Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92374 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] trojan infestation, file that won't delete, bad virus pro


  • This topic is locked This topic is locked
5 replies to this topic

#1 Megan J

Megan J

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 17 November 2009 - 07:14 PM

So I've been running my computer without virus protection for awhile now because it expired and, sadly, I didn't pay up and renew it fast enough [I use AVG]. But anyways, I got my virus protection again because every once in awhile I'll come in my room and find that my computer restarted itself or something, and sometimes my windows that have to do with My Documents, My pictures, My music, etc just CLOSE when i'm in the middle of using them.

So I ran a test and my AVG found a VUNDO trojan that has probably infected a huge number of my system 32 files, as well as some in the system recovery. AS I type this, every 15 seconds or so my AVG pops up with vundo infecting one of my system 32 files [[neuhrofu.dll][ and I can no longer access my AVG interface. PLease PLEASE help me.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 November 2009 - 09:10 PM

Hello Megan J,
Welcome to What the Tech.
My name is OCD, I will be helping you with your computer today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

To get started I need to have you run a few scans so I can evaluate what is going on and formulate a course of action.

If you are running Windows Vista you will need to select "Run as Administrator" to run these tools.
To do this right click on the file after you have downloaded it to your desktop and select "Run as Administrator".

- - - - - Next - - - - -

Please download DDS from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
- - - - - Next - - - - -

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. DO NOT take any action on any "<--- ROOKIT" entries


- - - - - Next - - - - -

On your next post please provide the following:
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
  • Gmer.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 Megan J

Megan J

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 18 November 2009 - 06:34 PM

Ok, so here's the deal. I ignored the thing that kept popping up because I believe my virus program got temporarily hijacked. I restarted and got the bad program off my computer that gave me the virus. I ran my avg and even though it said "are you sure you want to empty vault, these files may cause your system to crash" i did it anyways. I rebooted and click on internet explorer. the virus came back. so i went through the process again and deleted the virus as WELL as all of my previous internet explorer settings, return to default. its running smoothly now and no viruses pop up when i scan system folders. I've got a process running called lsass.exe. Someone said something about a "sasser worm" is this possible?

#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 November 2009 - 07:03 PM

Hi Megan J,

I've got a process running called lsass.exe. Someone said something about a "sasser worm" is this possible?

At this point it is next to impossible to tell what might be happening without the logs I requested for review.
The absence of symptoms doesn't necessarily mean that your computer is clean.

Please revisit my previous post and provide the logs in your next post.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 November 2009 - 11:59 PM

Hello Megan J, It's been a few days, I was just checking to see if you still needed assistance?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 24 November 2009 - 07:20 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users