Home > Please Help > Please Help With Spyware/Adware/Vundo.

Please Help With Spyware/Adware/Vundo.

So everything is finally good with the computer So, could it be that SAS needs to be updated to better handle that particular version of Vundo? So after this is all cleaned up, then re-enable the system restore, then reboot and then make sure there is a new system restore point made in windows (and things will Select "last known good configuration", press F8 on startup. 2. But I guess you have already figured out these things anyways for your self. http://cgmguide.com/please-help/please-help-me-get-rid-of-spyware-hjt-logfile.php

Share this post Link to post Share on other sites Create an account or sign in to comment You need to be a member in order to leave a comment Create The virus can "eat"away at available hard drive space; hard drive space can fluctuate so much as +3 to -3 Gb of space, evident of Vundo's attempt at "hiding" when being This was: Adware.Vundo Variant/Resident and again after reboot I went into the reboot loop. scan: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/23/2008 at 01:20 AM Application Version : 4.15.1000 Core Rules Database Version : 3512 Trace Rules Database Version: 1503 Scan type : Quick Scan Total

If yes, then winlogon.exe file had been replaced by a malicious file. I understand you are trying to be helpful, but this is better left to experts such as oursleves as you possibly can lead the user down the wrong path and since As soon as the welcome screen appears?

DO NOT enable terminating memory threats. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. RP329: 10/25/2013 5:42:55 PM - Windows Update RP330: 10/29/2013 4:29:30 AM - Windows Update RP331: 10/30/2013 6:11:28 PM - Windows Backup . ==== Installed Programs ====================== . C: is FIXED (NTFS) - 580 GiB total, 468.676 GiB free.

Drag the setup package onto ComboFix.exe and drop it. Register now! By using this site, you agree to the Terms of Use and Privacy Policy. http://www.spywareinfoforum.com/topic/107971-adware-vundo-conhook-popup-ads-are-killing-me-help-please/ Everything seems to be a OK.

To solve the problem ( if step 1 fails perform step 2): 1. Sign In Use Facebook Use Twitter Use Windows Live Register now! Deletes the network connection under My Network Places. C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\12000000009710.isw.sect (Trojan.Vundo) -> Quarantined and deleted successfully.

  • I then rebooted into safe mode, ran SAS there and lo and behold it detected the RENAMED .dll file and was finally able to remove it completely since it was not
  • And one more thing.....when does windows reboot?
  • oldsod Page 2 of 6 First 123456 Last Jump to page: « Previous Thread | Next Thread » Thread Information Users Browsing this Thread There are currently 1 users browsing this
  • I am 99.99% sure, after running a complete scan using the rescue disk which I have PMed you, the looping reboots would halt.
  • Below is my HijackThis log file.
  • It's easy!
  • To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad.
  • A few will need to be permanently installed (like the ccleaner and the mbam) but the avert and the norman malware remover can be just placed on the main c drive
  • As soon as the welcome screen appears?
  • Live2008-03-30 09:05:50 0 d-------- C:\Users\Scott\AppData\Roaming\Malwarebytes2008-03-24 00:55:54 0 d-------- C:\Program Files\IncrediMail2008-03-23 23:27:30 0 d-------- C:\Program Files\Bonjour2008-03-23 22:43:23 255 --a------ C:\Users\Scott\AppData\Roaming\iPod Access v4 Prefs2008-03-23 22:30:00 0 d-------- C:\Program Files\Wide Angle Software2008-03-23 22:29:56 0

As soon as the welcome screen appears? Several functions may not work. The hard drive may start to be constantly accessed by the winlogon.exe process, thus periodic freezes may be experienced. Now close it.

C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\1b000000001cbd.isw.sect (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP149\A0070434.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Built 2009/01/06 16:12:23 Norman Scanner Engine Version: 5.93.01 Nvcbin.def Version: 5.93.00, Date: 2009/01/06 16:12:23, Variants: 2447702 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3 Logged Anyway, I'm a happy camper right now, and I can finally start to use my computer for more productive things than spyware/virus scanners, like watching DVD's and such Thanks for all

Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e886a1e8-44d9-4e59-a7ec-be254fee50b2} (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aialvsba.dll (Trojan.Vundo) -> No action taken. Windows Automatic Updates (and other web-based services) may also be disabled and it is not possible to turn them back on. However, after the downgrade and running Superantispyware in safe mode and rebooting into normal mode, I still hit the never ending reboot loop *sigh* this is getting very tiring indeed.

If still the problem is not solved, then create a rescue disk using PEBuilder, and replace the winlogon.exe file in system32 folder with the original one. After rebooting, the computer would reboot after showing the windows logo with the progress bar. So, does winlogon.exe have anything to do with starting lsass.exe or is it vice verse?

After that, I rebooted from safe mode to normal mode and now the computer got all the way into windows, but the Vundo spyware was still there of course.

Popular anti-malware programs such as Spybot - Search & Destroy or Malwarebytes' Anti-Malware may be deleted or immediately closed upon loading. As soon as the welcome screen appears? After removing the adware with Super Anti-Spyware, I would be prompted to reboot my computer (which I do), I would run SAS again, and the adware would be detected again. PS - I download the Windows Version of Avira and everything checked out...

And one more thing.....when does windows reboot? A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to Lisandro: Can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?I suggest:1. No way to repair or remove them.