Clicker.Costrat.AS

C:\Documents and Settings\Owner\3.tmp Disinfection failed

C:\Documents and Settings\Owner\3.tmp Moved

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>BlackBox.class Infected: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>BlackBox.class Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>VerifierBug.class Infected: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Dummy.class Infected: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Dummy.class Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Beyond.class Infected: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5 Moved

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>BlackBox.class Infected: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>BlackBox.class Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>VerifierBug.class Infected: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Dummy.class Infected: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Dummy.class Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Beyond.class Infected: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f Moved

C:\puqnymc.exe Infected: DeepScan:Generic.Malware.Fdld!!.6D73E5E5

C:\puqnymc.exe Disinfection failed

C:\puqnymc.exe Moved

C:\VundoFix Backups\qomnmno.dll.bad Detected: Adware.Virtumonde.GES

C:\VundoFix Backups\qomnmno.dll.bad Disinfection failed

C:\VundoFix Backups\qomnmno.dll.bad Moved

C:\WINDOWS\system32\qomjkii.dll.vir Infected: Trojan.Vundo.BA

C:\WINDOWS\system32\qomjkii.dll.vir Disinfection failed

C:\WINDOWS\system32\qomjkii.dll.vir Moved

C:\WINDOWS\system32\winsys64.exe Infected: Dropped:Trojan.Downloader.Agent.YCY

C:\WINDOWS\system32\winsys64.exe Disinfection failed

C:\WINDOWS\system32\winsys64.exe Moved

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Infected: Trojan.Vundo.BA

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Disinfection failed

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Moved

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Infected: Trojan.Vundo.BA

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Disinfection failed

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Moved

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Infected: Trojan.Vundo.BA

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Disinfection failed

F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Moved

Find more posts tagged with

Comments

Niels

Hi Tom

I recommend that you download :

superantispyware : http://downloads2.superantispyware.com/dow...AntiSpyware.exe Update it. After that reboot into safe mode by pressing several times on the f8 button before the windows loadingscreen. Choose safe mode.

rogueremover: http://www.majorgeeks.com/RogueRemover_d5360.html Check for updates and let it run.

Regards

Niels

bluestar49

Hi,Neils

My PC was infected a month ago.Bitdenfender scaned and found out a virus named DeepScan:Generic.Virtumonde.1.9EF8A3E8.But it cant either disinfect or move to that file to Quarantine.That file is vtsqn.dll in system32.I've done what you told above but I still cant remove it.Please help me.

Virus Statistics

Scan path : C:\WINDOWS\system32\vtsqn.dll

Folders : 0

Files : 4

Memory processes scanned : 0

Archives : 0

Runtime packers : 2

Identified viruses : 1

Infected files : 1

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 0

Scan time : 00:00:05

Scan speed (files/sec) : 0

Virus definitions : 1358925

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

Summary:

C:\WINDOWS\system32\vtsqn.dll Infected: DeepScan:Generic.Virtumonde.1.9EF8A3E3

C:\WINDOWS\system32\vtsqn.dll Disinfection failed

C:\WINDOWS\system32\vtsqn.dll Move failed

AndreiASM

There are very big chances that the trojan injects it's code into other processes, like explorer or winlogon. Though, you should try to make a deep system scan in safe mode, and see if that solves the problem. See this topic on how to scan your PC in safe mode with BitDefender. If this won't solve the problem either, you may try an unlocker. Donwload the unlocker here, install it, right-click on the trojan's dll, click "Unlocker" and try to delete it. If that won't work either, you should follow Cd-Man's topic here on how to remove this kind of malware files.

Andrei

JGray152

I have had experience with a few Vundo issues on 2 computers. They like to run one file under explorer and winlogin. If you attempt to disable one or the other, they will simply come back.

I find unlocker is the only way to go when manually deleting Vundo files.

There is also a program out there called Pocket Killbox. This helps to delete stuborn files as well. Try both out but you should be set with Unlocker.

I would Reccomend running CCleaner first. This cleans up your system VERY well.