Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

vundo hiding?

  
Goto page 1, 2, 3
   Security Forums (Home) -> General Discussions RSS
Next:  Can't get rid of Vundo, please help  
Author Message
Jay

External


Since: Nov 25, 2007
Posts: 8



(Msg. 1) Posted: Sun Nov 25, 2007 12:49 pm
Post subject: vundo hiding?
Archived from groups: alt>comp>virus (more info?)
I've been struggling with trying to get rid of the Vundo virus for
about a week but it seems pretty stubborn. Here's the story:

- McAfee is alerting me every hour that the Vundo virus was blocked.
It cleans and/or deletes randomly named .dll's that I think are
related to c:\windows\explore.exe.
- I've run full system scans with McAfee in safe modes (suspending the
3 services as specified in the McAfee instructions on the site).
- I've also run FixVundo off the Symantic web site (v. 1.5.0.0) but it
doesn't detect anything.
- As far as I can tell, nothing can find or detect anything on my hard
drive any more but McAfee on-access protection blocks it every hour (I
actually get 2 similar blocks at the same time every hour).

I'm attaching the HijackThis file for my PC. It means little to me
but maybe someone could give me a clue about how to proceed. THANK
YOU !!!
- Dex

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:18 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Adobe\Photoshop Elements
5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ROVA Update\rovasrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://proxy.ml.com:8083
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-
BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-
E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:
\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier
\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C8829776-6391-4F53-A6FA-370D57FA9087} - C:
\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:
\WINDOWS\system32\ljjjkhi.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:
\PROGRA~1\BLUELI~1\Toolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-
E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp
color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp
color LaserJet 2550 PCL 6" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon
\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ROVATray] C:\Program Files\ROVA\rovatray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Motive SmartBridge] C:
\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart
\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy
\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative
\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [A Verizon App] C:
\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic
\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins
\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/...ctivex/
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver
Installation Control) -
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -
http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl
Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCat...gWebCon
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games -
Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O20 - Winlogon Notify: ljjjkhi - C:\WINDOWS\SYSTEM32\ljjjkhi.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4
Internet Ltd - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Adobe Active File Monitor V5
(AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe
\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files
\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS
\System32\drivers\CDAC11BA.EXE
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS
\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper
Networks - C:\Program Files\Juniper Networks\Common Files
\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1050\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS
\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee,
Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:
\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program
Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS
\system32\HPZipm12.exe
O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program
Files\ROVA Update\rovasrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10996 bytes

 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
pcbutts1

External


Since: Oct 14, 2007
Posts: 190



(Msg. 2) Posted: Sun Nov 25, 2007 1:24 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
You have a rootkit installed. Follow the instructions below to clean your
system.
Click on the Start button.
Click Run.
In the Open: field type cmd /k sc delete $sys$aries and press the OK button.
Reboot your computer
Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir% with
the directory that Windows is installed on your computer)
Run Remove-it (check your email for the software)
Run HJT again and post another log

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Jay" <jkosmides RemoveThis @gmail.com> wrote in message
news:c64d3589-867e-4ea9-9f8f-28ddcaa33625@b40g2000prf.googlegroups.com...
> I've been struggling with trying to get rid of the Vundo virus for
> about a week but it seems pretty stubborn. Here's the story:
>
> - McAfee is alerting me every hour that the Vundo virus was blocked.
> It cleans and/or deletes randomly named .dll's that I think are
> related to c:\windows\explore.exe.
> - I've run full system scans with McAfee in safe modes (suspending the
> 3 services as specified in the McAfee instructions on the site).
> - I've also run FixVundo off the Symantic web site (v. 1.5.0.0) but it
> doesn't detect anything.
> - As far as I can tell, nothing can find or detect anything on my hard
> drive any more but McAfee on-access protection blocks it every hour (I
> actually get 2 similar blocks at the same time every hour).
>
> I'm attaching the HijackThis file for my PC. It means little to me
> but maybe someone could give me a clue about how to proceed. THANK
> YOU !!!
> - Dex
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 3:42:18 PM, on 11/25/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16544)
> Boot mode: Normal
>

 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Jay

External


Since: Nov 25, 2007
Posts: 8



(Msg. 3) Posted: Sun Nov 25, 2007 4:17 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Nov 25, 4:42 pm, Leythos <v....RemoveThis@nowhere.lan> wrote:
> In article <ficp78$bq...@blackhelicopter.databasix.com>, pcbutts1
> @leythosthestalker.com says...
>
> > Run Remove-it (check your email for the software)
>
> Never accept program files from unknown persons, that's one way people
> get infected in for the first place.
>
> Never accept programs from Porno Hosting Providers like BUTTS.
>
> --
>
> Leythos - spam999f....RemoveThis@rrohio.com (remove 999 to email me)
>
> Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
> that create filth and put it on the web for any kid to see: Just take a
> look at some of the FILTH he's created and put on his website:http://forums.speedguide.net/archive/index.php/t-223485.htmlall exposed
> to children (the link I've include does not directly display his filth).
> You can find the same information by googling for 'PCBUTTS1' and
> 'exposed to kids'.

