Tech Support Forum - View Single Post - Vundo and Downloader-BDF

sUBs · 08-10-2007, 03:29 AM

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {4A0E7C3B-BE02-4174-940F-7C5CC34220E0} - C:\WINDOWS\system32\mllmj.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F66939-8984-49F3-B8FC-6A6C03FDE215}: Domain = domain.invalid
O20 - AppInit_DLLs: c:\windows\system32\geebxxu.dll

---------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\install.dat
C:\WINDOWS\SYSTEM32\mqshcefp.exe
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A0E7C3B-BE02-4174-940F-7C5CC34220E0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-

Save this as "CFScript"

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

---------------

Click here perform an online scan >> Online Scanner

---------------

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Online scan

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

08-10-2007, 03:29 AM	#5 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,492 OS: N/A	Re: Vundo and Downloader-BDF Do a HijackThis scan & place a check next to these items and select "Fix checked": R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {4A0E7C3B-BE02-4174-940F-7C5CC34220E0} - C:\WINDOWS\system32\mllmj.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F66939-8984-49F3-B8FC-6A6C03FDE215}: Domain = domain.invalid O20 - AppInit_DLLs: c:\windows\system32\geebxxu.dll --------------- Open notepad and copy/paste the text in the quotebox below into it: Code: File:: C:\install.dat C:\WINDOWS\SYSTEM32\mqshcefp.exe Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A0E7C3B-BE02-4174-940F-7C5CC34220E0}] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=- Save this as "CFScript" Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. --------------- Click here perform an online scan >> Online Scanner --------------- In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Online scan ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?