Vundo Virus

JayJay65

Ergebnis SmitfraudFix:

SmitFraudFix v2.315

Scan done at 14:05:51,78, 20.04.2008
Run from C:\Dokumente und Einstellungen\achim\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Ergebnis Malwarebytes:


Malwarebytes' Anti-Malware 1.11
Datenbank Version: 660

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 212137
Scan Dauer: 4 hour(s), 8 minute(s), 30 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{3d91099b-562d-49ec-bdbd-78c5de9caed9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d195d70d-0b3f-491b-b1be-312b256e056b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7906df0a-d80f-4bbd-9b28-1c708d15a416} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.bwom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkLBRIx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD75C7A0-8634-4851-8FE2-E6E685C78125}\RP214\A0053197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\jkkLBRIx.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\npqtsrak.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fmsxwqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\bokpkov.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rtqmekwg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\qtvglped.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\pmsoarbf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\omlbpkaw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\lgmxvpatgbn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.





DANKE!!!