Trojan.Vundo virus

[tetonbob]

Wow, Norton was busy....

Please use Symantec's guide to remove the Norton Quarantine files.

Or....delete the contents of this folder, but not the folder itself:

C:\Program Files\Norton AntiVirus\Quarantine

==================================================================


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Open NOTEPAD.exe and copy/paste the text in the codebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Judy\Desktop\[4]-Submit_2007-12-27@21.37.zip"
"C:\WINDOWS\system32\fsjqyltw.exe"

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

for %%g in (

%systemdrive%\Deckard

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

[playerofsoccer]

Its been a little while since I've heard from you.... Just wondering what I need to do next...

Thanks

[tetonbob]

I've been waiting for you to reply to this part of the instructions:

Quote:

Double click on fix.bat & allow it to run

Post back to tell me what it says

It should have said "Deleted successfully!! Press any key to continue"

I would think that after 5 days, you probably have. Let me know.

[playerofsoccer]

I didn't see your reply until I posted the message I posted yesterday. Sorry.... I'm doing what you said right now....

[playerofsoccer]

It said "Deleted Successfully" "Press any key to continue!" and when I did it went away.

Sorry it took so long for me to realize there was a second page.

[tetonbob]

No worries. How's the machine behaving now?

[playerofsoccer]

So far its okay. Its still a little slow. I am going to remove Norton and install one of the free ware programs.... Lets see how that goes....

[tetonbob]

From a malware perspective, we're done here.

For a slow machine, see this page put together by our colleague, Miekiemoes.

http://users.telenet.be/bluepatchy/m...wcomputer.html

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
  
  
• IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• FIREWALL
  Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here
  
  Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[playerofsoccer]

I am going to school now. I will install those programs you mentioned when I get home. I have a question. There is a person in my household who frequently views obscene material and plays games online. I know he uses adult swim website a lot. Is the Adult Swim website safe? Also, he has a problem with some games because he does not have admin privileges so he can't run the Adobe flash player even tho it was installed with the admin account. How can I get him access to it? OR should I give him access to it?


Thanks,

Judy

[tetonbob]

This is what McAfee Site Advisor has to say about that site:

http://www.siteadvisor.hk/sites/adultswim.com/summary/

Was flash installed to allow all who use the computer to use it?

Are you using the latest version of Flash?

Can you log on to the non-admin account, download the flash player installer, right click on it, and Run As your admin user?

Perhaps you could ask in the Windows XP forum about the Flash Player and a non-admin account if that doesn't help.

The other question about whether or not to allow it seem to be of a personal nature. Only you can answer that, sorry. It goes beyond my malware removal assistance.

[playerofsoccer]

Thank you. I did everything you said. I will work on the Adobe thing. As far as malware tho, I'm all set. THANK YOU SO MUCH!!!!!!!!!