gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

View previous topic View next topic Go down

gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by pgfkap on Tue Nov 10, 2009 4:22 pm

Hello, my laptop is completely useless currently. Taken over everything, here is the log from HiJack this...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:30, on 11/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\TF2\TFService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\TF2\TFTray.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\TF2\TFTray.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [gezubufar] Rundll32.exe "c:\windows\system32\ludozagi.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: c:\windows\system32\kevusowe.dll c:\windows\system32\kuvarilo.dll c:\windows\system32\ludozagi.dll,pihuzura.dll
O21 - SSODL: daretitut - {0aa5755c-7f95-434e-8db1-651ba0a69dd9} - (no file)
O21 - SSODL: putinogeb - {53548941-ffb2-4b2b-8cb1-1626b16338a3} - (no file)
O21 - SSODL: hadigehey - {caa40676-a357-484e-9bcc-8f338b724ab4} - c:\windows\system32\ludozagi.dll
O22 - SharedTaskScheduler: tokatiluy - {0aa5755c-7f95-434e-8db1-651ba0a69dd9} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {53548941-ffb2-4b2b-8cb1-1626b16338a3} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {caa40676-a357-484e-9bcc-8f338b724ab4} - c:\windows\system32\ludozagi.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\TF2\TFService.exe

--
End of file - 5921 bytes

pgfkap
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-10
OS OS : xp
Points Points : 25891
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by Belahzur on Tue Nov 10, 2009 7:24 pm

Hello.

I see you have IOBit ASC installed; if any point if throws up any warning about MBAM being infected, ignore it.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [gezubufar] Rundll32.exe "c:\windows\system32\ludozagi.dll",a
    O20 - AppInit_DLLs: c:\windows\system32\kevusowe.dll c:\windows\system32\kuvarilo.dll c:\windows\system32\ludozagi.dll,pihuzura.dll
    O21 - SSODL: daretitut - {0aa5755c-7f95-434e-8db1-651ba0a69dd9} - (no file)
    O21 - SSODL: putinogeb - {53548941-ffb2-4b2b-8cb1-1626b16338a3} - (no file)
    O21 - SSODL: hadigehey - {caa40676-a357-484e-9bcc-8f338b724ab4} - c:\windows\system32\ludozagi.dll
    O22 - SharedTaskScheduler: tokatiluy - {0aa5755c-7f95-434e-8db1-651ba0a69dd9} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {53548941-ffb2-4b2b-8cb1-1626b16338a3} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {caa40676-a357-484e-9bcc-8f338b724ab4} - c:\windows\system32\ludozagi.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by pgfkap on Wed Nov 11, 2009 12:44 am

