Guest Jo-Anne Posted December 1, 2008 Posted December 1, 2008 This weekend my computer suddenly slowed way down, and I briefly saw a "blank screen" window in IE that shouldn't have been there. My OS is WinXP SP3, fully updated. My antivirus is NIS 2008. Last night I ran the Windows Malicious Software Removal Tool, which found nothing. Today I downloaded Spyware Blaster and SuperAntiSpyware. I ran SuperAntiSpyware, and it found 14 instances of Adware tracking cookies and 31 files for Adware Vundo Variant/Rel. It removed everything, and I restarted my computer, which now seems to be running at its usual speed. Is there anything else I should do to make sure my computer is clean? Thank you! Jo-Anne Quote
Guest David H. Lipman Posted December 1, 2008 Posted December 1, 2008 From: "Jo-Anne" <Jo-AnneATnowhere.com> | This weekend my computer suddenly slowed way down, and I briefly saw a | "blank screen" window in IE that shouldn't have been there. My OS is WinXP | SP3, fully updated. My antivirus is NIS 2008. | Last night I ran the Windows Malicious Software Removal Tool, which found | nothing. | Today I downloaded Spyware Blaster and SuperAntiSpyware. I ran | SuperAntiSpyware, and it found 14 instances of Adware tracking cookies and | 31 files for Adware Vundo Variant/Rel. It removed everything, and I | restarted my computer, which now seems to be running at its usual speed. | Is there anything else I should do to make sure my computer is clean? | Thank you! | Jo-Anne Because you had the Vundo Trojan, I suggest Malwarebytes Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Jo-Anne Posted December 1, 2008 Posted December 1, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23fz3rB$UJHA.1360@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > From: "Jo-Anne" <Jo-AnneATnowhere.com> > > | This weekend my computer suddenly slowed way down, and I briefly saw a > | "blank screen" window in IE that shouldn't have been there. My OS is > WinXP > | SP3, fully updated. My antivirus is NIS 2008. > > | Last night I ran the Windows Malicious Software Removal Tool, which > found > | nothing. > > | Today I downloaded Spyware Blaster and SuperAntiSpyware. I ran > | SuperAntiSpyware, and it found 14 instances of Adware tracking cookies > and > | 31 files for Adware Vundo Variant/Rel. It removed everything, and I > | restarted my computer, which now seems to be running at its usual speed. > > | Is there anything else I should do to make sure my computer is clean? > > | Thank you! > > | Jo-Anne > > Because you had the Vundo Trojan, I suggest Malwarebytes Anti-Malware > http://www.malwarebytes.org/mbam/program/mbam-setup.exe > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Thank you, Dave! I downloaded and ran Malwarebytes Anti-Malware, which discovered 6 more infected items: Adware.Minibug, registry key; Malware.Trace, registry key; and Trojan.Vundo, 2 registry keys and 1 file. Do you think I should try any other programs in case something is still lurking? Jo-Anne Quote
Guest David H. Lipman Posted December 1, 2008 Posted December 1, 2008 From: "Jo-Anne" <Jo-AnneATnowhere.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:%23fz3rB$UJHA.1360@TK2MSFTNGP05.phx.gbl...<span style="color:blue"><span style="color:green"> >> From: "Jo-Anne" <Jo-AnneATnowhere.com></span></span> <span style="color:blue"><span style="color:green"> >> | This weekend my computer suddenly slowed way down, and I briefly saw a >> | "blank screen" window in IE that shouldn't have been there. My OS is >> WinXP >> | SP3, fully updated. My antivirus is NIS 2008.</span></span> <span style="color:blue"><span style="color:green"> >> | Last night I ran the Windows Malicious Software Removal Tool, which >> found >> | nothing.</span></span> <span style="color:blue"><span style="color:green"> >> | Today I downloaded Spyware Blaster and SuperAntiSpyware. I ran >> | SuperAntiSpyware, and it found 14 instances of Adware tracking cookies >> and >> | 31 files for Adware Vundo Variant/Rel. It removed everything, and I >> | restarted my computer, which now seems to be running at its usual speed.</span></span> <span style="color:blue"><span style="color:green"> >> | Is there anything else I should do to make sure my computer is clean?</span></span> <span style="color:blue"><span style="color:green"> >> | Thank you!</span></span> <span style="color:blue"><span style="color:green"> >> | Jo-Anne</span></span> <span style="color:blue"><span style="color:green"> >> Because you had the Vundo Trojan, I suggest Malwarebytes Anti-Malware >> http://www.malwarebytes.org/mbam/program/mbam-setup.exe >> -- >> Dave >> http://www.claymania.com/removal-trojan-adware.html >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp</span></span> | Thank you, Dave! I downloaded and ran Malwarebytes Anti-Malware, which | discovered 6 more infected items: Adware.Minibug, registry key; | Malware.Trace, registry key; and Trojan.Vundo, 2 registry keys and 1 file. | Do you think I should try any other programs in case something is still | lurking? | Jo-Anne What was that file (fully qualified name and path) and what was it identified as ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Jo-Anne Posted December 1, 2008 Posted December 1, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23FGQaPAVJHA.5364@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > From: "Jo-Anne" <Jo-AnneATnowhere.com> > > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > | news:%23fz3rB$UJHA.1360@TK2MSFTNGP05.phx.gbl...<span style="color:green"><span style="color:darkred"> >>> From: "Jo-Anne" <Jo-AnneATnowhere.com></span></span> ><span style="color:green"><span style="color:darkred"> >>> | This weekend my computer suddenly slowed way down, and I briefly saw a >>> | "blank screen" window in IE that shouldn't have been there. My OS is >>> WinXP >>> | SP3, fully updated. My antivirus is NIS 2008.</span></span> ><span style="color:green"><span style="color:darkred"> >>> | Last night I ran the Windows Malicious Software Removal Tool, which >>> found >>> | nothing.</span></span> ><span style="color:green"><span style="color:darkred"> >>> | Today I downloaded Spyware Blaster and SuperAntiSpyware. I ran >>> | SuperAntiSpyware, and it found 14 instances of Adware tracking cookies >>> and >>> | 31 files for Adware Vundo Variant/Rel. It removed everything, and I >>> | restarted my computer, which now seems to be running at its usual >>> speed.</span></span> ><span style="color:green"><span style="color:darkred"> >>> | Is there anything else I should do to make sure my computer is clean?</span></span> ><span style="color:green"><span style="color:darkred"> >>> | Thank you!</span></span> ><span style="color:green"><span style="color:darkred"> >>> | Jo-Anne</span></span> ><span style="color:green"><span style="color:darkred"> >>> Because you had the Vundo Trojan, I suggest Malwarebytes Anti-Malware >>> http://www.malwarebytes.org/mbam/program/mbam-setup.exe >>> -- >>> Dave >>> http://www.claymania.com/removal-trojan-adware.html >>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp</span></span> > > > | Thank you, Dave! I downloaded and ran Malwarebytes Anti-Malware, which > | discovered 6 more infected items: Adware.Minibug, registry key; > | Malware.Trace, registry key; and Trojan.Vundo, 2 registry keys and 1 > file. > | Do you think I should try any other programs in case something is still > | lurking? > > | Jo-Anne > > > What was that file (fully qualified name and path) and what was it > identified as ? > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Files Infected: C:\WINDOWS\BM3f77e85c.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Jo-Anne Quote
Guest John Posted December 1, 2008 Posted December 1, 2008 "Jo-Anne" <Jo-AnneATnowhere.com> wrote in message news:uV7ILTAVJHA.5856@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:%23FGQaPAVJHA.5364@TK2MSFTNGP05.phx.gbl...<span style="color:green"> >> >> What was that file (fully qualified name and path) and what was it >> identified as ? >></span> > Files Infected: > C:WINDOWSBM3f77e85c.txt (Trojan.Vundo) -> Quarantined and deleted > successfully. > > Jo-Anne</span> Restart your PC. See if that file comes back. Scan it again with whatever AV software you are using. There may still be infections here and there. That was my experience with Vundo. Format and OS reinstall was my solution to the problem. Quote
Guest David H. Lipman Posted December 1, 2008 Posted December 1, 2008 From: "Jo-Anne" <Jo-AnneATnowhere.com> | Files Infected: | C:\WINDOWS\BM3f77e85c.txt (Trojan.Vundo) -> Quarantined and deleted | successfully. | Jo-Anne OK, it wasn't a DLL or and EXE file. That's good. Combined eith the Registry entries that's indicative of maybe a cleanup of what SAS missed. If you are unsure... Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe Then post the contents of the HJT, SAS and MBAM logs in your post in one of the below expert forums... { Please - Do NOT post the HJT Log here ! } Forums where you can get expert advice for HiJack This! (HJT) Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.malwarebytes.org/forums/index.php?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Jo-Anne Posted December 1, 2008 Posted December 1, 2008 "John" <a> wrote in message news:%23QkRAbAVJHA.1164@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > > "Jo-Anne" <Jo-AnneATnowhere.com> wrote in message > news:uV7ILTAVJHA.5856@TK2MSFTNGP03.phx.gbl...<span style="color:green"> >> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >> news:%23FGQaPAVJHA.5364@TK2MSFTNGP05.phx.gbl...<span style="color:darkred"> >>> >>> What was that file (fully qualified name and path) and what was it >>> identified as ? >>></span> >> Files Infected: >> C:WINDOWSBM3f77e85c.txt (Trojan.Vundo) -> Quarantined and deleted >> successfully. >> >> Jo-Anne</span> > > Restart your PC. See if that file comes back. Scan it again with whatever > AV software you are using. There may still be infections here and there. > > That was my experience with Vundo. Format and OS reinstall was my solution > to the problem. ></span> Thank you, John! I restarted and reran Malwarebytes Anti-Malware, and this time it showed no infection. I HOPE this is the end of the it. Jo-Anne Quote