I guess this is bad advice then. Any helpful people know what the
problem is on this PC?
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Leythos

External


Since: Jan 04, 2006
Posts: 201



(Msg. 4) Posted: Sun Nov 25, 2007 4:42 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
In article <ficp78$bq8$1@blackhelicopter.databasix.com>, pcbutts1
@leythosthestalker.com says...
> Run Remove-it (check your email for the software)

Never accept program files from unknown persons, that's one way people
get infected in for the first place.

Never accept programs from Porno Hosting Providers like BUTTS.



--

Leythos - spam999free DeleteThis @rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
pcbutts1

External


Since: Oct 14, 2007
Posts: 190



(Msg. 5) Posted: Sun Nov 25, 2007 5:03 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
It's not bad advice. It's good advice. Leythos is a troll that is stalking
this newsgroup and others. Don't believe anything he has to say. He tells
everyone to format and wipe their computer. If you want your system fixed
then follow the advice I gave you. You system is infected with a rootkit the
Sony Rootkit to be exact. See for yourself, this was from your HJT log you
posted
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GWYA,GWYA...05-49,G
You need to follow my advice if you want your system cleaned and ignore the
troll Leythos.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Jay" <jkosmides.TakeThisOut@gmail.com> wrote in message
news:cdc5a22e-f6b4-4564-8537-0debb4848ea2@i29g2000prf.googlegroups.com...
> On Nov 25, 4:42 pm, Leythos <v....TakeThisOut@nowhere.lan> wrote:
>> In article <ficp78$bq...@blackhelicopter.databasix.com>, pcbutts1
>> @leythosthestalker.com says...
>>
>> > Run Remove-it (check your email for the software)
>>
>> Never accept program files from unknown persons, that's one way people
>> get infected in for the first place.
>>
>> Never accept programs from Porno Hosting Providers like BUTTS.
>>
>> --
>>
>> Leythos - spam999f....TakeThisOut@rrohio.com (remove 999 to email me)
>>
>> Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
>> that create filth and put it on the web for any kid to see: Just take a
>> look at some of the FILTH he's created and put on his
>> website:http://forums.speedguide.net/archive/index.php/t-223485.htmlall
>> exposed
>> to children (the link I've include does not directly display his filth).
>> You can find the same information by googling for 'PCBUTTS1' and
>> 'exposed to kids'.
>
> I guess this is bad advice then. Any helpful people know what the
> problem is on this PC?
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Jay

External


Since: Nov 25, 2007
Posts: 8



(Msg. 6) Posted: Sun Nov 25, 2007 7:23 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Nov 25, 4:24 pm, "pcbutts1" <pcbut....TakeThisOut@leythosthestalker.com> wrote:
> You have a rootkit installed. Follow the instructions below to clean your
> system.
> Click on the Start button.
> Click Run.
> In the Open: field type cmd /k sc delete $sys$aries and press the OK button.
> Reboot your computer
> Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir% with
> the directory that Windows is installed on your computer)
> Run Remove-it (check your email for the software)
> Run HJT again and post another log
>
> --

What is the purpose of running Remove-it? I confirmed your
instructions for removing the Sony Rootkit so I may follow those steps
and then run the McAfee scan again. Would that resolve my problems
including the Vundo virus issue that I initially raised?
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Leythos

External


Since: Jan 04, 2006
Posts: 201



(Msg. 7) Posted: Sun Nov 25, 2007 7:27 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
In article <cdc5a22e-f6b4-4564-8537-0debb4848ea2
@i29g2000prf.googlegroups.com>, jkosmides DeleteThis @gmail.com says...
> I guess this is bad advice then. Any helpful people know what the
> problem is on this PC?

You're not going to like this, but no matter how well you think you've
cleaned a compromised machine there is just no way to be sure it's
clean. When we clean compromised networks we backup data, clean it as
best as possible, wipe everything, and start over.

