Dropper, vundo and perhaps maybe more?

supermep · 01-20-2008, 11:03 AM

Hey all,

Three days ago I became infected with both Dropper and Vundo (thanks wifey and limewire.... *sighs*)

Anyways, I used AVG, Combofix, Adaware 07, Spybot 1.5, Hijackthis, Vundofixer, TrendMicro Housecall, Spybot Bazooka, and one other program I can't remember.

I basically attacked my computer when these things arrived.

The first thing I noticed was that my C:\ drive and both user accounts on my pc were filled with these files which were named, "p01.tmp" all the way to "p900.tmp". They were all about 1.3 megs in size so you can imagine the amount of space it took up when in all three places.

Combofix apparently deleted those permentally. So I'm good on that!

However, all the fixes for the "Vundo" trojan didn't work,and I knew I had it due to having the program, "pmkjj.exe" in my C:\Windows\System32 folder.

The pmkjj.exe and it's buddy pmkjj.dll continually come back to my drive.

I have tried running all said programs again with no avail. The only file I can manage to delete; even while in safe mode; is pmkjj.exe. The dll file will not be deleted.

I can however go into the command prompt, rename the dll and move it and then delete. But then upon reboot hello respawn!

At this point I am not experiencing any issues as I was before, IE. files spawning all over my drives, excessive pop-ups, continuous freezes of any programs, programs uninstalling themselves, etc.

I just can't bare to think that the ******* is still sitting there. Reformat is an obvious choice but I'm looking for perhaps a way where I can avoid losing some files. No matter how long I spend backing something up I always lose something. And it always ends up being something critically annoying. Like discovering I have to start Oblivion over, from the begining. That's always awesome! Haha!

My hijackthis! log is clean as well as combofix.

FYI: Windows is 100% updated as of 1/19/2008 Windows XP SP2
and there are no "suspicious programs in my add/remove (ah if only it were that simple!)

**Cellus** · 01-20-2008, 05:29 PM

Please take a look at our HijackThis 5 Step Process and post your HijackThis log in our HijackThis Log Help board. A member of our security team will be able to assist you further in cleaning out your machine.

While it may look like your HJT log and combofix appear clean, I would definitely run through the 5 Step Process and post in our HJT help board. We have some very experienced malware fighters in our security team, and they use more than HJT and combofix to make sure you are going strong. Highly recommended.

01-20-2008, 11:03 AM	#1 (permalink)
supermep Registered User Join Date: Dec 2007 Location: Phoenix Posts: 254 OS: winxp	Dropper, vundo and perhaps maybe more? Hey all, Three days ago I became infected with both Dropper and Vundo (thanks wifey and limewire.... sighs) Anyways, I used AVG, Combofix, Adaware 07, Spybot 1.5, Hijackthis, Vundofixer, TrendMicro Housecall, Spybot Bazooka, and one other program I can't remember. I basically attacked my computer when these things arrived. The first thing I noticed was that my C:\ drive and both user accounts on my pc were filled with these files which were named, "p01.tmp" all the way to "p900.tmp". They were all about 1.3 megs in size so you can imagine the amount of space it took up when in all three places. Combofix apparently deleted those permentally. So I'm good on that! However, all the fixes for the "Vundo" trojan didn't work,and I knew I had it due to having the program, "pmkjj.exe" in my C:\Windows\System32 folder. The pmkjj.exe and it's buddy pmkjj.dll continually come back to my drive. I have tried running all said programs again with no avail. The only file I can manage to delete; even while in safe mode; is pmkjj.exe. The dll file will not be deleted. I can however go into the command prompt, rename the dll and move it and then delete. But then upon reboot hello respawn! At this point I am not experiencing any issues as I was before, IE. files spawning all over my drives, excessive pop-ups, continuous freezes of any programs, programs uninstalling themselves, etc. I just can't bare to think that the ******* is still sitting there. Reformat is an obvious choice but I'm looking for perhaps a way where I can avoid losing some files. No matter how long I spend backing something up I always lose something. And it always ends up being something critically annoying. Like discovering I have to start Oblivion over, from the begining. That's always awesome! Haha! My hijackthis! log is clean as well as combofix. FYI: Windows is 100% updated as of 1/19/2008 Windows XP SP2 and there are no "suspicious programs in my add/remove (ah if only it were that simple!) Last edited by supermep; 01-20-2008 at 11:08 AM.

01-20-2008, 05:29 PM	#2 (permalink)
Cellus Moderator Networking Team Join Date: Aug 2006 Location: Canada Posts: 2,664 OS: Windows Vista Business SP1, Windows XP Professional SP3 My System	Re: Dropper, vundo and perhaps maybe more? Please take a look at our HijackThis 5 Step Process and post your HijackThis log in our HijackThis Log Help board. A member of our security team will be able to assist you further in cleaning out your machine. While it may look like your HJT log and combofix appear clean, I would definitely run through the 5 Step Process and post in our HJT help board. We have some very experienced malware fighters in our security team, and they use more than HJT and combofix to make sure you are going strong. Highly recommended. __________________ TSF Networking Team Virus/Trojan/Spyware Removal Help Donate!