My comouter was hijacked by a version of the Vundo trojan. I posted on the Networking forum first because my internet connection blew right when my computer was pumped with trojans and rogue anti-spywares. I have logs from MBAM, HJT and SAS. Thanks for the help.



[attachment deleted by admin]Bad news I'm afraid.

The logs show that you are infected by an infection called Virut or Sality. Virut/Sality is a virus that infects all executable files and screensavers. Virut also opens a back door providing the attacker with unauthorized remote access to the infected computer. Definition: Polymorphic virus.

There is no way to cure this infection. Your only option is to perform a full reformat. Do NOT attempt a repair install. Trying to fix this infection will only leave the computer unusable. See Virut on the Rise and Virut and other File infectors - Throwing in the Towel? for more information.

Note that if you decide to try and clean this you must be extremely careful on what is backed up as these new infections can get into many different file extensions ( DLL, EXE, SCR, HTM, HTML, MP3, AVI, WMV, PDF.....etc). A complete reformat and reinstall is highly suggested! Avoid backing up compressed files (zip/cab/rar.....etc). Virut can also penetrate compressed files that have .exe or .scr inside them.

If you backup any files they should be scanned from a clean properly protected PC before restoring. Also be careful what scanner is used as some are very poor at detecting and even worse at protecting from this infection. In fact due to the nature of these new infections there are probably no tools that will properly protect you from the infection. Be very selective and only backup files you can not replace!

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external DRIVE which has nothing else on it, and which you can format should it happen to become infected from the backups.

I suggest running at least 3 of the below scanners on the backup files. Run the first SCAN then reboot before running the second then reboot after the second before running the third.

-) Dr.Web CureIt!
-) AVG Win32/Virut Removal Tool
-) Symantwc W32.Virut Removal Tool
-) McAfee Avert Stinger
-) Microsoft Windows Malicious SOFTWARE Removal Tool

If you do not know how to perform a fresh install, use this website -> http://www.windowsreinstall.com/

I strongly suggest you do the following immediately!

If you have done any online transactions, call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts and/or change all of your account numbers.

From a clean computer change all of your online passwords including for email, banks, financial accounts, PayPal, eBay, online credit card companies and any online forums or groups you belong to etc.

DO NOT change passwords or do any transactions while using the infected computer. The attacker will get the new passwords and transaction information.
Unfortunately I think I am locked out of my computer. i ran that CureIt removal tool and when I restarted my computer, a blue screen came up with my USERNAME. I clicked on my username and it says saving files, logging off and restarts the log in screen again. You have to reformat and reinstall. http://www.windowsreinstall.com/I don't have the Windows XP CD, so I cannot reinstall that way.

Is there a way I can reformat without the CD?Nope. You have to have a CD. Can you borrow one?I could, though it is unlikely.

I have 3 computers in my home, 2 desktops and 1 laptop. The desktop I am posting on right now is clean (it's mine the other 2 are from other family members). Would you mind if I post HJT, MBAM and SAS logs of the laptop that has had problems connecting to the internet (but no real adware, pop-ups or trojans) in this topic?Please start a new topic for separate computers.Thank you so much for aiding me through this. My other computer's logs are in my other topic.