Rootkit, Vundo, and Trojans:(

I’m running Windows XP. I think I had all of the updates until this week. I can’t seem to get anymore Windows Updates now…

In the past day, I have found these with Avast!:

Win 32:Trojan=Gen {Other} c/ documents and Settings/Owner/Local Settings/Temp/joe38130.exe
Win 32:Trojan=Gen {Other} c/ documents and Settings/Owner/Local Settings/Temp/zen1aw96.exe
Win 32 Rootkit-gen{RTK} c/ windows/system32/efcDUKLe.dl
Win 32 Vundo-De {TRJ} c/ windows/system32/iifcYPJB
Win 32 Vundo-De {TRJ} c/ windows/system32/iifcYPJB

Trojan-gen other c /documents and Settings/owner/local settings/tempint.Files.contentie5/WU9LHOUH/updater[1].htm

win32 vundo-de TRJ c:System Volume Information/_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}/RP611\A0078238.dll

win32 vundo-de TRJ c:System Volume Information/_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}/RP611\A0078239.dll

win32 vundo-de TRJ c:System Volume Information/_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}/RP611\A0078240.dll

I am unable to get into my documents or files. I can’t get very far into my control panel either. When I try to open a file or get into system restore my computer goes blank and only displays my desktop picture. I able to shut down and rebooting starts normally.

I have attempted to download some other tools to get rid of the Vundo, but when I try to download, it won’t give me the option to save to disk. I can’t move my pictures or other files to a disk for backup either. I’m at a loss for what to do.

I did one scan during boot and that found the vundo I think, but it keeps coming back.

I can use Firefox and music programs without problems until they begin to slow down. Sorry I’m such a n00b. Also, the brackets and stuff above aren’t exactly going in the right directions. I have a Japanese keyboard and finding punctuation on here is beyond difficult.

I have a feeling I’m in trouble, but I’m not panicking. yet. Feel free to direct me to other updated forums on this topic. Thank you.

Hi damocles,

In my opinion, the situation looks pretty hopeless.

Can you boot into Safe Mode?

If you can, copy your important files to another place and reformat your computer- do a completely fresh install. This will guarantee security and stability.

Update your system after the reinstall. Scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.

When you have reinstalled, scan your old files with avast! and with a good online scanner or two as well before you copy them back.

F-Secure
BitDefender

I was able to get into safe mode, but I don’t know how to copy the files some place else. I put cds in the drive and it says there are no cds there. Gah!

Your CD drive may not work in Safe Mode. If you can get into Safe Mode with Networking, try to update avast! and run a boot time scan.

The boot time scan doesn’t pick any viruses up, and I am able to run it without any problems. However, I still can’t access my files without everything on the desktop disappearing, save for the picture. I can access some of the files through programs, but I can’t open the files themselves.

If you have a Windows’ CD, a repair install may be an option:

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

If not, the Restore CD or partition that came with your computer may give you a similar option.

Or perhaps someone else can think of something to help? ???

The only thing I can suggest for now, is, is it possible to download anything by right clicking and choosing “Save target as” ?

I did another root scan and came up with a ZIA Agent trojan. I got it in the chest and was able to save some of my files to disk upon startup. I am thinking things will still come back though. :frowning:

Try downloading this program, but use save target if possible.

Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.