Bullguard updates + virus - Free Antivirus Forum

Bullguard updates + virus

BullGuard Antivirus Forum > Bullguard zone > BullGuard Customers > Bullguard updates + virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

chazz
New Member

Date Joined Dec 2008
Total Posts : 4

Posted 5-1-2009 3:06 (GMT +1)

for some reson when i go to up date bullguard it says that theres been a update and i must restart my pc. this comes on strate away.

second when trying to get rid of the virus on my pc bullgauard frezzes and i have to pull the power to turn of .

also the origenal virus witch i got a fix for buy email wont allow any access to the regestry (or it could of been me a long time a go) . the mesage i get is "registry editing has been disadled by your administrator

here is a copy of the log of a quick scan taken befor i try to disinfect.

BullGuard Scan Report
Scan Profile: "Quick Scan"
___________________________________________________________

----[ System Info ]------------

OS Version: Windows XP Home Edition - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory: 504 MB
System up-time: 0 days, 00 hours, 08 minutes, 56 seconds
BullGuard up-time: 0 days, 00 hours, 07 minutes, 51 seconds
TopLayer Version: 8, 5, 0, 17
FileSpy5 Version: N/A
BdFileSpy Version: 3.14.0.64 built by: WinDDK
BsFileScan Version: 8, 5, 0, 71
Reconn Version: N/A
MailProxy Version: 8, 5, 0, 21
AntiVirus Version: 8, 5, 0, 49

----[ Scan Parameters ]------------

Folders to scan:
C:\
C:\WINDOWS
C:\WINDOWS\system32

Excluded folders:
None

Files to scan:
None

Scan type:
[ ] Scan all files
[o] Scan program files only
[ ] Scan custom extensions:

[ ] Exclude user extensions:

[X] Scan boot sectors
[X] Scan packed files
[ ] Scan archives
[ ] Scan emails
[X] Scan running processes
[X] Scan registry
[X] Scan IE cookies
[ ] Enable heuristic detection

[ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started: Friday, May 01, 2009 11:50:35
Scan duration: 0 days, 00 hours, 05 minutes, 04 seconds
Completion status: Successful

Total files scanned: 3743
Total files skipped: 0
Identified viruses: 6
Scan speed: 12.31 files/sec

___________________________________________________________

Infected Files
___________________________________________________________

----[ Infected Files ]------------

Malware: Trojan.Crypt.IL
C:\WINDOWS\system32\autochk.dll

Malware: Trojan.Vundo.GMM
C:\WINDOWS\system32\bobezevo.dll
C:\WINDOWS\system32\fijogegu.dll
C:\WINDOWS\system32\giwagana.dll
C:\WINDOWS\system32\kimesato.dll
C:\WINDOWS\system32\monuviwi.dll
C:\WINDOWS\system32\ranajero.dll
C:\WINDOWS\system32\vanageke.dll
C:\WINDOWS\system32\walojofe.dll

----[ Infected Registry Entries ]------------

Malware: Generic.Dld.AKI.63BBA105
<System>=>HKEY_USERS\S-1-5-21-1322651816-1455410660-3806797016-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Diagnostic Manager=>C:\DOCUME~1\CHAZZTER\LOCALS~1\TEMP\1969194196.EXE

Malware: Trojan.Vundo.GMM
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F438CBE6-5835-4467-8900-E52EE2B1ED56}=>C:\WINDOWS\SYSTEM32\RANAJERO.DLL
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\3055fcbc=>C:\WINDOWS\SYSTEM32\KIMESATO.DLL
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CPM3366cf20=>C:\WINDOWS\SYSTEM32\VANAGEKE.DLL
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\bodifomede=>C:\WINDOWS\SYSTEM32\GIWAGANA.DLL

----[ Infected Processes ]------------

Malware: BehavesLike:Trojan.RegistryDisabler
<Process ID:2820>=>C:\DOCUME~1\chazzter\LOCALS~1\Temp\1969194196.exe (memory dump)
<Process ID:2820>=>C:\DOCUME~1\chazzter\LOCALS~1\Temp\1969194196.exe (full dump)

Malware: Generic.Dld.AKI.63BBA105
<Process ID:2820>=>C:\DOCUME~1\chazzter\LOCALS~1\Temp\1969194196.exe (disk)

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started: Friday, May 01, 2009 11:45:31
Scan duration: 0 days, 00 hours, 05 minutes, 04 seconds
Infections solved: 0
Infections left: 17
Viruses left: 4

----[ Files Still Infected ]------------

Malware: Trojan.Crypt.IL
C:\WINDOWS\system32\autochk.dll

Malware: Trojan.Vundo.GMM
C:\WINDOWS\system32\bobezevo.dll
C:\WINDOWS\system32\fijogegu.dll
C:\WINDOWS\system32\giwagana.dll
C:\WINDOWS\system32\kimesato.dll
C:\WINDOWS\system32\monuviwi.dll
C:\WINDOWS\system32\ranajero.dll
C:\WINDOWS\system32\vanageke.dll
C:\WINDOWS\system32\walojofe.dll

----[ Registry Entries Still Infected ]------------

Malware: Generic.Dld.AKI.63BBA105
<System>=>HKEY_USERS\S-1-5-21-1322651816-1455410660-3806797016-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Diagnostic Manager=>C:\DOCUME~1\CHAZZTER\LOCALS~1\TEMP\1969194196.EXE

Malware: Trojan.Vundo.GMM
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F438CBE6-5835-4467-8900-E52EE2B1ED56}=>C:\WINDOWS\SYSTEM32\RANAJERO.DLL
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\3055fcbc=>C:\WINDOWS\SYSTEM32\KIMESATO.DLL
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CPM3366cf20=>C:\WINDOWS\SYSTEM32\VANAGEKE.DLL
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\bodifomede=>C:\WINDOWS\SYSTEM32\GIWAGANA.DLL

----[ Processes Still Infected ]------------

Malware: BehavesLike:Trojan.RegistryDisabler
<Process ID:2820>=>C:\DOCUME~1\chazzter\LOCALS~1\Temp\1969194196.exe (memory dump)
<Process ID:2820>=>C:\DOCUME~1\chazzter\LOCALS~1\Temp\1969194196.exe (full dump)

Malware: Generic.Dld.AKI.63BBA105
<Process ID:2820>=>C:\DOCUME~1\chazzter\LOCALS~1\Temp\1969194196.exe (disk)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16745

Posted 5-1-2009 5:07 (GMT +1)

Hello chazz smile

As you can see in Bullguard log, you´ve got a vundo infection. I´ll therefore suggest you proceed as follows ->

Please download Combofix from:

http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Open notepad and copy/paste the text in bold in below into it:

-------------------------------------------------------------------------------

Killall:

Snapshot::

File::

C:\WINDOWS\system32\autochk.dll
C:\WINDOWS\system32\bobezevo.dll
C:\WINDOWS\system32\fijogegu.dll
C:\WINDOWS\system32\giwagana.dll
C:\WINDOWS\system32\kimesato.dll
C:\WINDOWS\system32\monuviwi.dll
C:\WINDOWS\system32\ranajero.dll
C:\WINDOWS\system32\vanageke.dll
C:\WINDOWS\system32\walojofe.dll

--------------------------------------------------------------------------------------

Save this as:
CFScript

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Monday, March 15, 2010 5:11 PM (GMT +1)
There are a total of 76.216 posts in 17.600 threads.
In the last 3 days there were 8 new threads and 78 reply posts. View Active Threads