Gen:Trojan.Heur.Vundo

shrub78
shrub78
in Bitdefender 2008 products

I am also infected with the Gen:Trojan.Heur.Vundo virus.


I am running Windows Vista Business 64bit


I have tried to scan from safemode but I am unable to start bitdefender in safemode


Here is my log scan, please help!!!


<?xml version="1.0" encoding="utf-8"?>


<?xml-stylesheet type="text/xsl" href="C:\Program Files\BitDefender\BitDefender 2008\Lang\log_format.xsl"?>


<ScanSession creator="BitDefender Antivirus 2008" version="BitDefender UIScanner v.11" creationDate="16:38:34 13/03/2009" originalPath="C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1236987514_1_02.xml">


<ScanOptions


showWarnings="1" >


<ScanPaths>


<path id="0000">C:\</path>


<path id="0001">D:\</path>


<path id="0002">S:\</path>


</ScanPaths>


<ScanObjects


scanViruses="1"


scanAddware="1"


scanSpyware="1"


scanApplications="1"


scanDialers="1"


scanRootkits="1"


/>


<TargetSelection


heuristicScan="1"


scanArchives="1"


scanRegistryKeys="1"


scanRegistry="1"


scanCookies="1"


memoryProcesses="1"


scanBootSectors="1"


scanEmail="1"


scanAllFiles="1"


scanPackedFiles="1"


scanSubfolders="1"


includeExtensions=""


excludeExtensions=""


/>


<TargetProcessing


infectedAction="3"


suspiciousAction="1"


hiddenAction="1"


/>


</ScanOptions>


<EngineSummary


archivePlugins="45"


mailPlugins="6"


scanPlugins="13"


totalSignatures="2791728"


systemPlugins="5"


unpackPlugins="7"


/>


<ScanSummary


scannedItems="1007771"


infectedItems="16"


suspiciousItems="0"


resolvedItems="13"


scannedArchives="11971"


bootSectorCount="7"


scannedDirectories="41589"


inputOutputErrors="63"


virusesNumber="3"


scanTime="00:02:01:24"


filesPerSecond="138"


>


<FileSummary


scanned="1006020"


archives="11971"


packed="65433"


infected="16"


suspicious="0"


resolved="13"


deleted="1"


moved="0"


copied="0"


/>


<RegistryKeySummary


scanned="1532"


infected="0"


suspicious="0"


/>


<CookieSummary


scanned="219"


infected="0"


suspicious="0"


/>


<ProcessSummary


scanned="0"


infected="0"


suspicious="0"


/>


<MailSummary


scanned="0"


infected="0"


suspicious="0"


/>


</ScanSummary>


<ScanDetails>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00012b44" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00019848" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp0001b0d7" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp000222fa" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00025b48" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00027d1b" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00028371" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00031370" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00032b15" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00033dab" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp00038738" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp0004f362" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Users\Chris Forrest\AppData\Local\Temp\tmp01f4e47e" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "clean" error= "deleted"/>


<AffectedItem itemType ="File" path="C:\Windows\SysWOW64\wvUmmMec.dll" threatType="virus" threatName="Gen:Trojan.Heur.Vundo.207887B7B7" action="delete" finalStatus= "infected" error= "delete failed"/>


</ScanDetails>


</ScanSession>

Comments

  • rootkit
    rootkit ✭✭✭

    Use CCleaner to clean all your temp files:http://www.ccleaner.com/


    ccleaner2.jpg


    Run a full scan with BitDefender in Safe Mode: http://forum.bitdefender.com/index.php?showtopic=1378


    ComboFix is not working on Vista x64. Paste here BitDefender's log after the scan :)

  • shrub78
    shrub78

    Hello - thanks for your help, but It didn't work.


    I downloaded the CCleaner and ran it and then rebooted and scaned in Safemode.


