Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Antivirus 2009 / Trojan.Vundo.H

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Antivirus 2009 / Trojan.Vundo.H

Reply to Message Icon

Name: njlandry
Date: January 21, 2009 at 15:23:05 Pacific
OS: Microsoft Windows XP Professional
CPU/Ram: 3.192 GHz / 502 MB
Product: Dell / Dimension 4700
Subcategory: Spyware
Comment:

I have been fighting an issue for a few days with a virus / malware that generates a pop up window titled "Antivirus 2009." I ran Malwarebytes' (several times) and it locates something called Trojan.Vundo.H. The log says that it will be removed upon re-boot and but it does not remove it all and the "Antivirus 2009" pop up keeps returning.

Here is the log from my latest scan. Can someone walk me through a removal?

Malwarebytes' Anti-Malware 1.33
Database version: 1656
Windows 5.1.2600 Service Pack 3

01/21/2009 5:21:23 PM
mbam-log-2009-01-21 (17-21-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115760
Time elapsed: 55 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 11
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\subapade.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\voriyeji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pefedamu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ugohwe.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39458c53-4dae-471a-a480-e3bc0b1d7dd9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39458c53-4dae-471a-a480-e3bc0b1d7dd9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65d46614-611d-4af2-aa13-a34fc317a96e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65d46614-611d-4af2-aa13-a34fc317a96e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39458c53-4dae-471a-a480-e3bc0b1d7dd9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bc262f68 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lejulibeye (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbf151cf4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\voriyeji.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\voriyeji.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\ugohwe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\subapade.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\edapabus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\voriyeji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pefedamu.dll (Trojan.Vundo.H) -> Delete on reboot.



Sponsored Link
Ads by Google

Response Number 1
Name: jabuck
Date: January 21, 2009 at 15:27:13 Pacific
Reply:

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


0

Response Number 2
Name: njlandry
Date: January 21, 2009 at 15:49:29 Pacific
Reply:

What do you make of this. How do i know if you are an "expert?"

DO NOT post a HiJackThis log here unless an expert has requested it. Instead, please ask in plain english about what is wrong with your computer. You also may want to look at the automated HiJackThis analyzer by clicking here.


0

Response Number 3
Name: jabuck
Date: January 21, 2009 at 18:52:07 Pacific
Reply:

Now that is a good question, guess you'll have to take a chance if you want that computer cleaned.


0

Response Number 4
Name: pjn64
Date: January 22, 2009 at 07:43:22 Pacific
Reply:

Run update in Malwarebytes. The current Database version (as of this morning) is 1675. Reboot the PC in safe mode (press F8 button on startup - you probably know this but there will be others who don't!) then run the scan.

Hope this helps


0

Response Number 5
Name: james88
Date: January 24, 2009 at 21:32:29 Pacific
Reply:

you should run Super anti spyware instead of running malware bytes http://darfuns.com/download-malware...
also try this manual removal help
http://remove-fake-antivirus2009.fl...


0

Related Posts

See More



Response Number 6
Name: ignys
Date: January 26, 2009 at 06:24:32 Pacific
Reply:

Hi,

did you solve your problem? If not, try to read this article: http://www.2-spyware.com/remove-ant...


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Antivirus 2009 / Trojan.Vundo.H
Trojan.Vundo.H - Need Help www.computing.net/answers/security/trojanvundoh-need-help/27717.html

Need help removing Trojan vundo www.computing.net/answers/security/need-help-removing-trojan-vundo/24224.html

Trojan Vundo Removal www.computing.net/answers/security/trojan-vundo-removal/17075.html