Problem again

View previous topic View next topic Go down

Solved Problem again

Post by Nazzgull on 13th December 2008, 9:11 pm

My Friend have this problem, what should i do ?
[You must be registered and logged in to see this link.]



Nazzgull
Top Dog
Top Dog

Posts Posts : 2330
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40485
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Belahzur on 13th December 2008, 11:00 pm

Hey Nazz.
I will help, but what we talked about in PM, could be a good learning experience for you too.

Ask your friend to register here. No rush though, it's only vundo (hint hint, research that word) LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Nazzgull on 13th December 2008, 11:25 pm

OKay Smile I not use combofix. He just have that problem for some 3 months, and i already tried with HijackThis, but can't find it. Now we got 356 infected with Malwarebytes Smile Hehehe. I think it's ok now. His computer work finaly Smile Thanks anyway



Nazzgull
Top Dog
Top Dog

Posts Posts : 2330
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40485
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Belahzur on 13th December 2008, 11:36 pm

Haha.
Not suprised, vundo makes many copies of itself in \system32.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Nazzgull on 13th December 2008, 11:43 pm

I think i delete it.

With HijackThis , i marked this :

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (yiye7ev4pjuif) - Unknown owner - C:\WINDOWS\system32\zoucoojou.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]
O24 - Desktop Component 1: (no name) - [You must be registered and logged in to see this link.]

And his computer beep! I was amazed Smile When i restart his computer, got that error again, tried Malwarebytes got a pretty big log file:

This was weard to me Smile

C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\YT0T6LSR\kb600179[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\YB0ZMJEH\CAM30T0P (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\X1QXMHUP\CAXKU95F (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\X1QXMHUP\CA45A74T (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\SZUVOX67\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\SZUVOX67\CA9WIXH3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\SZUVOX67\CA9OEP9V (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\SRWDU3CR\CA3I2D3J (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\S8LANFYZ\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\S8LANFYZ\CASLEXP2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\S8LANFYZ\CAMF43HY (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\S8LANFYZ\CADOJERR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\S8LANFYZ\CABIMDVN (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\OVQU1HIM\wny[1].jpg (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\OVQU1HIM\CAQJMRAP (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\OVQU1HIM\CALKCZ15 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\OVQU1HIM\CAHGSV1P (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\OVQU1HIM\CAH8IHTB (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\KOP8RV8O\CAW5CT8N (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\KOP8RV8O\CA4LEZ4X (Trojan.Vundo) -> Quarantined and deleted successfully.

And some others

(Trojan.Downloader)
(Trojan.Agent)
(Rogue.Link)
(Adware.MyWebSearch)
(Trojan.FakeAlert.H)
(Malware.Trace)

and a lot of crazy names Smile

Now i have to restart computer one more. And he don't have error now. All work fine. Scan with hijack one more, all fine, malwarebytes all fine.
I'll told hit to scan system again for some 3 days.



Nazzgull
Top Dog
Top Dog

Posts Posts : 2330
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40485
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Belahzur on 13th December 2008, 11:56 pm

Hello.

Looks like you hit the spot, but this:
Yes, an un-needed service, but the file is legit. I hope you didn't delete that too. Smile
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Nazzgull on 13th December 2008, 11:59 pm

Deleted ! Awesome (sparkly)



Nazzgull
Top Dog
Top Dog

Posts Posts : 2330
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40485
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Belahzur on 14th December 2008, 12:00 am

Shocking Whoa

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Nazzgull on 14th December 2008, 8:31 am

WoW. Thanks Smile But he don't play that game Smile I finish my job well Smile Thanks Belazur



Nazzgull
Top Dog
Top Dog

Posts Posts : 2330
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40485
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem again

Post by Doctor Inferno on 17th January 2009, 10:26 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum