Win32:Vuku [Trj]

Viruses and worms
1

I installed avast yesterday and it seems to have found a heck of a lot of viruses and stuff that ESET NOD32 didn’t… I’m currently in the process of doing a scan and I’m getting a lot of warnings with files that are infected with Win32:Vuku [trj]. It seems they are all Temporary Internet files so I’m wondering if it would be okay to just delete them instead of putting them in the Virus Chest, which is what I’ve been doing so far.

Also, how do I get rid of this Vuku virus?

These warnings are popping up like mad! One after the other…

2

[quote]It seems they are all Temporary Internet files/quote]

Temporary internet files are safe to delete.

However, any files outside of that should be quarantined to make sure that they aren’t needed.

If you have avast delete a file, it’s a one-time thing. You can’t revert back after that.

It’s better to quarantine if possible, so that in case something was quarantined that was important, it could be restored if needed.

Nothing in the virus chest can harm your computer, so it’s best to put infected files in there.

As for the “vulu virus”, try running an avast boot-time scan, so that you can find all infected files

3

Okay. Thank you! I figured deleting them would be okay but I wanted to be sure…

4

Hi Cat38,

Please give us a hijackthis logfile txt attached to your next posting, download it from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

I think you may not have an active firewall running,

polonus

5

I do have a firewall on. It’s the one that comes with the computer. For a long time I was without one though.

Avast found more Vuku. D: This time in C:/System Volume Information/restore[…]. No idea what that is…

Also having problems with another virus called Win32:Tibs-ALQ. I can’t move the files infected with this virus into the Virus Chest either.

6

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:38 AM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7e5b1ac4-0f43-4818-a1fb-bad7e3dfc541} - C:\WINDOWS\system32\fagometo.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [CPM5f26fe4f] Rundll32.exe “c:\windows\system32\piwinala.dll”,a
O4 - HKLM..\Run: [5c15cdd3] rundll32.exe “C:\WINDOWS\system32\howenobe.dll”,b
O4 - HKLM..\Run: [litopahuno] Rundll32.exe “C:\WINDOWS\system32\lijuhidi.dll”,s
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\MSMSGS.EXE” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: Zeno.lnk = C:\WINDOWS\system32\pwinlqez.exe (User ‘SYSTEM’)
O4 - .DEFAULT Startup: AutoTBar.exe (User ‘Default user’)
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User ‘Default user’)
O4 - .DEFAULT Startup: Zeno.lnk = C:\WINDOWS\system32\pwinlqez.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: AutoTBar.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: Zeno.lnk = C:\WINDOWS\system32\pwinlqez.exe (User ‘Default user’)
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\windows\system32\piwinala.dll,C:\WINDOWS\system32\sekanawo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\piwinala.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\piwinala.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe


End of file - 9093 bytes

7

Win32:Vuku is related to Virtumonde/Vundo… you should temporarilly disable the system restore (to get rid of the system_volume_information detections), use some dedicated tool for removing Vundo (even with its registry keys etc) and re-enable the system restore…

8

How would I temporarily disable System Restore? And what tool do you recommend I use to remove this virus?

Do you have any information on the Win32:Tibs-ALQ virus?

9

Try these two programs,update them,then run scans,post the results, and another HJT log.Some people disagree about disabling system restore,nothing in there can do harm unless the pc was restored to an infected restore point.

http://filehippo.com/download_malwarebytes_anti_malware/

http://filehippo.com/download_superantispyware/

10

Well… Malwarebytes Anti-Spyware has yet to finish scanning… a bit over two hours now. I didn’t think it was going to take this long. I’ll post the results when it eventually finishes and do SUPER later on and whatnot. It’s seven in the morning and I haven’t gotten any sleep. :confused:

11

Malwarebytes’ Anti-Malware 1.36
Database version: 2103
Windows 5.1.2600 Service Pack 3

