Home > In Need > In Need Of Vundo Help (Hijackthis Log Attached)

In Need Of Vundo Help (Hijackthis Log Attached)

I did the checks that you recommended on HijackThis and ran DDS after disabling NIS auto protect. If you had disabled that, please renable it. Thanks very much for the help - much appreciated. If you are asked to reboot the machine choose Yes. Source

Make a fresh RSIT log. Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|SSODL" deleted successfully. We invite you to ask questions, share experiences, and learn. However, one has got me stumped....

The program appears to install, but will not load. Any help would be massively appreciated - it's driving me mad! Success always occurs in private and failure in full view.

One final issue - Can still only boot up in Last Good mode - when I try to boot up in normal, I get the popup saying "lsass.exe Object Name not File "C:\WINDOWS\system32\hamaveho.dll" deleted successfully. Thank you in advance. Back to top #5 MoNsTeReNeRgY22 MoNsTeReNeRgY22 1337 Malware Destroyer Members 611 posts OFFLINE Gender:Male Location:So Cal Local time:05:23 PM Posted 12 January 2008 - 01:24 PM Hi, Can you please

Login now. Join over 733,556 other people just like you! If you wish to show your appreciation, you may wish to Back to top #3 extremeboy extremeboy Retired WTT Malware Disintegrator Teacher Authentic Member 1,433 posts Posted 15 April 2009 - crjdriver replied Feb 12, 2017 at 8:10 PM Microsoft Security Essentials hlmccjr replied Feb 12, 2017 at 7:46 PM Email list TonyB25 replied Feb 12, 2017 at 7:21 PM MEMORY_MANAGEMENT; win32k.sys

Chkdsk will run. As I can't end that service, I can't delete the 2 files detailed. Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy ERROR The requested Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again.

You may also... Advertisement vundosucks Thread Starter Joined: Feb 15, 2008 Messages: 2 Can anyone help? Same happens if I try to boot into safe mode, so I'm just booting into Last Good config and will double check the CFSCRIPT file. Thank you, everyone for helping getting rid of this Vundo trojan.

C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully. Instead, open a new thread in our security and the web forum. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. We all glad you were able to get your computer cleaned up.

File delete failed. Press enter to exit the program then manually reboot your computer. I had asked you to disable 'Print Spooler Service', whilst there's a legitimate service called 'Print Spooler'. Facebook Google+ Twitter YouTube Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones CPUs Storage Cases

Save the report to your desktop. Banking and credit card institutions should be notified of the possible security breach. Gebcd.dll is reported as being in use, and txnjme.exe doesn't exist in windows\system32.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

vundosucks, Feb 19, 2008 #3 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,017 Thanks for letting us know. Now What Do I Do?Where to draw the line? Free Antispyware: HijackThis, AdwCleaner, JRT, Combofix, Super Antispyware, Malwarebytes Anti-malwareInstructions: Show hidden files, Reboot in Safe Mode, How to backup Windows registry------------------------------Follow us on Facebook. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 -

It's 100% free. Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes Register a free account to unlock additional features at Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Virus cleanup?

C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.