Here is the log from Malwarebytes

Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 5.1.2600 Service Pack 2

11/11/2009 12:34:17 AM
mbam-log-2009-11-11 (00-34-17).txt

Scan type: Quick Scan
Objects scanned: 112356
Time elapsed: 9 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 10
Registry Values Infected: 14
Registry Data Items Infected: 3
Folders Infected: 7
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\ludozagi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pihuzura.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\kuvarilo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jasoreje.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{36081725-85c6-4d90-bb1b-4ba7f00d3641} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55e2a42a-ebef-4764-b6d7-fdf1bd5d979e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ec633df-afd8-40cc-9162-4cf54bb9af03} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d3e36ba-0e93-4493-89d1-fa7fed331d8d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ccf723fa-e1d6-4344-9253-d429f09a5d30} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd988353-cc4d-4422-9176-2ae779161132} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VundoFixTool (Rogue.VundoFixTool) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gezubufar (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{36081725-85c6-4d90-bb1b-4ba7f00d3641} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kazilokur (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{55e2a42a-ebef-4764-b6d7-fdf1bd5d979e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zuyopeniz (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{7ec633df-afd8-40cc-9162-4cf54bb9af03} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pudidajiv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8d3e36ba-0e93-4493-89d1-fa7fed331d8d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\metalesis (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ccf723fa-e1d6-4344-9253-d429f09a5d30} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nebawalov (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{fd988353-cc4d-4422-9176-2ae779161132} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gamewalez (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vundofixtool (Rogue.VundoFixTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ludozagi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ludozagi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\43597937 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\79140930 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Log (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Settings (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\VundoFixTool (Rogue.VundoFixTool) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\ludozagi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pihuzura.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\kuvarilo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jasoreje.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gibuyata.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gigazayu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\govinapi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hagijifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mumajigi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nekidayi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sawuyimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wakatuha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wijuhalu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\43597937\43597937.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\79140930\79140930.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\rs.dat (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Log\2009 Nov 10 - 10_37_15 PM_953.log (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Log\2009 Nov 10 - 10_41_05 PM_562.log (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Log\2009 Nov 10 - 11_37_23 PM_500.log (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Log\2009 Nov 10 - 11_40_09 PM_734.log (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Log\2009 Nov 10 - 11_43_41 PM_968.log (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg\Application Data\VundoFixTool\Settings\ScanResults.pie (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool\DataBase.ref (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool\SpyCleaner.dll (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool\TCL.dll (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool\vistaCPtasks.xml (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool\VundoFixTool.exe (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool\VundoFixTool.url (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\VundoFixTool\zlib.dll (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\VundoFixTool\VundoFixTool on the Web.lnk (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\VundoFixTool\VundoFixTool.lnk (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\VundoFixTool.lnk (Rogue.VundoFixTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\VundoFixTool Scheduled Scan.job (Rogue.VundoFixTool) -> Quarantined and deleted successfully.


Thanks so much for your help.

pgfkap
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-10
OS OS : xp
Points Points : 25891
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by Belahzur on Wed Nov 11, 2009 2:56 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by pgfkap on Mon Nov 16, 2009 10:03 am

Now I cannot even reboot the laptop to try your suggestions.
It says...
STOP: 0x0000007B (0xFA300528, 0xC0000034, 0x00000000, 0x00000000)

I think this is going very badly. Cannot afford to take this anywhere right now, any help would be greatly appreciated.

pgfkap
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-10
OS OS : xp
Points Points : 25891
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by Belahzur on Mon Nov 16, 2009 1:33 pm

Can you boot to safe mode instead? or try a last known good configuration?

Did you fully disable your AV before hand?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by pgfkap on Mon Nov 16, 2009 3:00 pm

Cannot boot in safe mode and last known good config does not work either. What is AV?

pgfkap
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-10
OS OS : xp
Points Points : 25891
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by Belahzur on Mon Nov 16, 2009 3:21 pm

Antivirus, and judging from the log, looks like Threatfire or IOBit 360.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by pgfkap on Mon Nov 16, 2009 3:30 pm

I did not disable either of those as far as I know. Am I up you know what creek now that I cannot even get a reboot at all?

pgfkap
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-10
OS OS : xp
Points Points : 25891
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by Belahzur on Mon Nov 16, 2009 3:38 pm

After further reviewing your log, MBAM was the cause. MBAM had a false positive problem a few days ago where it deleted a legit system file and caused unbootable machines, a lot of users got his with this and ended up in the exact same position as you. It's been fȋxed now, but guess there is still a few users with an old database floating around.

Have you have your XP disc? we can try a reformat here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by pgfkap on Mon Nov 16, 2009 7:51 pm

I am sure I have the disk somewhere, but I cannot put my hands on it for the life of me. I will keep looking, any other suggestions. You are awesome to stay with me this long.

pgfkap
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-10
OS OS : xp
Points Points : 25891
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gezubufar? ludozagi.dll virus. malware killing my laptop HELP!!

Post by Belahzur on Mon Nov 16, 2009 8:41 pm

Not really, cause a critical system file is missing and needs replacing, along with a few registry keys.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum