TotalBalance

Now the internet explorer and Mozilla are both popping trash up again...blank windows , blank tabs and sometimes some advertising tabs and windows.. Erik.

And heres the zip file of the infected files: [Password: Infected] /applications/core/interface/file/attachment.php?id=2262" data-fileid="2262" rel="">Infected.zip And heres his latest Hijackthis log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:47:22, on 17.06.2008 Platform: Windows Vista SP1 (WinNT…

Ok , he did all that you requested before (AND Is VERY greatful for your help even though you said that you shouldn't help us at all...) And the result is it's all OK at the moment.. But i'll inform as soon as i can if there are any changes.. Here is the log of combofix: ComboFix 08-06-16.5 - Kalmu 2008-06-17 23:07:15.1 -…

are you all some computer spets ?

I am not a BD employee, neither the the people you named. I did this in my spare time. And you are welcome. I know , and that was real nice of you . ( there was a pronoun "and" between the names of ya'll and the BD employees too so i didn't think you are an employee xD ) But let's not start arguing about it !! Thank you…

Oh , and if my system is clean atlast then i want to give big thanks to : farbar , Chesda , Niels and adt and the whole BD employees , and this forum too

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:44:16, on 27.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:05, on 27.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…

ComboFix 08-02-25.3 - Kodu 2008-02-27 18:34:31.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1615 [GMT 2:00] Running from: C:\Documents and Settings\Kodu\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Kodu\Desktop\CFScript.txt * Created a new restore point WARNING -THIS…

Antivirus Version Last Update Result AhnLab-V3 2008.2.27.0 2008.02.27 - AntiVir 7.6.0.67 2008.02.27 - Authentium 4.93.8 2008.02.27 Possibly a new variant of W32/Swizzor-based!Maximus Avast 4.7.1098.0 2008.02.26 - AVG 7.5.0.516 2008.02.27 - BitDefender 7.2 2008.02.27 - CAT-QuickHeal 9.50 2008.02.26 -…

2. Do you know this Junk2Time, have you installed it yourself? 3. Is there anything in add/remove program by this name? No , i don't know that program , it isn't installed by me and it's not on the add/remove program .

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:59:39, on 27.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…

ComboFix 08-02-25.3 - Kodu 2008-02-27 7:47:28.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1628 [GMT 2:00] Running from: C:\Documents and Settings\Kodu\My Documents\ComboFix.exe Command switches used :: C:\Documents and Settings\Kodu\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE…

yeah i uninstalled the windows live messenger main program , but i thought , maybe the other relative programs don't disturbe the work : windows live OneCare safety scanner , and windows live login helper (or something like that) Edit: And i must add , i had some Blue error screen just a few moments ago that made me…

ComboFix 08-02-25.3 - Kodu 2008-02-26 15:03:26.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1579 [GMT 2:00] Running from: C:\Documents and Settings\Kodu\My Documents\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other…

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:12:02, on 26.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…

You have not attached them as it is instructed. How the virus researchers could have downloaded something you have not uploaded properly. And may be they don't want the files or perhaps they are overloaded with the work they are doing and later on attend to those files. Even if the files are of no use it would be nice to…

http://forum.bitdefender.com/index.php?sho...c=4535&st=0 this topic has some suspected files

I don't know really what you want me to say about that. It confirms that you do the steps backward as those files are not attached yet. But about the log: It confirms that the file named is indeed removed. It also confirms that you are still infected because Vundo makes a new infected file, and it confirms that the whole…

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:21:01, on 25.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…

/applications/core/interface/file/attachment.php?id=19759" data-fileext="zip" rel="">suspected_files.rar.zipok these are the files that farbar wanted me to upload , but i didn't find those files : gebcb.dll and ocvknxsh.dll i think VundoFix deleted/fixed those files , and winampa.exe isn't infected .(i don't know if the…

it takes alot of time to upload it :S

my documents is full of files named like this : pos1A , pos1A1 , pos1F7 what should i do about them ? just delete them ? (and local disk C: too

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:22, on 23.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:28, on 23.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…

I had some happiness tears in my eyes when i fixed the vundo because i thought that i have to format local disk C . I love ya'll at bitdefender and other guys . Thank you again

Hi, I am know looking at your log. I can assist you removing the malware. It is not just vundo, it is multiple infection. If you want me to help you step by step removing the malware post back. In that case I want you to follow the steps I am going to give you and fix nothing on your own or the suggestions of others. I am…

erm... it says Error 404! /download4954.html/url File Not Found!

is there a removal tool for that Vundo ? Or any way to get rid of it ?

Ok these are some suspected files from me : I don't know but i think i made the password :Infected /applications/core/interface/file/attachment.php?id=1556" data-fileid="1556" rel="">suspected_files.zip