5/10/2009 9:15:03 AM
mbam-log-2009-05-10 (09-14-53).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 263533
Time elapsed: 3 hour(s), 56 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 21
Files Infected: 63

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7e5b1ac4-0f43-4818-a1fb-bad7e3dfc541} (Trojan.Vundo.H) → No action taken.
HKEY_CLASSES_ROOT\CLSID{7e5b1ac4-0f43-4818-a1fb-bad7e3dfc541} (Trojan.Vundo.H) → No action taken.
HKEY_CLASSES_ROOT\CLSID{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) → No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5f26fe4f (Trojan.Vundo.H) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c15cdd3 (Trojan.Vundo.H) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\litopahuno (Trojan.Vundo.H) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) → No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\BraveSentry (Rogue.Brave.Sentry) → No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\24.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\SrchAstt\27.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWay (Adware.MyWay) → No action taken.
C:\Program Files\MyWay\myBar (Adware.MyWay) → No action taken.
C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) → No action taken.
C:\WINDOWS\inet20026 (Trojan.Agent) → No action taken.
C:\WINDOWS\inet20026\4 (Trojan.Agent) → No action taken.

12

Files Infected:
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\24.bin\MWSOEMON.EXE (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\24.bin\MWSOESTB.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\M3HTML.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\M3OUTLCN.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\M3PLUGIN.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\MWSBAR.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\MWSOEMON.EXE (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\MWSOEPLG.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\MWSOESTB.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\NPMYWEBS.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\MyWebSearch\SrchAstt\27.bin\MWSSRCAS.DLL (Adware.MyWeb) → No action taken.
C:\Program Files\BraveSentry\BraveSentry.exe (Rogue.Brave.Sentry) → No action taken.
C:\Program Files\BraveSentry\BraveSentry.lic (Rogue.Brave.Sentry) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3BKGERR.JPG (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3CJPEG.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3DTACTL.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3HISTSW.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3HTMLMU.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3POPSWT.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3REPROX.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3SCRCTR.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3SPACER.WMV (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3WALLPP.DAT (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\F3WPHOOK.DLL (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\27.bin\M3NTSTBR.JAR (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00009F6C (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00011DC4 (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00018C3D (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00AC42D0.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00AC43DA.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00AC44D4.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00AC459F.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00CC72AF.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00CC7464.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00CC74F1.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00CC758D.bin (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) → No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) → No action taken.
C:\WINDOWS\inet20026\1.txt (Trojan.Agent) → No action taken.
C:\WINDOWS\inet20026\mm.pid (Trojan.Agent) → No action taken.
C:\WINDOWS\inet20026\tmp.req (Trojan.Agent) → No action taken.
C:\WINDOWS\b.exe (Trojan.Agent) → No action taken.
C:\Documents and Settings\Owner\xrt_temp1.exe (Trojan.Agent) → No action taken.
C:\WINDOWS\Unist1.htm (Malware.Trace) → No action taken.
C:\WINDOWS\Uninst2.htm (Malware.Trace) → No action taken.
C:\WINDOWS\system32\darususi.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\sinebewa.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\ritupeja.dll (Trojan.Vundo) → No action taken.
C:\Documents and Settings\LocalService\Desktop\Click to Find and Fix Errors.url (Rogue.Link) → No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\vx5.game (Heuristics.Malware) → No action taken.

Is it safe to remove all the infected?

13

Let MBAM remove them and it will move the infection into the Quarantine.

Schedule a boot scan then have some sleep and let the system do that while you sleep.

14

I don’t know if I’ll be getting any sleep today. It’s morning and there’s outside work to be done. sigh

More scanning to do!

15

I live on the 10th floor in an appartment so no lawn to cut and leaves to rake and I have had my second cup of coffee so now I need to think about what to make for breakfast or maybe I’ll just wait until noon and I’ll have a beer while making Brunch.

16

You can alway do a standard scan of Avast! with archives. So if a suspect is found you will see in the next day after your done of sleeping :slight_smile:

Mr.Agent