Jump to content

bhs3064

Members
  • Content Count

    10
  • Joined

  • Last visited

About bhs3064

  • Rank
    Member
  1. bhs3064

    Adware Vundo Variant

    I'll jump in though as a novice only to direct you to the earlier thread that I started with the same subject. If you go through that thread you'll see some of the responses given by the moderators and other people kind enough to offer advice. Once I had installed the latest version of SAS, the one you're using, it appears from the last advice given that I had a rootkit. Never got a response to my last query but from what I was able to research on the web a lot of advice said the only way to ensure that you removed this from your system was to wipe it clean and reinstall windows. People a lot more technically proficient than me could probably accomplish the same effect with the antirootkit tools out there, but from what I saw in various forums a lot of experts said even those tactics couldn't give you complete assurance. All that being said I would certainly wait until one of the moderators or more knowledgeable people on these boards weighed in before you took any steps. I just wanted to make sure you had seen my thread since no one had responded to your's. Good luck.
  2. bhs3064

    Adware Vundo Variant

    I think I'd be getting over my head technically speaking. If I just had someone wipe the drive and reinstall the system, would that be the best guarantee of no longer having to worry about this problem? Also, if I copy my pictures, iTune songs, and basic word, excel docs, is there any way that the virus could be attached to any of them? I want to make sure that I don't just end up copying the problem back onto the clean system. Thanks again for all the advice.
  3. bhs3064

    Adware Vundo Variant

    Apparently I wasn't in admin and it only downloaded the new definitions. I downloaded the new version and it found the same file and an additional vundo file. The scan log is below and I'm going to run another one to see if it's gone now. Thanks for your help and patience. Is this adware vundo as bad as the trojan? SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/13/2008 at 01:14 PM Application Version : 4.23.1006 Core Rules Database Version : 3674 Trace Rules Database Version: 1653 Scan type : Quick Scan Total Scan Time : 00:11:09 Memory items scanned : 529 Memory threats detected : 0 Registry items scanned : 461 Registry threats detected : 1 File items scanned : 5993 File threats detected : 4 Adware.Vundo Variant HKU\S-1-5-21-1013300348-779916470-1403716777-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A63E645F-13BD-45ED-B15F-6E8C1BD57279} Adware.Tracking Cookie C:\Documents and Settings\od\Cookies\od@atdmt[2].txt C:\Documents and Settings\od\Cookies\od@msnportal.112.2o7[1].txt C:\Documents and Settings\od\Cookies\od@doubleclick[1].txt Adware.Vundo/Variant-Trace C:\WINDOWS\SYSTEM32\UQABYWIU.INI
  4. bhs3064

    Adware Vundo Variant

    Thanks. Not sure what I missed as I clicked the update link and it downloaded today but I will try it again.
  5. bhs3064

    Adware Vundo Variant

    It apparently didn't. I downloaded Bootsafe per your instructions and ran SAS again in safe mode and the same file was in the list of detected items. Here is the log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/13/2008 at 11:53 AM Application Version : 4.21.1004 Core Rules Database Version : 3674 Trace Rules Database Version: 1653 Scan type : Complete Scan Total Scan Time : 01:06:17 Memory items scanned : 336 Memory threats detected : 0 Registry items scanned : 5720 Registry threats detected : 0 File items scanned : 27497 File threats detected : 17 Adware.Tracking Cookie C:\Documents and Settings\Perri-User\Cookies\perri-user@tacoda[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@doubleclick[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@questionmarket[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@at.atwola[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@msnportal.112.2o7[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@revsci[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@apmebf[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ads.pointroll[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@atdmt[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@mediaplex[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@advertising[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@casalemedia[1].txt C:\Documents and Settings\od\Cookies\od@atdmt[2].txt C:\Documents and Settings\od\Cookies\od@doubleclick[1].txt C:\Documents and Settings\od\Cookies\od@msnportal.112.2o7[1].txt C:\Documents and Settings\od\Cookies\od@msnportal.112.2o7[2].txt Adware.Vundo/Variant-Trace C:\WINDOWS\SYSTEM32\UQABYWIU.INI
  6. bhs3064