    No Issues were detected (See scan attached scan log). Then when I rebooted again into normal windows mode BitDefender detected the same Gen.Trojan.Heur.Vundo virus (see attached pic).


    post-22487-1237089093_thumb.jpg


    Again I am using BitDefender Antivirus 2008 and Windows Vista Business x64.


    Safemode Scan Log


    <?xml version="1.0" encoding="utf-8"?>


    <?xml-stylesheet type="text/xsl" href="C:\Program Files\BitDefender\BitDefender 2008\Lang\log_format.xsl"?>


    <ScanSession creator="BitDefender Antivirus 2008" version="BitDefender UIScanner v.11" creationDate="20:07:04 14/03/2009" originalPath="C:\Users\Chris Forrest\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\manual_scan\1237086424_1_00.xml">


    <ScanOptions


    showWarnings="0" >


    <ScanPaths>


    <path id="0000">C:\</path>


    </ScanPaths>


    <ScanObjects


    scanViruses="1"


    scanAddware="1"


    scanSpyware="1"


    scanApplications="1"


    scanDialers="1"


    scanRootkits="0"


    />


    <TargetSelection


    heuristicScan="0"


    scanArchives="0"


    scanRegistryKeys="0"


    scanRegistry="0"


    scanCookies="0"


    memoryProcesses="0"


    scanBootSectors="0"


    scanEmail="0"


    scanAllFiles="0"


    scanPackedFiles="0"


    scanSubfolders="1"


    includeExtensions=""


    excludeExtensions=""


    />


    <TargetProcessing


    infectedAction="1"


    suspiciousAction="1"


    hiddenAction="1"


    />


    </ScanOptions>


    <EngineSummary


    archivePlugins="45"


    mailPlugins="6"


    scanPlugins="13"


    totalSignatures="2793174"


    systemPlugins="5"


    unpackPlugins="7"


    />


    <ScanSummary


    scannedItems="942701"


    infectedItems="0"


    suspiciousItems="0"


    resolvedItems="0"


    scannedArchives="11406"


    bootSectorCount="0"


    scannedDirectories="38087"


    inputOutputErrors="46"


    virusesNumber="0"


    scanTime="00:01:32:02"


    filesPerSecond="170"


    >


    <FileSummary


    scanned="942701"


    archives="11406"


    packed="63291"


    infected="0"


    suspicious="0"


    resolved="0"


    deleted="0"


    moved="0"


    copied="0"


    />


    <RegistryKeySummary


    scanned="0"


    infected="0"


    suspicious="0"


    />


    <CookieSummary


    scanned="0"


    infected="0"


    suspicious="0"


    />


    <ProcessSummary


    scanned="0"


    infected="0"


    suspicious="0"


    />


    <MailSummary


    scanned="0"


    infected="0"


    suspicious="0"


    />


    </ScanSummary>


    <ScanDetails>


    </ScanDetails>


    </ScanSession>

  • rootkit
    rootkit ✭✭✭

    Please pack the file(s) in an archive, protected with the password infected.


    Upload it on www.rapidshare.com or other server and leave here the download link.

  • hnyaji
    hnyaji
    edited March 2009

    Hi


    delete the file by going to the safe mode or in DOS.


    You should not have any problem, if you don't delete that file because the result is on a heuristic scan. Bitdefender blocks it, every time it tries to execute.

  • alexcrist
    alexcrist

    Hello Chris Forrest,


    Do you still have the problem?


    Cris.

  • shrub78
    shrub78


    Cris - It seems to have finally worked. Thanks for your help! However, I was not able to pack the files and send them in as I was unsure how to deal with this and I just wanted to rid delete any indication of this virus on my computer.


    Anyway thanks again!


    Chris

  • alexcrist
    alexcrist

    OK. Since you solved your problem, I will close this thread. If the problem reappears, please contact one of the moderators to open this topic for you.


    Cris.


    == Topic closed ==

This discussion has been closed.

All Time Leaders

Categories

Defenders of the month