Hey, i’ll appreciate if someone can help me in removing the virus from my system, i am new in this, and recently before i got avast, it seem like some virus got into my system before installing the avast antivirus. When i did a boot scan, numerous trojan horse virus files have been detected in C:\WINDOWS\system32 folders and when i select repair all, a respond came that the viruses cannot be repaired. The viruses have total control on my computer, it even restrict me from performing certain task. for example i cant view add or remove programs and view my file properties. I NEED HELP URGENTLY. Some of the viruses are located in Virus has been detected!
Sign of “Win32:Brontok-CE [Wrm]” has been found in “E:\MICHAEL (E)\ACCOUNTING I.A\New Folder\New Folder.exe” file.
Sign of “Win32:Trojano-2873 [trj]” has been found in “C:\WINDOWS\system32\zDB\dBparsdll.exe” file.
Sign of “Win32:Homles [trj]” has been found in “C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QLPE3EDC\17PHolmes[1].cmt[UPX]” file.
Sign of “Win32:Homles [trj]” has been found in “C:\WINDOWS\17PHolmes1188.exe[UPX]” file.
Sign of “Win32:Homles [trj]” has been found in “C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\1JRJDDSE\17PHolmes[1].cmt[UPX]” file.
Sign of “Win32:Homles [trj]” has been found in “C:\WINDOWS\17PHolmes1000106.exe[UPX]” file.
Sign of “Win32:Brontok-CE [Wrm]” has been found in “E:\ACCOUNTING I.A\New Folder\New Folder.exe” file.
Sign of “Win32:Trojano-2873 [trj]” has been found in “C:\Temp\dOdll2100.exe$SYSDIR\zDB\dBparsdll.exe” file.
SYSTEM 1344 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
Sign of “Win32:PrivacySet [trj]” has been found in “C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RAKL4EFG\yaypalassamosvala[1]” file.
Sign of “Win32:PrivacySet [trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\rkxqspsh.exe” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\SYSTEM32\SCASAGIC.DLL” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\cjltaiop.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\SYSTEM32\SMYEDIXB.DLL” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\smyedixb.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “c:\windows\system32\nnnngdtt.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\nnnNgDtT.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\jkkHWOIx.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\System Volume Information_restore{1991C88A-69BA-43C1-8CFF-42E2DEBC1EF6}\RP16\A0011327.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\ljJDTMfF.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\efcCssQk.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\vtUlKCuv.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\cbXQkkjk.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\jkkhhgFy.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\fccyxuUL.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\hgGvssRi.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\hgGvssRi.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\rqRKBSLE.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\rqRKBSLE.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\wvUlJCVP.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\wvUlJCVP.dll” file.
Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\nnnljgFU.dll” file.
5/20/2008 5:51:22 PM SYSTEM 1140 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\nnnljgFU.dll” file.
5/20/2008 6:57:42 PM User 1368 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\awttUnKB.dll” file.
5/20/2008 7:57:59 PM User 1368 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\rqRIxuvS.dll” file.
5/20/2008 8:57:46 PM User 1368 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\hgGabyXn.dll” file.
5/20/2008 10:06:18 PM User 1080 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\nnnnNHbC.dll” file.
5/20/2008 10:06:23 PM User 1080 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\nnnnNHbC.dll” file.
5/21/2008 7:48:41 AM User 1136 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\yayyaYrR.dll” file.
5/21/2008 8:48:42 AM User 1136 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\byXOfecy.dll” file.
5/21/2008 10:26:27 AM User 1136 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\wvUnLEvW.dll” file.
5/21/2008 10:26:30 AM User 1136 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\wvUnLEvW.dll” file.
5/21/2008 12:10:34 PM SYSTEM 1156 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\xxyxYpqq.dll” file.
5/21/2008 12:10:46 PM SYSTEM 1156 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\xxyxYpqq.dll” file.
5/21/2008 3:10:59 PM User 1152 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\geBtQheF.dll” file.
5/21/2008 3:11:03 PM User 1152 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\geBtQheF.dll” file.
5/21/2008 4:10:57 PM User 1152 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\khfCvVmk.dll” file.
5/21/2008 5:55:18 PM User 1152 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\ssqQihHW.dll” file.
5/21/2008 6:55:31 PM User 1152 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\hgGvVlkI.dll” file.
5/21/2008 7:55:21 PM User 1152 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\nNEXNEtr.dll” file.
5/23/2008 10:24:50 PM User 3372 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\awttUnKB.dll” file.
5/24/2008 12:55:09 AM User 3616 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\A0012403.dll.vir” file.
5/24/2008 12:55:24 AM User 3616 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\geBtQheF.dll.vir” file.
5/24/2008 12:55:25 AM User 3616 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\hgGvssRi.dll.vir” file.
5/24/2008 12:55:26 AM User 3616 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\nnnljgFU.dll.vir” file.
5/26/2008 9:01:44 AM User 1172 Sign of “Win32:Mutant-AG [trj]” has been found in “C:\WINDOWS\System32\WinCtrl32.dll” file.
5/26/2008 9:02:09 AM User 1172 Sign of “Win32:Agent-VGV [Wrm]” has been found in “C:\WINDOWS\System32\drivers\puA61.sys” file.
5/26/2008 9:02:38 AM User 1172 Sign of “Win32:Agent-VGV [Wrm]” has been found in “C:\WINDOWS\System32\drivers\puA61.sys” file.
5/26/2008 9:15:58 AM User 1344 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\opnkhgEu.dll” file.
5/26/2008 10:54:13 AM User 1172 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\geBuRIXr.dll” file.
5/26/2008 10:56:14 AM User 1172 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\geBuRIXr.dll” file.
5/26/2008 7:09:46 PM User 1164 Sign of “Win32:Vundo@dll [trj]” has been found in “C:\WINDOWS\system32\urqNEWmk.dll” file.
5/26/2008 7:34:26 PM User 3768 Sign of “Win32:Agent-VGV [Wrm]” has been found in “c:\windows\system32\drivers\pua61.sys” file.
That files can’t be repaired but most probably could be sent to Chest. Did you test?
yes and they are still affecting my system, my pc even start running slow now.
Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.
Try VundoFix:
****** Warning: Vundofix has some issues with Asian versions of the Windows Operating system. Use of vundofix may delete critical system files and Windows may not be able to boot after use. I am trying to resolves these issues but at this time the problem still exists.******
Also try an anti-spyware scan (or two).
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
a-Squared Free
Download, install and update the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.
onielo: don’t duplicate your posts… continue here…