Fucken spyware installed on my computer from a download link posted here

I have always run McAfee, Adaware and Spybot and never had any probs. Best advice I have is use a cheap sh1tty dell for general surfing installing dodgy stuff etc.

Any PC you hook up online will eventually have probs I run a Mac. Running a Mac removes many risks. Apparently there are some tricks (complex and poss not recommended) to rename your C drive which apparently renders 99% threats useless, the Mac not having a C drive is apparently the main benefit. I think you can do this with things like Partition Magic. Difficulty is XP is entirely based on the C drive

Someone was posting about virtual box which apparently is good for containing potentially dodgy software without infecting the rest of the cpu.

Hope this is of some use.

Those who have been infected, can you try and retrace where this came from. Non of us wants to waste valuable time clearing crap from our systems. The perpetrators of the virus should be booted out:smashfrea

I finally removed this thing using the Malewarebytes program.

Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:WINDOWSsystem32lewoguye.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7bf83437-8216-4bc5-bbb4-b8e9fc1411bb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{7bf83437-8216-4bc5-bbb4-b8e9fc1411bb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREAntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuncpme8b3db33 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuntupoviteke (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32lewoguye.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: system32lewoguye.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:WINDOWSsystem32gadidave.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32evadidag.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:WINDOWSsystem32lewoguye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSnikefidi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSvekareyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSjokovefo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSbiyagaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWShurukase.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSladoyize.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Cocuments and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5RNVIJYZSstyle[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

Thank for the recommendation

Trojan.Vundo is very hard to get rid off according to those infected but Malewarebyes seemed to have completely removed it. If you read the net, you will find every other program is unable to remove this nasty.

I did a quick scan then one using safe mode to be sure. My PC seems clean now.

Thanks guys.

noidea said:

Those who have been infected, can you try and retrace where this came from. Non of us wants to waste valuable time clearing crap from our systems. The perpetrators of the virus should be booted out:smashfrea

Click to expand...

Ill try to find the link. All i know is that the Rapidshare and media links were dead and somebody reposted the link further down in the msgs which i clicked on. Network starts with N something.

Mine is back.. seems like it was hibernating... so much for avg.. running spybot right now... will try Malwarebytes after.. this thing is insane.. seriously.. I have had no issue for over a year.. now its making up for the time it lost
Wish me luck!!
Cheers!!

see the stickied thread about applications that are best for taking care of this stuff, avg and spybot are pretty lame by todays standards, kaspersky and malwarebytes are the best, kaspersky can be bought for 20 fucking dollars so dont complain about its pricetag guys, there is a link in the stickied thread to where to find it cheap

im admin on the ppi forums so listen when i say kasp is the best

Believe it or not, SuperAntiSpyware Free Edition might do the trick.

I caught a bad one this morning from a popup on Mininova.org. Every time I would visit a site, I would get an extra complimentary popup window with an ad for my convenience.

Was really annoying.

Too bad I can't figure out how to duplicate the same technique. It's gotta be a good moneymaker!

^NOTE: SuperAntiSpyware won't likely get rid of viruses that you've INSTALLED on your computer. Only viruses or spyware from visiting a site.

What kind of firewall are you running? You need some sort of software firewall installed, to take control of which programs can or can not access the net. If you aren't sure about the process / program asking for Internet access, simply google it and that should tell you if it's a safe process or not.

With some spyware/malware, you think you may have deleted all traces of it, but in reality you've left behind some small .exe that is going to keep dialing home to re-download the spyware payload, and then reinstall it all over again (see: endless cycle). If you can prevent the exe from doing that, it'll nip it in the bud long enough for you to find the right tools to remove it.

Granted, this isn't fool proof either, but most of these little bugs aren't good enough to bypass a good firewall like Kaspersky Internet Suite or Agnitum Outpost Pro.

Also, if you don't trust your antivirus, run it through jotti.org before you open the file to get the results of 20 top-name antivirus scans.

