Help - Search - Members
Full Version: Is VUNDO associated with these .dll entries
Kaspersky Lab Forum > English User Forum > Protection for Small and Medium Businesses
spo1484
31.03.2009 23:51
Windows XP (SP2?)
Kaspersky Anti-Virus 6.0 for Windows Workstations Version 6.0.3.837 c.d.e.f.g

First of all, sorry for the lengthy presentation. I can not access internet from the client computer.

IE7 gives an application error when launching. IE7 will no longer launch. After IE7 first launch error, popup window displays with advertisement for addressbook.com. Nothing in the title bar except "Jump"

I saw something suspicious in MSCONFIG Startup tab:

vagiluke.dll,s
vakuhimu.dll,b
suluyeba.dll,a

This user advised that Kaspersky detected a trojan while she had been browsing (IE7), and it was denied. I checked the Kaspersky Event log and it shows:

3/31/2009 10:36:37 AM Process (PID 400) tried to access Kaspersky Anti-Virus process (PID 3936), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 10:36:37 AM Process (PID 400) tried to access Kaspersky Anti-Virus process (PID 148), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 10:31:18 AM Process (PID 4192) tried to access Kaspersky Anti-Virus process (PID 3936), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 10:31:18 AM Process (PID 4192) tried to access Kaspersky Anti-Virus process (PID 148), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 10:27:03 AM Process (PID 3440) tried to access Kaspersky Anti-Virus process (PID 3936), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 10:27:03 AM Process (PID 3440) tried to access Kaspersky Anti-Virus process (PID 148), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 10:11:07 AM Process (PID 3368) tried to access Kaspersky Anti-Virus process (PID 148), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 10:09:34 AM File c:\documents and settings\amanda.perry.dsivictoria\desktop\postcard.zip/postcard.exe: deleted.
3/31/2009 10:07:30 AM File c:\documents and settings\amanda.perry.dsivictoria\desktop\postcard.zip/postcard.exe: detected Trojan program 'Trojan-Downloader.Win32.Injecter.ga'.
3/31/2009 9:11:03 AM File C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\postcard.zip/postcard.exe: is still infected, postponed.
3/31/2009 9:11:03 AM Security threats have been detected. You are advised to neutralize them immediately.
3/31/2009 9:11:03 AM File C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\postcard.zip/postcard.exe: detected Trojan program 'Trojan-Downloader.Win32.Injecter.ga'.
3/31/2009 8:54:29 AM Some protection components are disabled. You are advised to enable them.
3/31/2009 8:54:29 AM Protection of your computer started.
3/31/2009 8:54:29 AM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
3/31/2009 8:54:05 AM Protection of your computer is not running. You are advised to resume protection.
3/31/2009 8:52:51 AM Process (PID 2416) tried to access Kaspersky Anti-Virus process (PID 1776), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 8:52:51 AM Process (PID 2416) tried to access Kaspersky Anti-Virus process (PID 4064), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 8:51:23 AM Malicious HTTP object <http://77.74.48.105/dl/shuffle.html?cu=656d04318474c048ad0a567ee291e4e2>: access denied.
3/31/2009 8:51:20 AM Malicious HTTP object <http://77.74.48.105/dl/shuffle.html?cu=656d04318474c048ad0a567ee291e4e2>: access denied.
3/31/2009 8:51:12 AM Malicious HTTP object <http://77.74.48.105/dl/shuffle.html?cu=656d04318474c048ad0a567ee291e4e2>: access denied.
3/31/2009 8:51:12 AM Malicious HTTP object <http://77.74.48.105/dl/shuffle.html?cu=656d04318474c048ad0a567ee291e4e2>: detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.dze'.
3/31/2009 8:46:19 AM Process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe (PID: 2364): attempt to embed itself into another process was blocked.
3/31/2009 8:46:18 AM Running process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe: detected modification of riskware 'Invader'.
3/31/2009 8:46:18 AM Process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe (PID: 2364): attempt to embed itself into another process was blocked.
3/31/2009 8:46:02 AM Running process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe: detected modification of riskware 'Invader'.
3/31/2009 8:46:02 AM Rollback not completed.
3/31/2009 8:45:48 AM Process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe (PID 2812) successfully terminated.
3/31/2009 8:45:43 AM Running process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe: detected modification of riskware 'Invader'.
3/31/2009 8:45:33 AM Process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe (PID: 2812): attempt to embed itself into another process was blocked.
3/31/2009 8:45:31 AM Running process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe: detected modification of riskware 'Invader'.
3/31/2009 8:45:31 AM Process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe (PID: 2812): attempt to embed itself into another process was blocked.
3/31/2009 8:45:27 AM Running process C:\Documents and Settings\amanda.perry.DSIVICTORIA\Desktop\~.exe: detected modification of riskware 'Invader'.
3/31/2009 8:14:13 AM Process (PID 112) tried to access Kaspersky Anti-Virus process (PID 4064), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 8:14:13 AM Process (PID 112) tried to access Kaspersky Anti-Virus process (PID 1776), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 8:14:11 AM Process (PID 3540) tried to access Kaspersky Anti-Virus process (PID 4064), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 8:14:11 AM Process (PID 3540) tried to access Kaspersky Anti-Virus process (PID 1776), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 8:01:17 AM Process (PID 3856) tried to access Kaspersky Anti-Virus process (PID 1776), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
3/31/2009 7:51:34 AM Some protection components are disabled. You are advised to enable them.
3/31/2009 7:51:34 AM Protection of your computer started.

Is the computer infected? Is it a vundo virus.

Thanks for the help!

Rick
spo1484
2.04.2009 02:57
I believe I may have posted this in the wrong forum. I have started a new topic in the Vrus Related Issues section.

Moderators, if this is not the correct forum, please delete this post.

Thank you all for your help.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.