    Adware Vundo Variant

    I updated and scanned today. The vundo file showed up in the same place.
  7. bhs3064

    Adware Vundo Variant

    I did another scan tonight and it popped up again towards the end of the scan. It seems to be showing up in the same location. Here's the log from tonight. I don't know if this information helps but the "od" references are the admin user account (which we don't use now when on the web) and the "perri-user" is our restricted user account. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/12/2008 at 10:14 PM Application Version : 4.21.1004 Core Rules Database Version : 3671 Trace Rules Database Version: 1650 Scan type : Quick Scan Total Scan Time : 00:15:44 Memory items scanned : 338 Memory threats detected : 0 Registry items scanned : 416 Registry threats detected : 0 File items scanned : 6546 File threats detected : 36 Adware.Tracking Cookie C:\Documents and Settings\Perri-User\Cookies\perri-user@tacoda[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@msnbc.112.2o7[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@dynamic.media.adrevolver[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@doubleclick[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@questionmarket[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@specificmedia[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@msnportal.112.2o7[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ad.yieldmanager[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ads.techguy[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@revsci[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@bs.serving-sys[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@specificclick[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@zedo[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adopt.specificclick[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@protected-clicks-system[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adrevolver[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@tracking.foxnews[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@apmebf[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ads.pointroll[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@atdmt[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@tribalfusion[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@mediaplex[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@advertising[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@trafficmp[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@casalemedia[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adopt.euroclick[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@serving-sys[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@media.adrevolver[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@fastclick[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@chitika[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@2o7[1].txt C:\Documents and Settings\od\Cookies\od@atdmt[2].txt C:\Documents and Settings\od\Cookies\od@doubleclick[1].txt C:\Documents and Settings\od\Cookies\od@msnportal.112.2o7[1].txt C:\Documents and Settings\od\Cookies\od@msnportal.112.2o7[2].txt Adware.Vundo/Variant-Trace C:\WINDOWS\SYSTEM32\UQABYWIU.INI
  8. bhs3064

