Sign in to follow this  
Followers 0
Charizma

HELP Please: Trojan.Win32.Monderc.gen

13 posts in this topic

Hello

 

Am facing a problem in the removal of this tojan Trojan.Win32.Monderc.gen ..KIS 2009 is keep informing me that it is detected but can not remove it.

The machine is using windows xp SP3. I also noticed that the system becomes slow and keep hanging and the windows explorer keep crashing from time to time and the windows update id disappled.

 

Please help me to remove this trojan.

Share this post


Link to post
Share on other sites

Run this script (instructions in the same topic):

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
DelBHO('{954C573F-8E6E-4A8C-A8E7-1C6229A81286}');
DelBHO('{03E3D45B-681C-481C-B6A3-0D08B12C4AB9}');
QuarantineFile('wvUmmjGv.dll','');
QuarantineFile('C:\WINDOWS\system32\wvUmmjGv.dll','');
QuarantineFile('C:\WINDOWS\system32\bnyewsxo.dll','');
QuarantineFile('C:\WINDOWS\system32\iiffFYrO.dll','');
QuarantineFile('C:\WINDOWS\system32\dpfnkmun.dll','');
DeleteFile('C:\WINDOWS\system32\dpfnkmun.dll');
DeleteFile('C:\WINDOWS\system32\iiffFYrO.dll');
DeleteFile('C:\WINDOWS\system32\bnyewsxo.dll');
DeleteFile('C:\WINDOWS\system32\wvUmmjGv.dll');
DeleteFile('wvUmmjGv.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

 

then make a combofix log:

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (if still active) until after the scanning and removal process has taken place.

 

Now, please double click on the file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

 

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

 

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post

Share this post


Link to post
Share on other sites

begin
QuarantineFile('C:\WINDOWS\system32\dpfnkmun.bak','');
QuarantineFile('C:\WINDOWS\BMd7a990fb.xml','');
QuarantineFile('C:\WINDOWS\system32\iiffFYrO.bak','');
DeleteFile('C:\WINDOWS\system32\dpfnkmun.bak');
DeleteFile('C:\WINDOWS\BMd7a990fb.xml');
DeleteFile('C:\WINDOWS\system32\iiffFYrO.bak');
end.

execute this one.

then zip and send me the contents of c:\qoobox\quarantine and C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\AVZ_Quarantine over PM

 

Share this post


Link to post
Share on other sites

Thanks Lucian Bara for all the help

 

I got the files you reguested...they are large.

 

How can i upload them to you?

Share this post


Link to post
Share on other sites

www.rapidshare.com

Send link to Lucian.

Share this post


Link to post
Share on other sites

looks ok, delete this C:\WINDOWS\BMd7a990fb.txt

Share this post


Link to post
Share on other sites

Couldn't find this file C:\WINDOWS\BMd7a990fb.txt

 

It seems it's deleted already

Share this post


Link to post
Share on other sites

ok then. any more problems?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0