Hi there,
So I managed to catch myself a lovely virus (Vundo among others, it would appear).  I first noticed it when I started getting various fake "security" warnings, and then discovered that it has disabled Malwarebytes.  I tried various methods recommended by the folks at Malwarebytes to get it running again but to no avail.  Since then, I have followed all of the procedures listed in the "Read this before requesting malware removal help".  I was, of course, unable to run Malwarebytes but I did everything else (properly I hope!).  Everytime I try to do anything with mbam, I get an error code 2 message and the prgoram won't open.  I'm fresh out of ideas so I'm hoping and praying that you guys might be able to help.  If you would please give me a hand I'd be much obliged.  My logs are attached so please let me know if I can provide any further info.  Thanks in advance!
- Cayti     

[Saving space, attachment deleted by admin]you do not seem to have any anti-virus installed or other security can you NAME what you have Hello.  I have Symantec Anti Virus/Anti spyware, but even though it is updated it didn't find anything yesterday during its weekly full scan.  Even now it is saying "Your computer is protected, no problems detected".  Beats me!  Any ideas?  sorry i'm not an expert , but can you start malware in safe mode , or did you try to rename it


sorry i miss that symantec  No problem!  I have already tried the renaming thing, but that definitely doesn't work.  I will try to run it in safe mode and update with results ASAP. No luck in safe mode unfortunately.  It doesn't seem to even register that I opened it.  No error this time, just nothing!<Removed>

Please don't send users away. EFHello caytidid.

Please DOWNLOAD and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
 
There are 4 different versions. If ONE of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.
 
Now download and Run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/list]

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

----------

Next post please add:

• exeHelper log
• ComboFix log

Thanks for you help on this!

after I ran Combofix and the computer restarted, I got the RUNDLL errors for both hafimiw.dll and c:\windows\system32\rosogobu11.  I'm guessing those are remnants of malware that have been deleted.  Didn't know if it was relevant but I figured full disclosure was best.

2009-11-07 21:24 . 2009-11-07 21:30   --------   d-----w-   c:\program files\Attempt 6 SM
2009-11-07 18:52 . 2009-11-07 18:53   --------   d-----w-   c:\program files\Attempt 5
2009-11-07 18:24 . 2009-11-07 18:28   --------   d-----w-   c:\program files\Attempt 4
2009-11-07 18:20 . 2009-11-07 18:20   --------   d-----w-   c:\program files\Attempt 3
2009-11-07 14:33 . 2009-11-07 14:33   --------   d-----w-   c:\program files\please work
2009-11-07 05:20 . 2009-11-07 05:20   4045528   ----a-w-   c:\program files\xxxx.exe
2009-11-07 05:12 . 2009-11-07 14:41   --------   d-----w-   c:\program files\MF
2009-11-07 05:07 . 2009-11-07 05:10   --------   d-----w-   c:\program files\MW-upfucker
2009-11-07 05:06 . 2009-11-07 05:06   4045528   ----a-w-   c:\program files\mw-upfucker.exe
2009-10-22 18:12 . 2009-10-22 19:04   --------   d-----w-   c:\program files\lmxiyi

My apologies for the, ummm, colorful file names.

I can delete them now if you would like me to since they didn't work anyway.