J$tyle$

Driving me fucking nuts.

Popping ads in both IE and FF at different intervals. Going to Google or yahoo generally triggers them.

Just can't find anything to get rid of 'em for good

HELP

LOL

Malwarebytes' Anti-Malware 1.31
Database version: 1559
Windows 5.1.2600 Service Pack 2

12/28/2008 3:18:08 AM
mbam-log-2008-12-28 (03-11-08).txt

Scan type: Quick Scan
Objects scanned: 60603
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sicone

Hey man.. I had that shit a whilE back and it took me about 2 days too get rid of it.

start here...

http://www.symantec.com/business/sec...112210-3747-99

run both tools (unless you know which vundo you have)
reboot in safe mode, run the tool again
reboot in safe mode run Windows Defender... http://www.microsoft.com/windows/pro...r/default.mspx
reboot in safe mode run spybot search and destroy.
reboot in safe mode and go through each item that runs on start up, run each item 1 at a time, if you dont know the process, do not allow it to run
Run the symantec program again

reboot normal and run all 3 programs again

Cross your fingers and good luck. I had to repeat this process several times until I found all files that were auto running and reinstalling the malware

__________________

Fletch XXX

MBAM wont and cannot remove all spyware that is currently out.

http://www.gofuckyourself.com/showth...ght=virtumonde

Theres my thread about recent infection, it will take you a full day to remove it.

the programs out for free do not remove this stuff, the processes in memory cannot be killed by MBAM or spybot or any free stuff, you need to start dissecting and killing registry keys and go until you nip it all...

most processes or files will remanifest itself as a copy if you delete the original .dll files etc... so you have yto fight it and try to remove as much as you can to stop it from running so you can kill it all.

ps i just removed the MS Juan from my bros computer,...

__________________

Want an Android App for your tube, membership, or free site?

Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

Mutt

i've had this shit three times now - finally learned my lesson, don't visit sites that end in .RU !

go to Fletch's thread - the MajorGeeks guide has bailed me out each time - it's going to take at least half a day to clean it up so consider re-formatting and re-installing Windows.

and Fletch - those .dll files that u had left in your registry are harmless, they're just remnants

i just don't know how we let these fuckers get away with the mass destruction they are responsible for - it's not like this shit is hidden - the servers that these trojans connect to are known - so tracking down the people behind it should not be hard.

__________________

stoner529

i use spyware doctor and registry mechanic, both by PC Tools. they work very well for me. there was only one infection that i had trouble with but i got it solved. sometimes its just easier to make sure your files are back up periodically and just use a seperate account from the adminstrator. then you can delete the infected account and put your old files back on it free and clear, and it wont take all day.

polish_aristocrat

how do you get infected with this trojan?

__________________
I don't use ICQ anymore.

RegUser

easy mah friend
just visit a webpage and thats it! the bloody thing attaches itself to your machine

u-Bob

format + reinstall.

HorseShit

google malwarebytes

Brujah

Buy a new computer. That usually worked for me.

__________________

• Free Premium Domain Lists and Tools at Clickmojo.com
• For Sale: Obscenity.com

dready

You might want to try the free online virus scan at http://www.pandasoftware.com/

It sometimes cleans things that Norton and McAfee can't touch.

__________________
ICQ: 91139591

GregE

__________________

50/50 lifetime payout - EXCLUSIVE CONTENT - CCBill
CLiCK here for your Bun Beating Dollars.

Barefootsies

__________________
Should You Email Your Members?

Link1 | Link2 | Link3

Enough Said.

"Would you rather live like a king for a year or like a prince forever?"

IllTestYourGirls

Update your java or you will just keep getting it

__________________

Outlaw #1

this and just this...
http://www.greatis.com/unhackme/

__________________
BlowNetwork.com - Advertise on 20 y old porn network >> blownetwork AT gmail.com

sicone

I probably should have mentioned that it was well over a yr ago when I got hit by this, and at that time that's what I did to get rid of it. I'm sure its been changed and re-written several times by now

__________________

HandballJim

Try "Malwarebytes" - Anti-Malware, you can download it for free. This cleared up my problems...and I had some nasty stuff.

If a program was downloaded on your computer, you might have to manually remove it from "add/remove programs" in your control panel.

I usually get my problems checking sigs on GYF, it seem their website is safe, but once you start clicking on their Photo Galleries..."it's like a box of chocolates...you don't know what your going to get." The pain in the ass spyware/virus lately is a PDF pop up...you just visit the infected website and it just pops up. I avoided it a couple more times by quickly hitting CTL ATL DELETE...and ending the process.

Hope this helps...

__________________
HOW I MAKE LOTS OF $$$

HandballJim

Looking through this thread again ic you already tried Malwarebytes, you can go to download.com and try several other programs...many are free or offer a free trial...and try to find their updated versions.

In the past I was able to search and manually delete the files, but now these viruses are smarter and seem to be hidden and you might delete something that you need to make the computer function correctly. If you do try deleting manually...don't empty your recycling bin right away. Just incase you need to restore the files.

__________________
HOW I MAKE LOTS OF $$$

Just Mike

fixvundo.exe will permanently remove it

If you cant find a copy hit me up and I'll upload it for you

__________________

EMAIL: [email protected] / ICQ: 56205262



AWEMPIRE

perfectodollars-gabrio

hey there Johnatan, i got that fucker myself too and took a lil while to clean it, if i recall correctly ive used the specific cleaner.... as well as Malwarebytes' Anti-Malware several times... and be careful since some of the cleaners that pretend do clean the infection, they will only charge you $$$ and do nothing.

i had a link with the instructions but cant find it :/

perfectodollars-gabrio

have you tried running HijackThis ?

Barefootsies

__________________
Should You Email Your Members?

Link1 | Link2 | Link3

Enough Said.

"Would you rather live like a king for a year or like a prince forever?"

tranza

That's fucked up!

__________________
I'm just a newbie.