Yes, there are people that believe they can remove everything and clean
it all, but the fact is that by the time you've fixed what you can find
and know about, given how you may miss something, you could have (in
most home/residential users cases) wiped the machine and resinstalled
and leaned a very valuable lesson - Save Hex and Backups are your friend
- it's been that way for 20+ years and the concepts have not changed at
all.

I strongly suggest that you download multi-av and several of the
cleaners from Symantec and the others, update them, reboot in safe mode,
run them, reboot again in safe mode, run them again - I personally would
turn system restore off before doing this, but I already believe in
wiping the compromised computer.

--

Leythos - spam999free DeleteThis @rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
pcbutts1

External


Since: Oct 14, 2007
Posts: 190



(Msg. 8) Posted: Sun Nov 25, 2007 7:54 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
That Rootkit has nothing to do with your Vundo infection.
Remove-it has over 5500 signatures to remove All variants of Rogue
scanners, Desktop/Homepage Hijackers, Trojans,
Codec's, and related Malware/Spyware. It will also update your host file to
block your system from going to bad malware sites, it will reset your IE
settings to remove bad BHO's and malware related search engines, It will
reset registry permissions that get changed by malware, it will reset your
desktop settings that get changed by malware, It will delete your temporary
internet files which is where malware executes from, and it will also
reset/restore your Winsock settings which gets changed by malware that
modifies the LSP layers of your TCP/IP stack which will fix connection
issues and slowness with the internet.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Jay" <jkosmides RemoveThis @gmail.com> wrote in message
news:185ae525-23b5-4264-9008-f0918bb6d9fc@b15g2000hsa.googlegroups.com...
> On Nov 25, 4:24 pm, "pcbutts1" <pcbut... RemoveThis @leythosthestalker.com> wrote:
>> You have a rootkit installed. Follow the instructions below to clean your
>> system.
>> Click on the Start button.
>> Click Run.
>> In the Open: field type cmd /k sc delete $sys$aries and press the OK
>> button.
>> Reboot your computer
>> Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir%
>> with
>> the directory that Windows is installed on your computer)
>> Run Remove-it (check your email for the software)
>> Run HJT again and post another log
>>
>> --
>
> What is the purpose of running Remove-it? I confirmed your
> instructions for removing the Sony Rootkit so I may follow those steps
> and then run the McAfee scan again. Would that resolve my problems
> including the Vundo virus issue that I initially raised?
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Maximus the Mad

External


Since: Oct 29, 2007
Posts: 22



(Msg. 9) Posted: Mon Nov 26, 2007 2:52 am
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"pcbutts1" <pcbutts1.DeleteThis@leythosthestalker.com> after much thought,came
up with this jewel in
news:fid60b$733$1@blackhelicopter.databasix.com:

> It's not bad advice. It's good advice. Leythos is a troll that is
> stalking this newsgroup and others. Don't believe anything he has
> to say. He tells everyone to format and wipe their computer. If
> you want your system fixed then follow the advice I gave you. You
> system is infected with a rootkit the Sony Rootkit to be exact.
> See for yourself, this was from your HJT log you posted
> http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GWYA,G
> WYA:2005-49,GWYA:en&q=%24sys%24DRMServer%2eexe You need to follow
> my advice if you want your system cleaned and ignore the troll
> Leythos.
>
Some infections can be delt with easily,the sooner the better chance
of sucess. Many infestations are so severe that a 1-2 hour
format/install is best,as opposed to days of searching the
net,posting in several newsgroups,running 10+ programs and still not
knowing for sure the system is clean.

--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Russg

External


Since: Jun 03, 2006
Posts: 117



(Msg. 10) Posted: Mon Nov 26, 2007 3:04 am
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
>
> I guess this is bad advice then. Any helpful people know what the
> problem is on this PC?

Have you tried Microsoft's Malicious Software Removal tool for November?
It removes the F4IRootkit, the Sony rootkit.
You can Google 890830.exe, it will probably give
a link to Microsoft to get it.
But, you probably already have XP automatic updates, with the removal tool
for November.
It removes a lot of common malware.
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Russg

External


Since: Jun 03, 2006
Posts: 117



(Msg. 11) Posted: Mon Nov 26, 2007 4:29 am
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
You can try the trendmicro sysclean and pattern files
you can download at the links found in claymania.

http://www.claymania.com/removal-trojan-adware.html
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Lolo

External


Since: Nov 23, 2007
Posts: 6



(Msg. 12) Posted: Wed Nov 28, 2007 9:59 am
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Jay,

Do you know from which website did you get infected by vundo?