PS - Please try to find that link, so I can ban the person who uploaded it. If you guys ever find such a thing, please hit the report button.

I think a good sign of getting one of these darn things is that all of sudden you get pop ups telling you need to check for spyware.

The little bar stewards then are in a continual loop. I think I must have got the same virus as It took me 2 days to get rid of and I kept getting a Disk Not Ready 75b6bf7c error. I seem to recall I had downloaded from a site other than Rapidshare or Media Fire but can't recall name.

What happened to me was the PC would boot but then the desk top files kept disappering they were all there but just you couldn't see them.

I used several programs but one called Threatfire seemed to kill it at least temporary.

trophaeum said:

see the stickied thread about applications that are best for taking care of this stuff, avg and spybot are pretty lame by todays standards, kaspersky and malwarebytes are the best, kaspersky can be bought for 20 fucking dollars so dont complain about its pricetag guys, there is a link in the stickied thread to where to find it cheap

im admin on the ppi forums so listen when i say kasp is the best

Click to expand...

Yeah they are an awesome combination. Kaspersky is good at detecting and Malwarebytes is good at removing.

Just one question guys, do you all use facebook ? i also got this virus and the only way is full high level format... i also thought i got it here but im now thinking it was facebook !!

here is some info.

http://www.guardian.co.uk/technology/2008/dec/09/facebook-virus-security-warning-koobface

Essential Clix said:

What kind of firewall are you running? You need some sort of software firewall installed, to take control of which programs can or can not access the net. If you aren't sure about the process / program asking for Internet access, simply google it and that should tell you if it's a safe process or not.

With some spyware/malware, you think you may have deleted all traces of it, but in reality you've left behind some small .exe that is going to keep dialing home to re-download the spyware payload, and then reinstall it all over again (see: endless cycle). If you can prevent the exe from doing that, it'll nip it in the bud long enough for you to find the right tools to remove it.

Granted, this isn't fool proof either, but most of these little bugs aren't good enough to bypass a good firewall like Kaspersky Internet Suite or Agnitum Outpost Pro.

Also, if you don't trust your antivirus, run it through http://www.jotti.org before you open the file to get the results of 20 top-name antivirus scans.

PS - Please try to find that link, so I can ban the person who uploaded it. If you guys ever find such a thing, please hit the report button.

Click to expand...

Im running a FW and that did not stop outbound connections. In fact i was not asked by my FW if i should allow a process. It wouldnt if it communicating outbound on an open port.

I experienced the same thing. These viruses are getting more smart. It disabled system restore, it disabled my account management, it disabled my task manager, etc. I fucking hate Microsoft now, how can they make it so fucking hard to have control over your computer? It only got worse for me, the virus crashed my whole system.

Spybot Search & Destroy isn't so effective as one could wish for. Adaware isn't either so my suggetsion for removing spywares, adwares and other pests is to get a licenced copy of Spyware Doctor (the far best one I have seen so far) and run that. If using their trial ver you can only see what you have but not remove the infections but it might still be useful if wanting to del them manually.

Hijackthis is also a good starting point to see what one have running on the computer that shouldn't be there and one can also turn off a lot of crap through that one.

Here lately I've become a big fan of Malwarebytes. It's easy to use and will catch just about anything.

i've been reading this thread and i'm glad you have finally removed it...for good hopefully? I'm gonna try this Malewarebytes to see if I have anything on me.

watch out for the malware program, "spy sheriff".
it's actually a trojan.

well world best spyware removal tool is spyware doctor try this link to search for one here http://www.google.com/search?source...68GB269&q=spyware+doctor+rapidshare.com/files

what you have there to me sounds like a rootkit, with its piggyback algorythym makes it almost impossible to track, I suggest you get a few rootkit scanners

RootkitRevealer is a great tool (g00gle it)
or you could get Anti-Rootkits 22in1 (AIO) off a torrent site.


good luck with that.