How To Fix Need Help With Clean Up Of Trojan.win32.monderc.gen And Trojan.vundo (Solved)

Home > Need Help > Need Help With Clean Up Of Trojan.win32.monderc.gen And Trojan.vundo

Need Help With Clean Up Of Trojan.win32.monderc.gen And Trojan.vundo

The upload results did not show anything bad. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\bob\Application Data\rhc5rfj0e51n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. E: is CDROM (No Media)F: is Fixed (NTFS) - 149.04 GiB total, 44.09 GiB free. weblink

Christ\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Johnny H. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. It goes through the process and when finished is still there. # Malware had been downloaded When I run a scan, it gets to the first infected file with Brisv.A and Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 -David- -David- Members 10,603 posts OFFLINE Gender:Male Location:London Local time:08:19 PM Posted 02 August 2008 https://www.bleepingcomputer.com/forums/t/161014/need-help-with-clean-up-of-trojanwin32mondercgen-and-trojanvundo/

If there's anything that you do not understand, kindly ask your questions before proceeding. Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33][HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"RunNarrator"=Narrator.exe[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background"msnsc"=C:\WINDOWS\system32\msnsc.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Here is the problem: I got infected by Vundo.gen! (spelling?) said by Windows Defender and when tried to removing it just do nothing.

At the end, be sure a checkmark is placed next to: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP212\A0025047.dll (Trojan.Vundo) -> Quarantined and deleted successfully. I have run FixBrisvA.exe and followed the steps to remove it. In the Mode menu click "Advanced mode" if not Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal

You had a look at my hijackthis and Combofix logs, and then you suggested that I download Suspicious File Packer to pack C:\WINDOWS\system32\msnsc.exe I did so, and I now I've posted Sorry for the slow reply. Your desktop may disappear. http://www.solvusoft.com/en/malware/trojans/dr-monder-320653/ Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com Back to top #7 -David- -David- Members 10,603 posts OFFLINE Gender:Male Location:London Local time:08:19 PM Posted 03 August 2008 - 01:26 AM Hi and thanks for uploading that file.I scanned C:\Documents and Settings\Johnny H. Step 7 Click the Scan for Issues button to check for DR/Monder.320653 registry-related issues.

button and specify where you would like to save this file When you press the Save button a notepad will open with the contents of that file Copy and paste the If an update is found, it will download and install the latest version. C:\Documents and Settings\bob\Application Data\rhc5rfj0e51n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. Please repeat for the following files: C:\WINDOWS\system32\426.tmp __________________ Practice Safe Surfing** PC Safety and Security--What Do I Need? ** Because what you don't know, CAN hurt you.Proud Member of UNITE since

This allows us to help you in the case that your computer has a problem after an attempted removal of malware. have a peek at these guys Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. This will generate a CAB archive on your desktop.Reboot back to normal mode.Go to this page.Enter the url of this thread in the first field.Where it says, browse to the file See this link for help if needed.

That is no longer true. A box will pop up asking you if you wish to fix the selected items. Trojans are one of the most dangerous and widely circulated strains of malware. check over here It can maliciously create new registry entries and modify existing ones.

Since then, I've tried various things based on some logs that I've read in your forums. Temp folders emptied. When finished, it shall produce a log for you.

scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll -> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll -> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll -> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll -> C:\WINDOWS\system32\tphklock.dll

I strongly recommend you get rid of them by doing the following: OTMoveIt2 Download OTMoveIt2.exe by OldTimer and save it to your desktop. If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt So please post back: Combofix results MBAM BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer.

I booted in safe mode and did a scan with nortons and also run the norton program to remove the Brisv.A trojon and was just letting that run. C:\WINDOWS\system32\ibmpmsvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Unfortunately, scanning and removing the threat alone will not fix the modifications DR/Monder.320653 made to your Windows Registry. this content Although it has been removed from your computer, it is equally important that you clean your Windows Registry of any malicious entries created by DR/Monder.320653.

In addition to DR/Monder.320653, this program can detect and remove the latest variants of other malware. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Following these simple preventative measures will ensure that your computer remains free of infections like DR/Monder.320653, and provide you with interruption-free enjoyment of your computer. Click here to Register a free account now!

Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. Register now! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP218\A0025317.dll (Trojan.Vundo) -> Quarantined and deleted successfully. However those files were only linked to secure programs (like Ahead Nero,..).

All Rights Reserved. other posts saying completely differerent. Follow the prompts to install the Recovery Console. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

I have searched for any files that may contain autorun.inf and found some which I have deleted. scanning hidden autostart entries ...