Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Chris Tombari

4 Posts

434

April 3rd, 2006 17:00

VundoFix Log for Analysis

I just ran VundoFix V4.2.45.

Here is the text from the generated log:

Checking Java version...

Scan started at 11:28:03 AM 4/3/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak2

C:\WINDOWS\SYSTEM32\klkkj.bak1
C:\WINDOWS\SYSTEM32\klkkj.bak2
C:\WINDOWS\SYSTEM32\klkkj.ini
C:\WINDOWS\SYSTEM32\jkklk.dll
Attempting to delete C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkklk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

April 3rd, 2006 17:00

the vundofix log looks good... it found and deleleted a vundo trojan, which could cause WinFixer (Blackworm, Amaena, WinAntiVirus, WinAntiSpyware) popups.

were you getting these?  and if so, did they stop after you ran vundofix and rebooted?

if you want further confirmation, and/or additional help, you'll need to post a HiJackThis log here.

Chris Tombari

4 Posts

April 3rd, 2006 18:00

By the way - how did this get on my computer? I don't download random things. I don't open email attachments I haven't confirmed. My NAV is always up to date (NAV did not catch this, by the way!). My WinXP updates are done on time. My MS Outlook Spam Filter is updated. Could this have jumped off a website onto my computer?

Chris Tombari

4 Posts

April 3rd, 2006 18:00

I should have included more detail in my prior posting. I have been receiving notices of all the aforementioned viruses through that annoying dialog box - the one that no matter what you click on (cancel, close) you still get referred to the winfixer 2006 website. So far nothing has popped up since this morning. It seemed to activate when I used Microsoft Windows Explorer. I'll definitely check in with the Community Forum more often - I should've used this site FIRST!

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

April 3rd, 2006 19:00

we don't know the precise details of how this is transmitted.   the only speculation is that it's been "slipping" through a "hole" in Sun's Java, version 1.4.2, build 3 --- but from your vundofix log, it would appear you don't have ANY java at all.

WinFixer (in some forms.... there are several different varieties) can indeed be obtained just by "visiting" certain web pages.   and the creators can be very tricky, for example, by taking advantage of common mis-spellings:  case in point, if someone wants to get antivirus help from the symantec (norton) website, but accidentally mispells it, as symantic [with an i instead of the e], you'll get winfixer.   please do *NOT* try this!!

Chris Tombari

4 Posts

April 3rd, 2006 19:00

Fascinating. Would you suggest installing the new Java from the website? (I saw the link in that other thread.)

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

April 3rd, 2006 19:00

this discussion raises an interesting point... it's one thing to say that vundo "sneaks" through an existing/known hole in java.   it's a separate point (at least, in my mind) to question whether it can "exploit" something that's not there in the first place!
 
we've generally been recommending updating/installing java.  i would do it.
 
 
 

Was this post helpful?

View All

No Events found!

Top