Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: HELP!!! vundo/zlob/smitfraud trojan on my PC!

  1. #11
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well,

    At the end of the day just run HijackThis! and post the log file. We will give it a look?

    http://www.majorgeeks.com/download5554.html

  2. #12
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  3. #13
    Senior Member
    Join Date
    Dec 2001
    Posts
    319
    He's already posted the HJ logs....

  4. #14
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Wow Googlist.. whatever your very first post is a clean HJT log Then along comes alavardo with the solution - in his very first post.

    This Eset antivirus program named Nod32 has increasing rapidly in popularity because is very useful in detection of trojans,viruses,worms and other intruders.Nod32 in available for a 30 day trial period while you can test and ensure if is ok for your sistem security protection .Spyware and phishing are detected too.

    Yummy SPAM - I love spam.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  5. #15
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    It isn't spam. Both Nod32 (Rset) and Antivir (Avira) are well established and respected products, and don't use those marketing methods.

    I am somewhat surprised that googlist is running McAfee Virus Scan Enterprise, and got infected by this sort of crap. That is a fairly heavy duty security package.

    I would suggest that googlist updates it and boots into safe mode before running it. Also follow the other suggestions. Then do as I said and run a HijackThis! log with a version downloaded from a reputable site. From the log already posted:

    D:\sudasoft\HijackThis.exe
    Anyone trust "sudasoft" as a reliable source of security software tools?

    It would seem pretty obvious to me that this is a business/commercial setup, so he isn't eligible for a lot of the free tools that might help.

    Time to format and reinstall IMO.

  6. #16
    Junior Member
    Join Date
    Jun 2008
    Posts
    3

    Wink THANXXXX

    Greetings, people!


    I'm terribly sorry for the delay in posting this thank you message but here goes.
    Thank you for the suggestions and inputs. I've been successful in getting the nasty SOB off my machine the very next day I posted here!!

    I heavily relied on google (googlistics is a big google fanboi :P) and came to one conclusion-
    NONE of the current antivirus packages are any good for SmitFraud/ Vundo/ Zlob (yes, including McAfee Enterprise). It is such an obnoxious SOB that even KillBox-ing the mutant dlls wont work.

    Finally I found a few specialized standalone apps like SmitFraudFix and VundoRemoval. However, ony a tool called ComboFix was effective and sent the slimy little monster right into the depths of hell. I had to boot to Safe Mode and unplug my LAN cable to do that though.

    And yeah, this is a corporate setup and I am a computer engineer where I could've gotten into trouble had I reported the virus to the Support Dept. :P
    I have very limited access to the machine and the internet, however, I am lucky enough to have administrator privileges assigned!!! :P Thank god for small mercies!

    (Note to myself- Never, never download exes from obscure websites. )

  7. #17
    Junior Member
    Join Date
    Jun 2008
    Posts
    3
    Quote Originally Posted by dinowuff
    Wow Googlist.. whatever your very first post is a clean HJT log Then along comes alavardo with the solution - in his very first post.




    Yummy SPAM - I love spam.

    Hi Dinowuff,

    Unfortunately though, my first post wasn't spam. The HJT log seems to be clear because I had already deleted the dlls and registry entries I could, before taking the HJT log.

    Going to such extreme lengths to spam as posing as a victim in one post and then proposing your product in the other, I think, is highly unlikely. Whatcha say?

  8. #18
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    The HJT log seems to be clear because I had already deleted the dlls and registry entries I could, before taking the HJT log.
    Which is why we wanted you to run another one after it had re-infected you

    Going to such extreme lengths to spam as posing as a victim in one post and then proposing your product in the other, I think, is highly unlikely.
    Far more common than you would imagine. Spamming discussion forums is pretty much a global pastime these days However, as I pointed out, not with reputable products.

  9. #19
    Spamming discussion forums is pretty much a global pastime these days
    Indeed. My site used to get hammered by 'em to high heaven. As certain people here are well aware of.

  10. #20
    Junior Member
    Join Date
    Jul 2008
    Posts
    1
    Hi googlistics, I would suggest you to download an anti-virus software, a free one or a trial version. Both will help you out. I would recommend you to download AVG or AVAST as they are very used by most users, but take my advice and don't download the latest version of AVG because it's crap!! so not worth having it although it's the latest version, haha
    Christina
    www.gfi.com

Similar Threads

  1. Trojans - Ports
    By GbinaryR in forum AntiVirus Discussions
    Replies: 11
    Last Post: October 30th, 2008, 09:33 AM
  2. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  3. Reverse-Engineering the First Pocket PC Trojan, Part 1
    By MrLinus in forum AntiVirus Discussions
    Replies: 1
    Last Post: October 12th, 2004, 05:26 AM
  4. My firewall block this attempt.. but need info
    By LordChaos in forum Firewall & Honeypot Discussions
    Replies: 19
    Last Post: October 4th, 2002, 11:58 AM
  5. A new Trojan for *Nix...
    By [WebCarnage] in forum Security Archives
    Replies: 0
    Last Post: January 10th, 2002, 09:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •