Help... vundo virus

should i keep sending?

i want to clean his computer but honestly am too embarrased to any more..should i keep sending and i am going to get off this website.. i am honestly just posting what is on that report you told me to run.. I am so very sorry...

 

I knew that folder looked suspicious, but I wasn't expecting that! I've edited all those posts. Here's the good news ........ that folder and it's contents are the result of the infection(s), courtesy of Limewire no doubt. Notice those files are all of the same date and size? The folder had been given hidden and system attributes, making it not only hidden from view but difficult to remove if/when found. It's highly likely that if an attempt was made to play any one of those files, it would further infect the machine. We're gonna nuke it ........ he won't miss it either. Doubt he even knew it was there.

Highlight and copy the contents of the code box below.

Code:

@echo off
attrib -r -h -s  "C:\Documents and Settings\Owner\!\*.* "
del /q  "C:\Documents and Settings\Owner\!\*.* "
rmdir   "C:\Documents and Settings\Owner\! "
dir %Systemdrive%\zz.dat /a h /s > "%userprofile%\desktop\check2.txt "
dir %Systemdrive%\xx.dat /a h /s >> "%userprofile%\desktop\check2.txt "
start notepad  "%userprofile%\desktop\check2.txt "
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own when the search is complete, and a log named check2.txt will open. The log will be located on your desktop. Please post the contents of that log here.


Did you check the contents of that zz.dat file?

 

ty so much

Volume in drive C has no label.
Volume Serial Number is 9C39-3113

Directory of C:\Documents and Settings\Owner

04/22/2008 02:19 AM 60,301 zz.dat
1 File(s) 60,301 bytes
Volume in drive C has no label.
Volume Serial Number is 9C39-3113





and no, i couldn't save the zz. as a txt...

ty!
Shanti

 

Copy the bolded command below.

start notepad "C:\Documents and Settings\Owner\zz.dat "

Now click Start>Run and paste the command then hit enter. It should open the file for viewing. Please check it over for personal information. If in doubt, ask.

I'm going to review and will post further instructions in a subsequent reply.

 

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Once again, please disable any realtime protection applications.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall