HELP Please: Trojan.Win32.Monderc.gen Options

[Charizma]

Hello

Am facing a problem in the removal of this tojan Trojan.Win32.Monderc.gen ..KIS 2009 is keep informing me that it is detected but can not remove it.
The machine is using windows xp SP3. I also noticed that the system becomes slow and keep hanging and the windows explorer keep crashing from time to time and the windows update id disappled.

Please help me to remove this trojan.

[3x0gR13N]

Please post an AVZ log: http://forum.kaspersky.com/index.php?showtopic=69276

[Charizma]

Attached the AVZ Sysinfo.zip

Attached File(s)

 sysinfo.zip ( 19.32K ) Number of downloads: 8

 

[Lucian Bara]

Run this script (instructions in the same topic):

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
DelBHO('{954C573F-8E6E-4A8C-A8E7-1C6229A81286}');
DelBHO('{03E3D45B-681C-481C-B6A3-0D08B12C4AB9}');
QuarantineFile('wvUmmjGv.dll','');
QuarantineFile('C:\WINDOWS\system32\wvUmmjGv.dll','');
QuarantineFile('C:\WINDOWS\system32\bnyewsxo.dll','');
QuarantineFile('C:\WINDOWS\system32\iiffFYrO.dll','');
QuarantineFile('C:\WINDOWS\system32\dpfnkmun.dll','');
DeleteFile('C:\WINDOWS\system32\dpfnkmun.dll');
DeleteFile('C:\WINDOWS\system32\iiffFYrO.dll');
DeleteFile('C:\WINDOWS\system32\bnyewsxo.dll');
DeleteFile('C:\WINDOWS\system32\wvUmmjGv.dll');
DeleteFile('wvUmmjGv.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

then make a combofix log:
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (if still active) until after the scanning and removal process has taken place.

Now, please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post

[Charizma]

AZV script excuted and attached is the CompoFix reprot.

Attached File(s)

 ComboFix.txt ( 8.75K ) Number of downloads: 5

 

[Lucian Bara]

CODE

begin
QuarantineFile('C:\WINDOWS\system32\dpfnkmun.bak','');
QuarantineFile('C:\WINDOWS\BMd7a990fb.xml','');
QuarantineFile('C:\WINDOWS\system32\iiffFYrO.bak','');
DeleteFile('C:\WINDOWS\system32\dpfnkmun.bak');
DeleteFile('C:\WINDOWS\BMd7a990fb.xml');
DeleteFile('C:\WINDOWS\system32\iiffFYrO.bak');
end.

execute this one.
then zip and send me the contents of c:\qoobox\quarantine and C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\AVZ_Quarantine over PM

[Charizma]

Thanks Lucian Bara for all the help

I got the files you reguested...they are large.

How can i upload them to you?

[Lagerx]

www.rapidshare.com
Send link to Lucian.

[Charizma]

The scan with Malwarebytes' Anti-Malware is done and attached the log file

Done the rempval and now am doing anoter scan with Malwarebytes' Anti-Malware.

Attached File(s)

 mbam_log_7_27_2008__21_06_06_.txt ( 1.57K ) Number of downloads: 4

 

[Lucian Bara]

looks ok, delete this C:\WINDOWS\BMd7a990fb.txt

[Charizma]

Couldn't find this file C:\WINDOWS\BMd7a990fb.txt

It seems it's deleted already

[Lucian Bara]

ok then. any more problems?

[Charizma]

Now every thing seems to be ok

Thanks for all the help and support.