Hi, I caught a vundo varient awhile ago and have tried to get rid of it all. I would REALLY appreciate it if someone could check my combofix and HJT logs.
I’m somewhat new at this, so let me know if there is a problem with the logs or if i need to do something else. Thank you in advance.
(P.S.- I have a lot of security programs and such so it may take awhile, sorry)
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]
O23 - Service: WJAMZNQBPK - Unknown owner - C:\DOCUME~1\GARYAN~1\LOCALS~1\Temp\WJAMZNQBPK.exe (file missing)
[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
@echo off sc stop WJAMZNQBPK sc delete WJAMZNQBPK exitNext you will need to create the batch fix to do that copy and paste [b]ALL[/b] of the above in the quote box to a notepad file. Then in the text file go to [b]FILE > SAVE AS [/b] and in the dropdown box select [b]SAVE AS TYPE [/b] to[b] ALL FILES [/b] Then in the [b]FILE NAME [/b] box type [b]fix.bat[/b]
This will create a batch file
http://img524.imageshack.us/img524/9383/batmp6.jpg
Then run fix.bat by double clicking you may see a black box appear this is normal
Apart from that it looks clean
okay, i have done exactly what you said. Could you recheck it now please just to make sure? I really appreciate your help, and you avast! guys are REALLY fast at what you do.
I am just curious, what does the batch fix do exactly?
Also, should i run vundofix or another type of program in addition to HJT and combofix, or are these adequate?
Thank you again. You guys do a great job.
Squeeky clean as far as I can see
I am just curious, what does the batch fix do exactly?The malware had installed a service - the first line stopped it and the second deleted it
Also, should i run vundofix or another type of program in addition to HJT and combofix, or are these adequate?no need
thank you so much essexboy, I really appreciate your help.
oh one more thing…i noticed this in my HJT report, is this safe?
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
No probs I can give you my going away speech as well 0A87E45F-537A-40B4-B812-E2544C21A09F = Spycatcher
Now the best part of the day ----- Your log now appears clean 
Time for some housekeeping
[*] Click START then RUN
[*] Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
[*]
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
[*] When shown the disclaimer, Select “2”
The above procedure will:
[] Delete the following:
[] ComboFix and its associated files and folders.
[] VundoFix backups, if present
[] The C:\Deckard folder, if present
[*] The C:_OtMoveIt folder, if present
[] Reset the clock settings.
[] Hide file extensions, if required.
[] Hide System/Hidden files, if required.
[] Set a new, clean Restore Point.
Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:
You now have a clean restore point, to get rid of the bad ones:
Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
[*]SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
Keep safe 