Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Spyware- Please Help!


  • This topic is locked This topic is locked
12 replies to this topic

#1 Ragav

Ragav

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 17 August 2007 - 09:52 PM

hey guys am ragav from india...until day before my comp was performing well. suddenly yesterday when i logged on to XP i got a message in a dialogue box saying "Warning! Potential Spyware Operation! Your computer is making unauthorised copies of your system and internet files. Run full scan now to prevent unauthorised access to your files! click here to download spyware remover ... YES/NO".
i knew there was sumtin wrong so clicked no. then i found this weird rectangle on my ssytem tray telling me "your computer is infected". i jus wanted to know wat it was and when clicked on it the internet explorer page went to WinAntispyware page. immediately i closed it and searched google and searched for it and understood that this is a spyware called VUNDO.
i searched a few forums and tried the Vundofix and Vundobegone programs but in vain. they scan my comp but say nothing is found. i downloaded windows defender and scanned the comp too but of no avail.

other info/changes on my comp:
1. my internet explorer's home page has been changed to google.com automatically and when i click on internet properties i get a message saying "this operation has been cancelled due to restrictions placed on this computer. please contact the system administrator".
2. when i try to access control panel it says the same "this operation has been cancelled due to restrictions placed on this computer. please contact the system administrator".

please someone help me!

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:42 AM

Posted 17 August 2007 - 10:27 PM

Follow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection".

When done, download RogueRemover and save to you Desktop. (This program is for Win XP, 2000, NT only)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.
  • During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program and select Check for Updates.
  • If prompted, click Download to receive the latest updates.
  • When completed, close the update window.
  • Select "Scan" and the program will walk you through the remaining steps.
If you are still having problems afterwards you may need to post a HijackThis log and get expert assistance. Instructions for posting a log are included in the Smitfraud tutorial. Logs are posted in the HijackThis Logs and Analysis Forum, not here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:42 AM

Posted 17 August 2007 - 10:31 PM

I would recommend that you start by downloading SuperAntispywareHome version. Once you have received the complete download, double click the file to start the installation process. Please accept the default values. Do not protect your home page.Once the installation is complete, double click the desktop icon to run the program. Update the program. Click the Scan your Computer button. In the next window, select Complete Scan. click next to run the scan. Please be patient, as this may take awhile. When the scan is complete, click next to begin the quarantine and removal process. If SAS needs to restart your computer, please let it. and finally, please let us know the results.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#4 Ragav

Ragav
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 17 August 2007 - 11:22 PM

hey thanks guys...ill try it and get back. really thank you very much!

#5 Ragav

Ragav
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 17 August 2007 - 11:24 PM

mr.quietman ill first try the superantispyware. that seems to be a easier method. if that doesn work out ill do as you adviced me...thats fine right?

#6 Ragav

Ragav
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 August 2007 - 12:03 AM

hey the scan from superantispyware gave the following results..
adware.tracking cookie [130 items]
adware.whenU [2 items]
trojan.Downloader-Gen/NoMultitask [2 items]
Trojan.net-AVP/AVT [31 items]
Trojan.net-Vtroll [10 items]

Gosh! i have norton av 2003 edition updated everyday and so long it din detect these trojans!

#7 Ragav

Ragav
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 August 2007 - 12:09 AM

no use!!! the problem still persists... icant open the control panel...
the superanti spyware hasnt detected any vundo trojans...:thumbsup:

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:42 AM

Posted 18 August 2007 - 12:28 AM

Norton 2003 is way to old a program to be effective with all the new viruses and variants in the wild. I am adding the recommendation that you look into the thread here at bleeping computer titled Freeware Replacements. Depending on what you like, Avira, Avast and AVG are all good freeware av programs. Any one of the three is much better than the version of Norton that you have. That is probably why you got infected with the Vundo trojan. I would recommend that you download one of those three, uninstall your present norton and install a new AV program. If you have problems removing norton we can provide a link to the Norton removal tool.

Please continue on with Quietman7's recommendations.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:42 AM

Posted 18 August 2007 - 12:32 AM

Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#10 Ragav

Ragav
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 August 2007 - 12:39 AM

oh!!!!!! is it? thanks dude i won uninstall it now...i was plannign to install norton 07. i jus downloaded spybot to scan. shall i cancel the scan then?

#11 Ragav

Ragav
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 August 2007 - 12:45 AM

ok now i have uninstalled spybot..coz when i posted the hijakthis log it was not installed..i think now it shud be fine rite?

#12 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:42 AM

Posted 18 August 2007 - 01:53 AM

Just be patient and wait now. Let the member of the HJT team know about any changes.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:42 AM

Posted 18 August 2007 - 05:51 AM

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users