Reply to Message

Reply to Message

View discussion in a popup

Replying to:
Sheara
1 Copper

Vundo (MS JUAN and MS TRACK SYSTEM) Regenerating at Reboot – Help please!

Normal 0 <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} -->

Hi. I was alerted to a malware infection the other night by AVG and Zone Alarm as well as by the fraudulent “scan your computer” pop ups and other IE pop ups (even though I use Firefox) and the fact that I couldn’t run Windows automatic updates.

 

Using Spybot and Malwarebytes Anit-malware (MBAM), I was able to reduce a big infection (including lots of Virtumonde/Vundo bugs and a few Smitfraud-C and MyWay.MyWebSearch bugs) and recover my access to Windows Updates. But two bugs remain, regenerating every time I reboot. They are:

 

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MS JUAN (Malware.Trace)

and

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MS TRACK SYSTEM (Trojan.Vundo)

 

When I quarantine/remove these with MBAM, the next scan shows zero infections until I reboot. Then the same two registry key infections show up, just to disappear again until reboot… I’m doing this all in safe mode, and my wireless internet radio is disabled. Also, I’ve tried scanning with Trojan Remove, AVG, VundoFix, and Spybot again and they all reveal nothing. I also uninstalled Java and manually removed remaining files (though I can see there are still files remaining in regedit that I’m afraid to mess with). And I’ve been repeatedly running RegSeeker and cleaning stuff out of some temp folders (though I’m not sure which ones matter and whether I should delete all files including desktop.ini files, etc.).

 

I keep reading about HijackThis, Super Antispyware, and ComboFix, and haven’t tried these yet. I’ve also read about using Avenger to remove certain targeted files. I don’t really understand which to choose and in what sequence or how to use them. I was hoping some kind soul with experience with this particular pattern (I’m seeing that it’s ubiquitous for folks right now) would walk me through what to do at this stage. Thanks in advance.

 

0 Kudos