WinXP pro

I was referred to this thread http://www.bleepingcomputer.com/forums/topic18610.html after posting the following in cnet forums.



I am also awaiting help in a hijackthis forum(a different one) More recently the name mentioned on the popups has changed to systemprot but the resulting popups are identical.


Anyways, the vundofix thread. I was experimenting with VundoFix. I had it do a scan not as a task. It found a number of entries, I checked one of them and told it to remove it. It restarted my computer even though I could have sworn I told it not to Anyways when I restarted I did a scan again. It came back with nothing (even though I only checked one entry, maybe it erased em all anyways? maybe taking out the one file caused the others to go away?)

When I check run as task, vundofix closes down, but never restarts. Tried many a time, it just won't run as a task.

That link, it refers to entries. Entries in what? Hijackthis? I had no such entries in hijack this, yet the program seemed to have found infection.

How do I know if the infection has gone away or not or if there is more infections? Could the virus having lost one of its files now be masking itself to prevent more removal? The thread keeps saying "if the infections still present" but not how to determine that.

After posting a log (regardless of where) you should NOT make further changes to your computer (install/uninstall programs, use fix tools, delete files and other items on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted and can complicate the malware removal process.

If you have already been doing some of these things on your own, be sure to advise the expert who is helping with your log.

Also some newer variants of vundo target Hijackthis.exe and hide certain entries so there are no signs in a log.

So why can't I run vundo as a task?


I'm not sure I follow what your saying here. You mean vundo intentionally hides what it suppose to destroy? Why recommend its use then?

Some newer variants of the vundo infection, NOT the vundofix tool, target Hijackthis.exe and hide certain entries so there are no signs in a log.

And as I said before, since you already posted a log it's not a good idea to keep experimenting with special fix tools or make further changes to your computer unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted and can complicate the malware removal process.

So why won't vundofix run as a task? Why is it no longer able to find any infection, even though I only deleted one of the files it found the first time? *points up to all the stuff he said and asked*

*bump*

Try moving VundoFix.exe to the root directory (usually C:\) and run it as a task from there.

My drive is partitioned into C:\ & E:\, XP pro is in E:. Are both C & E considered root directories for this purpose?