* Save it to your Desktop * Close all running programs (including your Internet Browser) * Double-click VirtumundoBeGone.exe on the desktop * Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"
*********************
it's now time to report back to us: VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here.
The
VirtumundoBeGone worked excellent, after trying Symantec and various other remedies, this was simple, just ran and removed it after a reboot. Thanks for this reply !!
Glad to hear that VBG worked for you. If you're no longer getting warning messages about trojan vundo, nor experiencing WinFixer popups, you would seem to be okay.
HOWEVER:
the file you originally complained about was unnut.dll ; but the file that was deactivated by VBG was vtstt.dll
so the question is, what happened to the unnut.dll file and any warning messages you were getting about it?? if there are no more warnings, apparently it's been "fixed" --- somehow --- but not by VBG.
I tried to use the directions to remove the virus, but could not download one of the files.
I started playing around with it, downloaded the Symantec Tool (FixVundo) and process explorer
I booted up in safe mode, opened the FixVundo, but did not start it, i then started up process explorer and suspended the following programs:
explorer.exe
winlogin.exe
i then went back to the fixvundo tool, and started it, took about an hour, but when the tool was finished it said the virus was removed (i didnt trust it because i had run the tool many times before and it had said it worked when it hadnt) so i started up my computer again not in safe mode, and ran a full system scan with Norton Anti-Virus and said my comp was clean
thanks for the help anyways
Message Edited by Spikey1080 on 01-06-2006 09:35 PM
Hello, I have also been hit with the Trojan Vundo virus. I have symantec 8.1 ( corp edition ) that detected it. I went to their site and downloaded and ran the fixvundo executable but it could not find it. Next I tried to follow their intructions to bring PC to safe mode and run it again but I'm not able to get desk top for safe mode so I downloaded the virtumundoBgone executable. The file that was infected was \Windows\System32\
gebax.dll. I backed up all my info and ran the executable. It blue screened which was expected and renamed the file. I rebooted, ran a scan on the file and Symantec Anti Virus placed it quarantine( could not previously ). I then removed it. Here is the VBG log file. Thanks it was a no brainer.
[01/08/2006, 17:31:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dad\Desktop\VirtumundoBeGone.exe" )
[01/08/2006, 17:31:45] - Detected System Information:
[01/08/2006, 17:31:45] - Windows Version: 5.1.2600, Service Pack 2
[01/08/2006, 17:31:45] - Current Username: Dad (Admin)
[01/08/2006, 17:31:45] - Windows is in NORMAL mode.
[01/08/2006, 17:31:45] - Searching for Browser Helper Objects:
[01/08/2006, 17:31:45] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/08/2006, 17:31:45] - BHO 2: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[01/08/2006, 17:31:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2006, 17:31:45] - Checking for HKLM\...\Winlogon\Notify\deSrcAs
[01/08/2006, 17:31:45] - Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[01/08/2006, 17:31:45] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2006, 17:31:45] - BHO 4: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[01/08/2006, 17:31:45] - BHO 5: {B313D637-F405-4052-AC37-E2119AB3C8F8} (MSEvents Object)
[01/08/2006, 17:31:45] - ALERT: Found MSEvents Object!
[01/08/2006, 17:31:45] - Finished Searching Browser Helper Objects
[01/08/2006, 17:31:45] - *** Detected MSEvents Object
[01/08/2006, 17:31:45] - Trying to remove MSEvents Object...
[01/08/2006, 17:31:46] - Terminating Process: IEXPLORE.EXE
[01/08/2006, 17:31:47] - Terminating Process: RUNDLL32.EXE
[01/08/2006, 17:31:47] - Disabling Automatic Shell Restart
[01/08/2006, 17:31:47] - Terminating Process: EXPLORER.EXE
[01/08/2006, 17:31:47] - Suspending the NT Session Manager System Service
[01/08/2006, 17:31:47] - Terminating Windows NT Logon/Logoff Manager
[01/08/2006, 17:31:48] - Re-enabling Automatic Shell Restart
[01/08/2006, 17:31:48] - File to disable: C:\WINDOWS\system32\gebax.dll
[01/08/2006, 17:31:48] - Renaming C:\WINDOWS\system32\gebax.dll -> C:\WINDOWS\system32\gebax.dll.vir
[01/08/2006, 17:31:48] - File successfully renamed!
[01/08/2006, 17:31:48] - Removing HKLM\...\Browser Helper Objects\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[01/08/2006, 17:31:48] - Removing HKCR\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[01/08/2006, 17:31:48] - Adding Kill Bit for ActiveX for GUID: {B313D637-F405-4052-AC37-E2119AB3C8F8}
[01/08/2006, 17:31:48] - Deleting ATLEvents/MSEvents Registry entries
[01/08/2006, 17:31:48] - Removing HKLM\...\Winlogon\Notify\gebax
[01/08/2006, 17:31:48] - Searching for Browser Helper Objects:
[01/08/2006, 17:31:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/08/2006, 17:31:48] - BHO 2: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[01/08/2006, 17:31:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2006, 17:31:48] - Checking for HKLM\...\Winlogon\Notify\deSrcAs
[01/08/2006, 17:31:48] - Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[01/08/2006, 17:31:48] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2006, 17:31:48] - BHO 4: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[01/08/2006, 17:31:48] - Finished Searching Browser Helper Objects
[01/08/2006, 17:31:48] - Finishing up...
[01/08/2006, 17:31:48] - A restart is needed.
[01/08/2006, 17:31:48] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/08/2006, 17:32:00] - Attempting to Restart via STOP error (Blue Screen!)
I recently acquired Vundo, and I found VBG quite helpful. I'll post my scan log here. Just a question, why is it that it is important to post the scan log?
[01/13/2006, 23:27:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bobby\Desktop\VirtumundoBeGone.exe" )
[01/13/2006, 23:27:07] - Detected System Information:
[01/13/2006, 23:27:07] - Windows Version: 5.1.2600, Service Pack 2
[01/13/2006, 23:27:07] - Current Username: Bobby (Admin)
[01/13/2006, 23:27:07] - Windows is in NORMAL mode.
[01/13/2006, 23:27:07] - Searching for Browser Helper Objects:
[01/13/2006, 23:27:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/13/2006, 23:27:07] - BHO 2: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object)
[01/13/2006, 23:27:07] - ALERT: Found ATLDistrib Object!
[01/13/2006, 23:27:07] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2006, 23:27:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2006, 23:27:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2006, 23:27:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2006, 23:27:07] - Finished Searching Browser Helper Objects
[01/13/2006, 23:27:07] - *** Detected ATLDistrib Object
[01/13/2006, 23:27:07] - Trying to remove ATLDistrib Object...
[01/13/2006, 23:27:08] - Terminating Process: IEXPLORE.EXE
[01/13/2006, 23:27:09] - Terminating Process: RUNDLL32.EXE
[01/13/2006, 23:27:09] - Disabling Automatic Shell Restart
[01/13/2006, 23:27:09] - Terminating Process: EXPLORER.EXE
[01/13/2006, 23:27:09] - Suspending the NT Session Manager System Service
[01/13/2006, 23:27:09] - Terminating Windows NT Logon/Logoff Manager
[01/13/2006, 23:27:09] - Re-enabling Automatic Shell Restart
[01/13/2006, 23:27:09] - File to disable: C:\WINDOWS\system32\gebcc.dll
[01/13/2006, 23:27:09] - Renaming C:\WINDOWS\system32\gebcc.dll -> C:\WINDOWS\system32\gebcc.dll.vir
[01/13/2006, 23:27:16] - File successfully renamed!
[01/13/2006, 23:27:16] - Removing HKLM\...\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/13/2006, 23:27:16] - Removing HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/13/2006, 23:27:16] - Adding Kill Bit for ActiveX for GUID: {2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/13/2006, 23:27:16] - Deleting ATLEvents/MSEvents Registry entries
[01/13/2006, 23:27:16] - Removing HKLM\...\Winlogon\Notify\gebcc
[01/13/2006, 23:27:16] - Searching for Browser Helper Objects:
[01/13/2006, 23:27:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/13/2006, 23:27:16] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2006, 23:27:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2006, 23:27:16] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2006, 23:27:16] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2006, 23:27:16] - Finished Searching Browser Helper Objects
[01/13/2006, 23:27:16] - Finishing up...
[01/13/2006, 23:27:16] - A restart is needed.
[01/13/2006, 23:27:28] - Attempting to Restart via STOP error (Blue Screen!)
bottom line is,
ifvbg successfully deactivates the vundo trojan --- which should be obvious to the user, if there are no more
WinFixer popups, nor anti-virus warnings about trojan vundo ---- there's really little point to post the log.
from a purely technical perspective, the log allows someone (who knows how to interpret it) to see how many vundo trojans were located, and how "easily" they were "fixed"....
in your case:
it found one vundo trojan:
C:\WINDOWS\system32\gebcc.dll
which [using the "easy" approach] it "successfully renamed!" --- and in so doing,
deactivated it.
in an older version, 1.2 , of VBG, it sometimes couldn't get the job done, and we could determine this from the log as well. the current version, 1.5 , takes a much more "forceful" approach to tackling vundo... meaning that, even when it "struggles", and can't simply re-name the file, it still generally manages to "sufficiently isolate and successfully deactivate" the bad file.
if VBG ever completely "fails", we can then suggest a person run HiJackThis, which can give us even more detailed information.
ky331
3 Apprentice
•
15.6K Posts
0
December 24th, 2005 22:00
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"*********************
it's now time to report back to us: VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here.
Sparky9428
3 Posts
0
December 29th, 2005 01:00
Sparky9428
3 Posts
0
December 29th, 2005 02:00
[12/28/2005, 21:14:08] - VirtumundoBeGone v1.5 ( "C:\Temp\VirtumundoBeGone.exe" )
[12/28/2005, 21:17:18] - Detected System Information:
[12/28/2005, 21:17:18] - Windows Version: 5.1.2600, Service Pack 2
[12/28/2005, 21:17:18] - Current Username: HP_Owner (Admin)
[12/28/2005, 21:17:18] - Windows is in NORMAL mode.
[12/28/2005, 21:17:18] - Searching for Browser Helper Objects:
[12/28/2005, 21:17:18] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/28/2005, 21:17:18] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/28/2005, 21:17:18] - BHO 3: {A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
[12/28/2005, 21:17:18] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/28/2005, 21:17:18] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/28/2005, 21:17:18] - BHO 6: {D80C4E21-C346-4E21-8E64-20746AA20AEB} (Helper Class)
[12/28/2005, 21:17:18] - BHO 7: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} (MSEvents Object)
[12/28/2005, 21:17:18] - ALERT: Found MSEvents Object!
[12/28/2005, 21:17:18] - Finished Searching Browser Helper Objects
[12/28/2005, 21:17:19] - *** Detected MSEvents Object
[12/28/2005, 21:17:19] - Trying to remove MSEvents Object...
[12/28/2005, 21:17:20] - Terminating Process: IEXPLORE.EXE
[12/28/2005, 21:17:20] - Terminating Process: RUNDLL32.EXE
[12/28/2005, 21:17:20] - Disabling Automatic Shell Restart
[12/28/2005, 21:17:20] - Terminating Process: EXPLORER.EXE
[12/28/2005, 21:17:20] - Suspending the NT Session Manager System Service
[12/28/2005, 21:17:21] - Terminating Windows NT Logon/Logoff Manager
[12/28/2005, 21:17:21] - Re-enabling Automatic Shell Restart
[12/28/2005, 21:17:21] - File to disable: C:\WINDOWS\system32\vtstt.dll
[12/28/2005, 21:17:21] - Renaming C:\WINDOWS\system32\vtstt.dll -> C:\WINDOWS\system32\vtstt.dll.vir
[12/28/2005, 21:17:21] - File successfully renamed!
[12/28/2005, 21:17:21] - Removing HKLM\...\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[12/28/2005, 21:17:21] - Removing HKCR\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[12/28/2005, 21:17:21] - Adding Kill Bit for ActiveX for GUID: {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[12/28/2005, 21:17:21] - Deleting ATLEvents/MSEvents Registry entries
[12/28/2005, 21:17:21] - Removing HKLM\...\Winlogon\Notify\vtstt
[12/28/2005, 21:17:21] - Searching for Browser Helper Objects:
[12/28/2005, 21:17:21] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/28/2005, 21:17:21] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/28/2005, 21:17:21] - BHO 3: {A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
[12/28/2005, 21:17:21] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/28/2005, 21:17:21] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/28/2005, 21:17:21] - BHO 6: {D80C4E21-C346-4E21-8E64-20746AA20AEB} (Helper Class)
[12/28/2005, 21:17:21] - Finished Searching Browser Helper Objects
[12/28/2005, 21:17:21] - Finishing up...
[12/28/2005, 21:17:21] - A restart is needed.
[12/28/2005, 21:17:34] - Attempting to Restart via STOP error (Blue Screen!)
[12/28/2005, 21:21:40] - Detected System Information:
[12/28/2005, 21:21:40] - Windows Version: 5.1.2600, Service Pack 2
[12/28/2005, 21:21:40] - Current Username: HP_Owner (Admin)
[12/28/2005, 21:21:40] - Windows is in NORMAL mode.
[12/28/2005, 21:21:40] - Searching for Browser Helper Objects:
[12/28/2005, 21:21:40] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/28/2005, 21:21:40] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/28/2005, 21:21:40] - BHO 3: {A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
[12/28/2005, 21:21:40] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/28/2005, 21:21:40] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/28/2005, 21:21:40] - BHO 6: {D80C4E21-C346-4E21-8E64-20746AA20AEB} (Helper Class)
[12/28/2005, 21:21:40] - Finished Searching Browser Helper Objects
[12/28/2005, 21:21:40] - Finishing up...
[12/28/2005, 21:21:40] - Nothing found! Exiting...
ky331
3 Apprentice
•
15.6K Posts
0
December 29th, 2005 11:00
Glad to hear that VBG worked for you. If you're no longer getting warning messages about trojan vundo, nor experiencing WinFixer popups, you would seem to be okay.
HOWEVER:
the file you originally complained about was unnut.dll ; but the file that was deactivated by VBG was vtstt.dll
so the question is, what happened to the unnut.dll file and any warning messages you were getting about it?? if there are no more warnings, apparently it's been "fixed" --- somehow --- but not by VBG.
Sparky9428
3 Posts
0
December 29th, 2005 12:00
blazer the 2nd
10 Posts
0
January 5th, 2006 21:00
Spikey1080
5 Posts
0
January 7th, 2006 01:00
Message Edited by Spikey1080 on 01-06-2006 09:35 PM
saul224
1 Message
0
January 8th, 2006 21:00
[01/08/2006, 17:31:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dad\Desktop\VirtumundoBeGone.exe" )
[01/08/2006, 17:31:45] - Detected System Information:
[01/08/2006, 17:31:45] - Windows Version: 5.1.2600, Service Pack 2
[01/08/2006, 17:31:45] - Current Username: Dad (Admin)
[01/08/2006, 17:31:45] - Windows is in NORMAL mode.
[01/08/2006, 17:31:45] - Searching for Browser Helper Objects:
[01/08/2006, 17:31:45] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/08/2006, 17:31:45] - BHO 2: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[01/08/2006, 17:31:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2006, 17:31:45] - Checking for HKLM\...\Winlogon\Notify\deSrcAs
[01/08/2006, 17:31:45] - Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[01/08/2006, 17:31:45] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2006, 17:31:45] - BHO 4: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[01/08/2006, 17:31:45] - BHO 5: {B313D637-F405-4052-AC37-E2119AB3C8F8} (MSEvents Object)
[01/08/2006, 17:31:45] - ALERT: Found MSEvents Object!
[01/08/2006, 17:31:45] - Finished Searching Browser Helper Objects
[01/08/2006, 17:31:45] - *** Detected MSEvents Object
[01/08/2006, 17:31:45] - Trying to remove MSEvents Object...
[01/08/2006, 17:31:46] - Terminating Process: IEXPLORE.EXE
[01/08/2006, 17:31:47] - Terminating Process: RUNDLL32.EXE
[01/08/2006, 17:31:47] - Disabling Automatic Shell Restart
[01/08/2006, 17:31:47] - Terminating Process: EXPLORER.EXE
[01/08/2006, 17:31:47] - Suspending the NT Session Manager System Service
[01/08/2006, 17:31:47] - Terminating Windows NT Logon/Logoff Manager
[01/08/2006, 17:31:48] - Re-enabling Automatic Shell Restart
[01/08/2006, 17:31:48] - File to disable: C:\WINDOWS\system32\gebax.dll
[01/08/2006, 17:31:48] - Renaming C:\WINDOWS\system32\gebax.dll -> C:\WINDOWS\system32\gebax.dll.vir
[01/08/2006, 17:31:48] - File successfully renamed!
[01/08/2006, 17:31:48] - Removing HKLM\...\Browser Helper Objects\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[01/08/2006, 17:31:48] - Removing HKCR\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[01/08/2006, 17:31:48] - Adding Kill Bit for ActiveX for GUID: {B313D637-F405-4052-AC37-E2119AB3C8F8}
[01/08/2006, 17:31:48] - Deleting ATLEvents/MSEvents Registry entries
[01/08/2006, 17:31:48] - Removing HKLM\...\Winlogon\Notify\gebax
[01/08/2006, 17:31:48] - Searching for Browser Helper Objects:
[01/08/2006, 17:31:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/08/2006, 17:31:48] - BHO 2: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[01/08/2006, 17:31:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2006, 17:31:48] - Checking for HKLM\...\Winlogon\Notify\deSrcAs
[01/08/2006, 17:31:48] - Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[01/08/2006, 17:31:48] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2006, 17:31:48] - BHO 4: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[01/08/2006, 17:31:48] - Finished Searching Browser Helper Objects
[01/08/2006, 17:31:48] - Finishing up...
[01/08/2006, 17:31:48] - A restart is needed.
[01/08/2006, 17:31:48] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/08/2006, 17:32:00] - Attempting to Restart via STOP error (Blue Screen!)
ky331
3 Apprentice
•
15.6K Posts
0
January 8th, 2006 21:00
RobNY
1 Message
0
January 14th, 2006 02:00
[01/13/2006, 23:27:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bobby\Desktop\VirtumundoBeGone.exe" )
[01/13/2006, 23:27:07] - Detected System Information:
[01/13/2006, 23:27:07] - Windows Version: 5.1.2600, Service Pack 2
[01/13/2006, 23:27:07] - Current Username: Bobby (Admin)
[01/13/2006, 23:27:07] - Windows is in NORMAL mode.
[01/13/2006, 23:27:07] - Searching for Browser Helper Objects:
[01/13/2006, 23:27:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/13/2006, 23:27:07] - BHO 2: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object)
[01/13/2006, 23:27:07] - ALERT: Found ATLDistrib Object!
[01/13/2006, 23:27:07] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2006, 23:27:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2006, 23:27:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2006, 23:27:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2006, 23:27:07] - Finished Searching Browser Helper Objects
[01/13/2006, 23:27:07] - *** Detected ATLDistrib Object
[01/13/2006, 23:27:07] - Trying to remove ATLDistrib Object...
[01/13/2006, 23:27:08] - Terminating Process: IEXPLORE.EXE
[01/13/2006, 23:27:09] - Terminating Process: RUNDLL32.EXE
[01/13/2006, 23:27:09] - Disabling Automatic Shell Restart
[01/13/2006, 23:27:09] - Terminating Process: EXPLORER.EXE
[01/13/2006, 23:27:09] - Suspending the NT Session Manager System Service
[01/13/2006, 23:27:09] - Terminating Windows NT Logon/Logoff Manager
[01/13/2006, 23:27:09] - Re-enabling Automatic Shell Restart
[01/13/2006, 23:27:09] - File to disable: C:\WINDOWS\system32\gebcc.dll
[01/13/2006, 23:27:09] - Renaming C:\WINDOWS\system32\gebcc.dll -> C:\WINDOWS\system32\gebcc.dll.vir
[01/13/2006, 23:27:16] - File successfully renamed!
[01/13/2006, 23:27:16] - Removing HKLM\...\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/13/2006, 23:27:16] - Removing HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/13/2006, 23:27:16] - Adding Kill Bit for ActiveX for GUID: {2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/13/2006, 23:27:16] - Deleting ATLEvents/MSEvents Registry entries
[01/13/2006, 23:27:16] - Removing HKLM\...\Winlogon\Notify\gebcc
[01/13/2006, 23:27:16] - Searching for Browser Helper Objects:
[01/13/2006, 23:27:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/13/2006, 23:27:16] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2006, 23:27:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2006, 23:27:16] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2006, 23:27:16] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2006, 23:27:16] - Finished Searching Browser Helper Objects
[01/13/2006, 23:27:16] - Finishing up...
[01/13/2006, 23:27:16] - A restart is needed.
[01/13/2006, 23:27:28] - Attempting to Restart via STOP error (Blue Screen!)
ky331
3 Apprentice
•
15.6K Posts
0
January 14th, 2006 12:00