Thread: Re: I cannot get rid of Ping.exe - Vundo?
View Single Post
Old 01-10-2008, 06:02 PM   #12 (permalink)
TheBruce1
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: I cannot get rid of Ping.exe - Vundo?
Thank you sUBs for your assistance.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
KillAll::

File::
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job

Folder::
C:\SpywareBot
C:\Program Files\SpywareBot
C:\Documents and Settings\MarkB\Application Data\SpywareBot
C:\WINDOWS\mobgslti

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trto"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Llsbjso"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"=-
Save this as CFscript





Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=============================

No AntiVirus Onboard

I see no evidence of an AntiVirus program on your system. This must be resolved. Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

================================

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 U3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=================================
Logs Required
C:\Combofix.txt
Scan log from you installed AV
Hijackthis log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline