Recurring(?) Virus

[Ramor]

I keep getting some weird virus that pops up every 5-7 days, or has at least done it twice now, MBAM/Avast! get rid of it easy enough but as soon as it starts happening SB:S&D keeps flooding my screen with blocked registry/win32 .dll file change-attempts, and also I'm guessing it just can't be good to have around anyway.

Here's my MBAM log (most recent one), I can't actually seem to find anything on the googlebots about getting rid of this one, or how I even got it or what it is or anything really, I'm hoping someone here has a bit more insight into it

Oh, and for the record the sites I was on when it seemed to spring up on my computer were BG, Facebook and something else I go to regularly, with no downloads going or anything which is why I can't seem to figure out what I'm doing to get it, I've also been avoiding doing any online banking until I'm sure it's fixed.

Spoiler: show

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\girimimu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rigubisa.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\5c70e37c (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\penimifihi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\rigubisa.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\rigubisa.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\girimimu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\umimirig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rigubisa.dll (Trojan.BHO) -> Delete on reboot.

Any help appreciated, thanks tech

[Crowort]

I was wondering if you have system restore active? If so it would be worth trying to disable it, as a virus can sometimes reinfect you from restore the restore files.

[Kriz]

I always do a one-two punch of MBAM with ComboFix A guide and tutorial on using ComboFix

Then I'd disable system restore, reset your Internet settings under control panel (security zone/cookie settings/IE settings) to default, and make sure your Windows Firewall wasn't knocked off.

MBAM+ComboFix almost always clean a machine up perfectly, whereas MBAM alone misses the potentially nastier stuff and that's especially true with Vundo. I still <3 it tho.

[Gippo]

like kriz said , mbam + combofix, both in safe mode, is the way to go. sometimes i throw in a bit of spybot advanced mode.

vundo will create a new dll on reboot even if you delete it, your missing something deeper.

[Mafai]

vundo is a pos... if i see a keypunched dll on someones computer i work on, i just backup and reformat. that thing is SO hard to get rid of.