Home > Need Help > Need Help Removing Trojan.Vundo.H And Trojan.BHO.H

Need Help Removing Trojan.Vundo.H And Trojan.BHO.H

Register now to gain access to all of our features, it's FREE and only takes one minute. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal You will need to make a HJT log and then we can find it.. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8077e015-0797-4ae0-9b27-3ab14eee2a1c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. this contact form

Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I know if I run it again they will still be HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\jobapoja.dll -> Delete on reboot. C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully. An alternative is the /NOFILESCAN switch followed by a manual scan with AntiVirus.

button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the Here is the log, thanks for your help. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Then click Remove Older Versions.Accept any prompts.Open JavaRa.exe again and select Search For Updates.Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.

Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.Learn more about how to protect yourself while on the Internet from the following link. scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(584)c:\windows\system32\Ati2evxx.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ati2evxx.exec:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exec:\windows\system32\HPZipm12.exec:\windows\system32\wdfmgr.exec:\windows\system32\ati2evxx.exec:\program files\Pure Networks\Network Magic\nmsrvc.exec:\windows\system32\devldr32.exec:\program files\iPod\bin\iPodService.exec:\progra~1\MICROS~4\rapimgr.exec:\windows\system32\wscntfy.exe.**************************************************************************.Completion time: C:\WINDOWS\system32\mareruta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Any recommendations? Attached is the malwarebytes log after my latest scan and attempt at removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\luhuvoyu.dll -> Delete on reboot. Attached Files mbam_log_2008_12_02__21_50_43_.txt 2.48KB 345 downloads hijackthis.txt 9.94KB 428 downloads Edited by shuh08, 02 December 2008 - 09:10 PM. 0 Advertisements #2 emeraldnzl Posted 05 December 2008 - 01:21 PM emeraldnzl

Can anyone help? Your log is properly posted.http://www.bleepingcomputer.com/forums/ind...p;#entry1104729Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... ceewi1, Jan 4, 2009 #13 (You must log in or sign up to reply here.) Show Ignored Content Share This Page Tweet Your name or email address: Do you already have

Javascript Disabled Detected You currently have javascript disabled. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. Remember to install only ONE!Avast!

c:\WINDOWS\system32\bulawasi.dll (Trojan.BHO) -> Delete on reboot. weblink VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface kikku1 New Member Messages: 7 I'm not particularly adept at compute and would be extremely grateful if somebody could assist me. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.

Older versions have vulnerabilities that malware can use to infect your system. If you are running Windows Me/XP, then reenable System Restore. If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected navigate here I was reading up on the GeekU page and I am very interested in trying to get an education from you guys, I would definitely want to give back to the

Back to top #12 boopme boopme To Insanity and Beyond Global Moderator 67,157 posts OFFLINE Gender:Male Location:NJ USA Local time:01:52 AM Posted 23 January 2009 - 01:54 PM OK good c:\WINDOWS\system32\jobapoja.dll (Trojan.BHO) -> Delete on reboot. I restarted my computer and as it began to turn off I once again went into a blue screen that displayed the following message again.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\luhuvoyu.dll -> Quarantined and deleted successfully.

c:\WINDOWS\system32\luhuvoyu.dll (Trojan.Vundo.H) -> Delete on reboot. Infected with Trojan.Vundo.H and Trojan.BHO Started by Greg Sweet , Jan 16 2009 12:05 PM This topic is locked 11 replies to this topic #1 Greg Sweet Greg Sweet Members 10 Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook Have you Request blocked.

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: Code: File:: c:\windows\system32\obepokir.ini c:\windows\system32\ejihalis.ini c:\windows\system32\ujijikun.ini Malwarebytes' Anti-Malware 1.33 Database version: 1679 Windows 5.1.2600 Service Pack 3 01/22/09 1:08:55 PM mbam-log-2009-01-22 (13-08-55).txt Scan type: Quick Scan Objects scanned: 74866 Time elapsed: 16 minute(s), 9 second(s) Memory Processes C:\WINDOWS\system32\udizizuh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. his comment is here C:\WINDOWS\system32\apasujub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot. Another issue I am having when I boot my PC is I get the following files are missingc:\windows\system32\nwhsthvw.dllc:\windows\system32\yujitana.dllI also noticed when it was scanning that is was looking in temporary internet HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.