Thx for the info,


"Jay" <jkosmides.RemoveThis@gmail.com> wrote in message
news:185ae525-23b5-4264-9008-f0918bb6d9fc@b15g2000hsa.googlegroups.com...
> On Nov 25, 4:24 pm, "pcbutts1" <pcbut....RemoveThis@leythosthestalker.com> wrote:
>> You have a rootkit installed. Follow the instructions below to clean your
>> system.
>> Click on the Start button.
>> Click Run.
>> In the Open: field type cmd /k sc delete $sys$aries and press the OK
>> button.
>> Reboot your computer
>> Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir%
>> with
>> the directory that Windows is installed on your computer)
>> Run Remove-it (check your email for the software)
>> Run HJT again and post another log
>>
>> --
>
> What is the purpose of running Remove-it? I confirmed your
> instructions for removing the Sony Rootkit so I may follow those steps
> and then run the McAfee scan again. Would that resolve my problems
> including the Vundo virus issue that I initially raised?
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Jay

External


Since: Nov 25, 2007
Posts: 8



(Msg. 13) Posted: Wed Nov 28, 2007 7:00 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
>
> Do you know from which website did you get infected by vundo?
>
I think I know... why, you want to check it out?

I cleaned out the Sony rootkit, but McAfee still warns about Vundo...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:37 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements
5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ROVA Update\rovasrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://proxy.ml.com:8083
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-
BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-
E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:
\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier
\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C8829776-6391-4F53-A6FA-370D57FA9087} - C:
\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:
\WINDOWS\system32\ljjjkhi.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:
\PROGRA~1\BLUELI~1\Toolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-
E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp
color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp
color LaserJet 2550 PCL 6" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon
\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ROVATray] C:\Program Files\ROVA\rovatray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Motive SmartBridge] C:
\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart
\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy
\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative
\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [A Verizon App] C:
\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic
\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins
\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/...ctivex/
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver
Installation Control) -
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -
http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl
Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCat...gWebCon
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games -
Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O20 - Winlogon Notify: ljjjkhi - C:\WINDOWS\SYSTEM32\ljjjkhi.dll
O23 - Service: Adobe Active File Monitor V5
(AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe
\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files
\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS
\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper
Networks - C:\Program Files\Juniper Networks\Common Files
\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1050\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS
\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee,
Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:
\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program
Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS
\system32\HPZipm12.exe
O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program
Files\ROVA Update\rovasrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10739 bytes
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Jay

External


Since: Nov 25, 2007
Posts: 8



(Msg. 14) Posted: Wed Nov 28, 2007 7:02 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Nov 25, 11:29 pm, "Russg" <russg....DeleteThis@MUNGEsbcyahoo.net> wrote:
> You can try the trendmicro sysclean and pattern files
> you can download at the links found in claymania.
>
> http://www.claymania.com/removal-trojan-adware.html

Uh, this may all be good stuff but I'm a little trigger shy right now
about downloading anything else from a non-commercial site.
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Jay

External


Since: Nov 25, 2007
Posts: 8



(Msg. 15) Posted: Wed Nov 28, 2007 7:36 pm
Post subject: Re: vundo hiding? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
>
> >> Do you know from which website did you get infected by vundo?
>
> > I think I know... why, you want to check it out?
>
> I'd love to know the url that got you as well, please.
>
Sent you an email. No sense in anyone else going there by mistake.
 >> Stay informed about: vundo hiding? 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Virus Hiding C: Drive? - A few weeks ago, my Norton Internet Security warned me that it no longer had access to the C: drive. Upon doing a NIS einstall, NIS detected what it described as the W32.Randex.gen virus. This was followed by an error message: "Norton Antivirus has....

What the heck is This? Hiding from the Windows Task Manager? - I've got a program that seems to be able to hide from the Windows Task Manager --- But shows up in Sysinternals Process Explorer. Not sure if the name is important, it's probably generated on the fly (and google has 0 hits). If I kill it with Process..

VUNDO.H - I have this virus and cannot remove it VUNDO.H!! I have PC-cillin which dectects it at C:\WINDOWS\Web\dvdsys.dll but none of ther methods of removal work! I have disabled system restore as specified etc.!! Any ideas? Lloyd

vundo - Hi there, anyone has some info about vundo virus? thx for your help

Vundo + others: Can't get rid of them - Something weird happened last week. I left my laptop on during the day while I was at work and when I got home I had some 30 IE windows opened and a nice set of trojans to go with it. I don't use IE regularly. I use Firefox or Mozilla Seamonkey. Well.......
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Goto page 1, 2, 3
Page 1 of 3

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]