HP Pavilion zt3000 notebook
Windows XP pro (I think)
768 MB RAM

Hi all,

My computer was detected of Trojan.Zlob.G about 10 days ago and I read a blog on it and reinstalled Malware and deleted the Trojan after several hours. I didnt bother doing anything to the registry files though.

I thought my computer was working fine but it had slowed down considerably and many more internet explorer errors were occuring.

I also decided to install another free antivirus software (I already had AVG but this did not detect anything even when I ran a full system scan) so I have been having 2 antivirus softwares – AVG and Alvira apart from the Zone alarm that I have downlaoded with high protectioin – freeware.

My computer has been acting funny again since the past 48 hours and a series of Trojans have been detected since –

Malware detected these:

Trojan.Vundo.H
Trojan.Vundo

AVG detected these:
Trojanhorsevundo.CS

Well, Malware says that some will be deleted upon reboot and I have scaneed and deleted atleast 6 times and the problem persists.

Finally, a short while ago AVG detected the above mentioend and when I forced delete it cannot be deleted since file is missing…

I am no expert when it comes to computers but most of the files that are affected are registry files, system 32 files n so on.

Also, the following error message pops up when I start windows

C:Windows/system32/owukuyu.dll
The specific module could not be found.

The use of my computer is everything to me. Please help me resolve this matter ASAP.

Many thanks for your time and patience.
Tina

FInd enclosed the last log file from malware:

Malwarebytes’ Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 3
12/17/2008 7:57:42 PM
mbam-log-2008-12-17 (19-57-42).txt
Scan type: Quick Scan
Objects scanned: 50266
Time elapsed: 19 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\radafipi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\zewadora.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{44e5e78f-4780-42e7-8a9f-da90ce2a7284} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{44e5e78f-4780-42e7-8a9f-da90ce2a7284} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\f09c90f1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\kibunikaga (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpmf3afa36d (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zewadora.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zewadora.dll -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\radafipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ipifadar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zewadora.dll (Trojan.Vundo.H) -> Delete on reboot.