I have been fighting the following virus and it seems that ESET security plus is not finding them.

Files Infected:
c:\Windows\System32\wejureke.dll (Trojan.Vundo.H)
c:\Windows\SysWOW64\wejureke.dll (Trojan.BHO)

I continually get these pop-ups and had to resort to using Malwarebytes' Anti-Malware 1.34 to find them, but this does not remove them either. I bought the ESET security 3.0.350.0 and everything is up to date. Below is the list of my updates.
I have had ESET running for some months now without any problems or issues and this problem popped up (excuse the pun) this weekend. I have checked the knowledgebase and have found nothing.


******** ESET Configuration ************
Virus signature database: 3954 (20090323)
Update module: 1028 (20090302)
Antivirus and antispyware scanner module: 1199 (20090321)
Advanced heuristics module: 1092 (20090309)
Archive support module: 1091 (20090213)
Cleaner module: 1039 (20090320)
Anti-Stealth support module: 1010 (20090302)
Personal firewall module: 1040 (20080924)
Antispam module: 1011 (20090114)

***** Malwarebytes log file **********
Malwarebytes' Anti-Malware 1.34
Database version: 1883
Windows 6.0.6001 Service Pack 1

3/23/2009 8:56:04 AM
mbam-log-2009-03-23 (08-56-00).txt

Scan type: Quick Scan
Objects scanned: 15409
Time elapsed: 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\wejureke.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm73fffa3f (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zogababala (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wejureke.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wejureke.dll -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\wejureke.dll (Trojan.Vundo.H) -> No action taken.
c:\Windows\SysWOW64\wejureke.dll (Trojan.BHO) -> No action taken.

ESET SysInspector should be able to reveal these malicious dlls. Unfortunately, Virtumonde is about nothing but business and thus they are continually being modified by a group of guys to avoid detection by AVs. MB uses a different approach to detection than typical signatures or heuristics, hence it's able to detect threats on infected systems better. I wouldn't chance my arm that that it would protect you against all other threats like other AVs before threats are executed, however.

you should delete this file wejureke.dll (anyhow it's quarantined now), and then you should try right click on C: drive, below scan with ESET you have advanced action and then clean files, click on this and should be able to delete the rest of infections.

Cheers,
Miki

I have deleted the file but after each reboot it andother files return, so this is of no help. I have opened a case with ESET but no response as of yet.

I have no intention to replace ESET with Malware, I just need ESET to perform as advertised and remove the Trojans. Afterall tat is what I paid for.

Try with a free SUPERAntiSpyware.

If you're unable to analyse ESET SysInspector logs yourself, did you create one and conveyed it to customer care for perusal?

-{ Quote: "If you're unable to analyse ESET SysInspector logs yourself, did you create one and conveyed it to customer care for perusal?" }-
SysInspector logs detected threats log is empty, nothing in the quarantine either. Quite a few Incorrect IP packet length and DNS cache poisoning attacks, but they were blocked by the firewall.

I think that I have got rid of the files after running Malware, then wise registry cleaner, then Malware again, then SUPERAntispyware, then Wise Registry cleaner again. Each time a new set of files was found. I had to run Malware 4 times with booting each time in safe mode to clean everything out. Still this should not have gotten past my ESET, well I did not expect it to. I have opened a ticket but still no response. Any idea on how long before a Threat not detected case is handled?

Thanks to those who helped, so far. hope that it is gone permanently

Again, sending a SysInspector from the infected computer is crucial when contacting customer care. A customer care representative would check the log and ask you to send the suspicious files to the viruslab for analysis so that detection could be added.

I have no clue what customer care did you contact. It's already evening here in Slovakia, but morning in the US. If you are from the US, it may take up to 24 hours to get a response (during work days). However, all they can do is recommend you sending an ESI log the next time you run into a suspicious file.

Try posting a HighJack this log on one of the various forums so you can verify it is clean. This is the one I use when I need to clean a machine.

http://www.tweaks.com/forum/Forum29-1.aspx