Scared

[Tarq57]

I'll say it again: use MBAM.

[addirockart]

Will the free version do everything I need done now, (if it does work I will def pay for it next pay check)... I hate all these online scans that run, then say oh you're infected, pay us and we can fix it... reminds me of Macafee..

[Tarq57]

No to the above. It's an application you install, not an online scan.
The free version will detect and remove a lot of the current malware, it is the first line tool of choice against trojans etc.
The pay-for version also provides resident protection.
For now, just use the free one.

More details: Important.
Given the nature of the infection you have, it would be advisable to rename both the installer and the main exe after installation. When you go to download it (using a clean computer), save the file to a (clean) flash drive, and save it as addirockart.exe. (Doesn't have to be that name. It has to be something a bit random, that doesn't mimic another file name on your computer. That name will do fine.)
Transfer the renamed file to the desktop of the sick computer. Doubleclick it to run, and MBAM wil be installed.
Once it is installed, go to the folder C:\Program Files\Malwarebytes' Anti-Malware and rename MBAM.exe to addirockart.exe Double-click it from within that folder to run the application. Have it run a quick scan, and, as suggested earlier, have it remove anything found, and post the scan report.

[addirockart]

so far, so good. sick compy is in safemode, running a quick scan with addirockart.exe... I really appreciate the help, christmas eve was my parents anniversary, and I am praying, today, christmas, we can share all the special photos and all from this year with out christmas guests we only see once, maybe twice a year. please stay on if you can, you are far more helpful that microsoft!

[Tarq57]

Cool. I'll be here a while. At least long enough to read the scan report.

[Spiritsongs]

   Hi :

 I do not want to get you more scared than you already are, but there is a
 possibility you MAY have a hidden "rootkit" on the affected computer that
 MAY be "re-generating" your "infections" . The Best rootkit detection program
 is "RootRepeal", but its logfile ( the "Results" of running the program ) is
 best analyzed by a trained, possibily CERTIFIED "Malware Removal Specialist"
 and the ONLY ones on these forums would be "oldman" or "essexboy" .

[addirockart]

how would i get the report from the infected computer to this one

[addirockart]

anything i can do for free, to get EVERYTHING EVIL out of my poor poor innocent computer ... I mean, I dont do anything to warrent all this crap, I update and all... first ever problem I had myself with virals.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

12/25/2009 3:10:31 AM
mbam-log-2009-12-25 (03-10-04).txt

Scan type: Quick Scan
Objects scanned: 113977
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\biditusod (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nuyafeku.dll (Trojan.Vundo.H) -> No action taken.


the sceen with the checks is still up, I havent clicked remove yet

[Tarq57]

Check all infected items. Click remove (this will quarantine them.). If prompted to reboot, do so promptly.
Once that is done, reconnect to the internet, and start MBAM again (via the program files folder), update it, and run another quick scan. Post the new scan report, or advise of any problems.

[Tarq57]

One more thing; reboot into normal mode after the prompt (if any), and in any case prior to attempting to update MBAM. Run the next quick scan on the updated MBAM in normal mode.

[addirockart]

everything was handled successfully.... I think

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

12/25/2009 3:16:53 AM
mbam-log-2009-12-25 (03-16-53).txt

Scan type: Quick Scan
Objects scanned: 113977
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\biditusod (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nuyafeku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.





now I am going to try updating it... when i logged in tho, i got a message that said (X) dupaket.dll failed to start (in summary) and yahoo IM didnt load like usual

[addirockart]

as of now ... the updated MBAM is scanning in normal mode... should the internet stay connected?

[Tarq57]

now I am going to try updating it... when i logged in tho, i got a message that said (X) dupaket.dll failed to start (in summary) and yahoo IM didnt load like usual

Don't worry about that for now.

as of now ... the updated MBAM is scanning in normal mode... should the internet stay connected?

Probably not critical, but it is probably best to disconnect it just in case. I guess MBAM updated OK?

[addirockart]

  yes it did... does this mean I'm almost saved?!

Malwarebytes' Anti-Malware 1.42
Database version: 3426
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/25/2009 3:29:59 AM
mbam-log-2009-12-25 (03-29-59).txt

Scan type: Quick Scan
Objects scanned: 119026
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



... I need to purge absolutely every single temporary file and that system restore thing and all too... I am so desperate to never see these things again!

[addirockart]

GAH!!!!!!!!

i had mbam start a full scan in regular mode, and avast freaked out 3 times, finding that Jifas-cj bull crap again, and at the same time Mbam listed 3 found infected objects... ..... will mbam find stuff in the virus chest , or did they both just happen to find these things at the same time