I do not want to get you more scared than you already are, but there is a
possibility you MAY have a hidden “rootkit” on the affected computer that
MAY be “re-generating” your “infections” . The Best rootkit detection program
is “RootRepeal”, but its logfile ( the “Results” of running the program ) is
best analyzed by a trained, possibily CERTIFIED “Malware Removal Specialist”
and the ONLY ones on these forums would be “oldman” or “essexboy” .
anything i can do for free, to get EVERYTHING EVIL out of my poor poor innocent computer … I mean, I dont do anything to warrent all this crap, I update and all… first ever problem I had myself with virals.
Malwarebytes’ Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
12/25/2009 3:10:31 AM
mbam-log-2009-12-25 (03-10-04).txt
Check all infected items. Click remove (this will quarantine them.). If prompted to reboot, do so promptly.
Once that is done, reconnect to the internet, and start MBAM again (via the program files folder), update it, and run another quick scan. Post the new scan report, or advise of any problems.
One more thing; reboot into normal mode after the prompt (if any), and in any case prior to attempting to update MBAM. Run the next quick scan on the updated MBAM in normal mode.
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\biditusod (Trojan.Vundo.H) → Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\nuyafeku.dll (Trojan.Vundo.H) → Quarantined and deleted successfully.
now I am going to try updating it… when i logged in tho, i got a message that said (X) dupaket.dll failed to start (in summary) and yahoo IM didnt load like usual
now I am going to try updating it... when i logged in tho, i got a message that said (X) dupaket.dll failed to start (in summary) and yahoo IM didnt load like usual
Don't worry about that for now.
as of now ... the updated MBAM is scanning in normal mode... should the internet stay connected?
Probably not critical, but it is probably best to disconnect it just in case. I guess MBAM updated OK?
i had mbam start a full scan in regular mode, and avast freaked out 3 times, finding that Jifas-cj bull crap again, and at the same time Mbam listed 3 found infected objects… … will mbam find stuff in the virus chest , or did they both just happen to find these things at the same time ???
i had mbam start a full scan in regular mode, and avast freaked out 3 times, finding that Jifas-cj bull crap again, and at the same time Mbam listed 3 found infected objects… … will mbam find stuff in the virus chest , or did they both just happen to find these things at the same time
If Avast produced the warnings, it would have been Avast alerting on what MBAM was uncovering, or had in its chest.
What were the names and full file paths of the detections, please?
I am waiting for the Mbam report to come to an end but they were really long, they popped up when it his the HKEYs… I freaked out when your green dot turned white and said offline lol…
OK, might be alright.
We’ll see.
I have asked a couple of trained folk here for a look-see, also.
“H_KEY” is part of the registry. If it is pointing to a file location that is (hopefully) missing, it will be alright, and straightforward to clean up.
much appreciated … I think I found my mystery source. it has no desktop or quick launch icon, but it would appear someone in my family used limewire on my computer. I want it eradicated. I detest the idea of P2P and this is why. I knew this wasnt my fault. My Dad used to use frostwire… on his old comp. this being killed off should help I’d hope as well.
Nothing wrong with Limewire, apart from the privacy risk on a poorly set-up installation. There can be plenty wrong with a lot of the files that are often shared on a p2p network. The average user probably doesn’t know how to tell a good file from a malicious one, either.
Limewire itself (and Frostwire) are harmless and can be removed as a matter of routine after this particular adventure.
Waiting for the next scan report.
Following that we’ll probably have Avast do another scan, since it is (apparently) detecting malicious reg entries.
I suggest you remove your email address from the post. Leaving it there increases your chance of getting spam. Lots of unlovely spam.
For the same reason I won’t post mine.
When you get to 20 posts you will be able to edit your posts, and also able to modify your forum profile, and send PM’s. A pm is a good way to get in touch.
Be clear, though, I am an untrained helper. The trained helpers here include Essexboy and Oldman. But they might be enjoying Christmas Eve/Day, or be on holiday. We’ll see if they turn up.
Regular operating mode is fine.
I know Google sees all; knows all, but don’t believe everything you read on the internet. There’s a review somewhere that says that Avast is a trojan.
A p2p is a very direct way to expose yourself to downloading malicious files. Some p2p’s have been riddled with adware, Kazaa for example. Limewire itself is clean. That said, later, I’ll be happy to give you info on removing it. There are a lot of insecure p2p installations around. A major privacy concern.
I understand, I never had a computer of my own until 2003, and neither of my parents have had computers until recently/ no siblings… so a lot of stuff is new to me. I never thought I’d have a virus for the most part since I never got anything when the big worms hit the PCs here, and I was able to kill off the zlob trojan when it attacked my dads computer… It great to have some insight tho, since not everything always requires the professionals. I love how microsoft basically said they cant really help anyone just use the online scanner, then email them the results and they will get back to you within 48 hours… great… I wanted it fixed for Christmas… lol MBAM is a great program, the only thing like I had ever used would be Spybot…
Spybot I have a soft spot for, but would not suggest it as a first removal application. OK for a second opinion.
Another of the tools suggested to you on P1 of the thread was Superantispyware. That, and MBAM, are probably two of the better “state of the art” scanners these days.
Once (if) we get a clean result here, I will suggest SAS for a second opinion, following an Avast scan.
do you think a quickscan will pick up anything with avast? scaning this terabyte of photos and music is taking the longest. MBAM already finished C: D: … waiting on “L”…
see… nothing was found during any of the other scans on it, and the guy from Microsoft said the viruses usually stick to where windows in, in my case C: and its partitions… he doubted it would jump there…but idk it seems evil enough…