Guest Jo-Anne Posted December 2, 2008 Posted December 2, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23StpFeAVJHA.1884@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > From: "Jo-Anne" <Jo-AnneATnowhere.com> > > | Files Infected: > | C:WINDOWSBM3f77e85c.txt (Trojan.Vundo) -> Quarantined and deleted > | successfully. > > | Jo-Anne > > > OK, it wasn't a DLL or and EXE file. That's good. Combined eith the > Registry entries > that's indicative of maybe a cleanup of what SAS missed. > > If you are unsure... > > Download and execute HiJack This! (HJT) > http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe > > Then post the contents of the HJT, SAS and MBAM logs in your post in one > of the below > expert forums... > > { Please - Do NOT post the HJT Log here ! } > > Forums where you can get expert advice for HiJack This! (HJT) Logs. > > NOTE: Registration is REQUIRED in any of the below before posting a log > > Suggested primary: > http://www.thespykiller.co.uk/index.php?board=3.0 > > Suggested secondary: > http://www.bleepingcomputer.com/forums/forum22.html > http://castlecops.com/forum67.html > http://www.malwarebytes.org/forums/index.php?showforum=7 > > Suggested tertiary: > http://www.dslreports.com/forum/cleanup > http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 > http://www.atribune.org/forums/index.php?showforum=9 > http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html > http://gladiator-antivirus.com/forum/index.php?showforum=170 > http://forum.networktechs.com/forumdisplay.php?f=130 > http://forums.maddoktor2.com/index.php?showforum=17 > http://www.spywarewarrior.com/viewforum.php?f=5 > http://forums.spywareinfo.com/index.php?showforum=18 > http://forums.techguy.org/f54-s.html > http://forums.tomcoyote.org/index.php?showforum=27 > http://forums.subratam.org/index.php?showforum=7 > http://www.5starsupport.com/ipboard/index.php?showforum=18 > http://aumha.net/viewforum.php?f=30 > http://makephpbb.com/phpbb/viewforum.php?f=2 > http://forums.techguy.org/54-security/ > http://forums.security-central.us/forumdisplay.php?f=13 > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Thank you, Dave! I posted my logs at the thespyskiller and will let you know what I find out. Jo-Anne Quote
Guest Jo-Anne Posted December 4, 2008 Posted December 4, 2008 "Jo-Anne" <Jo-AnneATnowhere.com> wrote in message news:ey1V7JBVJHA.2644@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:%23StpFeAVJHA.1884@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> From: "Jo-Anne" <Jo-AnneATnowhere.com> >> >> | Files Infected: >> | C:WINDOWSBM3f77e85c.txt (Trojan.Vundo) -> Quarantined and deleted >> | successfully. >> >> | Jo-Anne >> >> >> OK, it wasn't a DLL or and EXE file. That's good. Combined eith the >> Registry entries >> that's indicative of maybe a cleanup of what SAS missed. >> >> If you are unsure... >> >> Download and execute HiJack This! (HJT) >> http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe >> >> Then post the contents of the HJT, SAS and MBAM logs in your post in one >> of the below >> expert forums... >> >> { Please - Do NOT post the HJT Log here ! } >> >> Forums where you can get expert advice for HiJack This! (HJT) Logs. >> >> NOTE: Registration is REQUIRED in any of the below before posting a log >> >> Suggested primary: >> http://www.thespykiller.co.uk/index.php?board=3.0 >> >> Suggested secondary: >> http://www.bleepingcomputer.com/forums/forum22.html >> http://castlecops.com/forum67.html >> http://www.malwarebytes.org/forums/index.php?showforum=7 >> >> Suggested tertiary: >> http://www.dslreports.com/forum/cleanup >> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 >> http://www.atribune.org/forums/index.php?showforum=9 >> http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html >> http://gladiator-antivirus.com/forum/index.php?showforum=170 >> http://forum.networktechs.com/forumdisplay.php?f=130 >> http://forums.maddoktor2.com/index.php?showforum=17 >> http://www.spywarewarrior.com/viewforum.php?f=5 >> http://forums.spywareinfo.com/index.php?showforum=18 >> http://forums.techguy.org/f54-s.html >> http://forums.tomcoyote.org/index.php?showforum=27 >> http://forums.subratam.org/index.php?showforum=7 >> http://www.5starsupport.com/ipboard/index.php?showforum=18 >> http://aumha.net/viewforum.php?f=30 >> http://makephpbb.com/phpbb/viewforum.php?f=2 >> http://forums.techguy.org/54-security/ >> http://forums.security-central.us/forumdisplay.php?f=13 >> >> >> -- >> Dave >> http://www.claymania.com/removal-trojan-adware.html >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp >> >></span> > Thank you, Dave! I posted my logs at the thespyskiller and will let you > know what I find out. > > Jo-Anne ></span> Got a response today at thespykiller that my HiJackThis log looked clean. Whew! Jo-Anne Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.