    Adware Vundo Variant

    Thanks for your help. Here's the most recent log. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/11/2008 at 07:41 PM Application Version : 4.21.1004 Core Rules Database Version : 3671 Trace Rules Database Version: 1650 Scan type : Quick Scan Total Scan Time : 00:19:31 Memory items scanned : 323 Memory threats detected : 0 Registry items scanned : 442 Registry threats detected : 0 File items scanned : 6518 File threats detected : 76 Adware.Tracking Cookie C:\Documents and Settings\Perri-User\Cookies\perri-user@tacoda[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@insightexpressai[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@statcounter[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@advancedscanner[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@dynamic.media.adrevolver[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@doubleclick[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@questionmarket[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@www.burstbeacon[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@burstnet[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ads.digitalmedianet[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@at.atwola[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@specificmedia[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@msnportal.112.2o7[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ad.yieldmanager[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@interclick[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@revsci[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@bluestreak[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@bs.serving-sys[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@www.googleadservices[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adbrite[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@kontera[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@specificclick[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ehg-wyndhamvacationownership.hitbox[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@zedo[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adopt.specificclick[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@overture[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@www.socialtrack[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@cgm.adbureau[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@tracking.foxnews[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adrevolver[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@apmebf[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ads.pointroll[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@atdmt[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@tribalfusion[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@dmtracker[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adserve.gossipgirls[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@mediaplex[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@advertising[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@www.ecoretrack[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@imrworldwide[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ads.cnn[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@myaccount.bellsouth[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@trafficmp[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@hitbox[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@statse.webtrendslive[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ads.bridgetrack[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@casalemedia[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@www.burstnet[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adopt.euroclick[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@media.adrevolver[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@fastclick[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@adinterax[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@ascendmedia.112.2o7[1].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@collective-media[2].txt C:\Documents and Settings\Perri-User\Cookies\perri-user@2o7[1].txt C:\Documents and Settings\od\Cookies\od@2o7[2].txt C:\Documents and Settings\od\Cookies\od@ad.yieldmanager[1].txt C:\Documents and Settings\od\Cookies\od@adopt.euroclick[1].txt C:\Documents and Settings\od\Cookies\od@adopt.specificclick[2].txt C:\Documents and Settings\od\Cookies\od@ads.pointroll[1].txt C:\Documents and Settings\od\Cookies\od@advertising[2].txt C:\Documents and Settings\od\Cookies\od@apmebf[1].txt C:\Documents and Settings\od\Cookies\od@atdmt[1].txt C:\Documents and Settings\od\Cookies\od@bluestreak[1].txt C:\Documents and Settings\od\Cookies\od@doubleclick[1].txt C:\Documents and Settings\od\Cookies\od@insightexpressai[2].txt C:\Documents and Settings\od\Cookies\od@interclick[2].txt C:\Documents and Settings\od\Cookies\od@media.adrevolver[1].txt C:\Documents and Settings\od\Cookies\od@mediaplex[2].txt C:\Documents and Settings\od\Cookies\od@msnbc.112.2o7[1].txt C:\Documents and Settings\od\Cookies\od@msnportal.112.2o7[1].txt C:\Documents and Settings\od\Cookies\od@specificclick[2].txt C:\Documents and Settings\od\Cookies\od@specificmedia[1].txt C:\Documents and Settings\od\Cookies\od@tacoda[2].txt C:\Documents and Settings\od\Cookies\od@tradedoubler[1].txt Adware.Vundo/Variant-Trace C:\WINDOWS\SYSTEM32\UQABYWIU.INI
  9. Is an adware vundo variant as dangerous as the trojan vundo variant. Does it also try and steal information? I used SAS to ID and remove a couple of trojan downloads a week or so ago and now have real-time protection with AVG. I continue to use SAS for scans, have a router, and also set up a restricted user account under the assumption that would help to prevent unauthorized downloads when in that login. During nightly SAS scans or ad hoc scans I sometimes still see the adware vundo on the lists of detected threats. Thanks in advance.
  10. bhs3064

    Adware Vundo Variant

    A week or so ago I closed an ad that ended up downloading a couple of vundo trojans. I knew it was a false ad but without thinking clicked on the "x" box that ended up downloading the virus. The regular spyware programs couldn't ID or remove it so after working with MS support I downloaded superantispyware. It removed the viruses and related adware. I have a router and firewall (which may have been down) but it turns out I was operating my computer in the default admin mode which as I understand basically gave the file permission to download when I clicked on the ad. A friend helped me set up a restricted user account which supposedly helps prevent this from happening. He recommended AVG for realtime protection and I installed that though I still use superantispyware for scans. Sorry for the preamble but here's my question/problems: While these scans no longer are finding vundo trojans they do occasionally detect adware.vundo-variant. The recent one had "trace" at the end of the file name. Is the adware vundo variant as malicious as the trojan and can it steal credit card info, etc..I guess I don't understand how it keeps cropping up every few days if I removed everything and have real time protection. Last bit of the puzzle. After my initial SAS scan that removed the trojan I purchased a ticket online. Two days later someone used my card number in Las Vegas. And it was an actual card swipe versus an online order so they apparently created a fake card with the number. Fortunately the card company alerted us and credited the amount back and we cancelled the card. Obviously the number could have been lifted from previous usage but the timing is certainly concerning. Is this virus finding a way to replicate or get through my current protections levels? And should I continue to avoid any online purchases or accessing any bank accounts on the chance something still might be lurking in the background. Thanks in advance for any information and sorry for the wordy entry! I've never had this problem before and the stress and time spent on it is making me consider getting a Mac.
×