Thread: [SOLVED] Trojan.vundo, Constant Popups and slowed system.
View Single Post
Old 12-10-2007, 11:17 AM   #11 (permalink)
frantheonlyter
Registered User
 
Join Date: Nov 2007
Posts: 12
OS: Windows XP Home Service Pack 2


Re: Trojan.vundo, Constant Popups and slowed system.
Hello, basically what happens is norton picks up trojan.vundo and then gives me the options to remove, repair and quarantine. When I select remove it prompts me to restart my computer and it then continues to remove the rest of it. It then gives a report saying the removal was successfull. However although I know that i'm still infected I don't see any symptoms anymore.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 10, 2007 6:01:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/12/2007
Kaspersky Anti-Virus database records: 478251
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 104827
Number of viruses found: 10
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 00:53:48

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{53C04906-249F-49ED-B27C-F671A9354961}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped
C:\WINDOWS\Temp\sqlite_bbLLIBTJsEv6i6t Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-10_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Francois\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Francois\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Temp\Perflib_Perfdata_f1c.dat Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Temp\Perflib_Perfdata_10c4.dat Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Temp\Perflib_Perfdata_10d0.dat Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Application Data\Acer Arcade\Log\Trace20071210.log Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Francois\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Francois\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0525NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP1\A0001090.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP6\A0003108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP6\A0003118.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP8\A0004471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP8\A0004473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP8\A0004474.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.af skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP8\A0004476.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP8\A0004491.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP10\A0004761.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP10\A0004984.EXE Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP10\A0004985.EXE Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP13\change.log Object is locked skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP13\A0005411.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP13\A0005413.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP13\A0005415.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP13\A0005416.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP13\A0005417.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{35FCD7EF-6098-4010-A613-2A9EB0916AFF}\RP13\A0005418.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Deckard\System Scanner\20071130133204\backup\DOCUME~1\Francois\LOCALS~1\Temp\lnpvkjxe.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Deckard\System Scanner\20071130133204\backup\DOCUME~1\Francois\LOCALS~1\Temp\psfekldi.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mmtarnxs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ukdxjrei.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.af skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xopdvbvb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oxafrykn.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\catchme2007-12-04_233808.82.zip/xxyvvvv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayy skipped
C:\qoobox\Quarantine\catchme2007-12-04_233808.82.zip ZIP: infected - 1 skipped

Scan process completed.
frantheonlyter is offline