Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error Msg When Booting


  • Please log in to reply
11 replies to this topic

#1 xaeroevo

xaeroevo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 August 2007 - 01:38 AM

i just recovered from an infection, my laptop got a cold so i fed em some meds form :
AVG Anti-Spyware, Ad-Aware, SpywareSweeperTrial, CWShredder, ClamWin Free Antivirus in safe mode.
when i got infected the cold removed my shutdown/reboot and run buttons from start and from taskman. it also disabled my regedit.
but i managed to fix those already.. but now everytime i boot up windows, i get this error msg :
Posted Image
what the heck is that? is it fatal or someting or can i just ignore it?

Edited by xaeroevo, 28 August 2007 - 01:42 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 28 August 2007 - 02:29 AM

I did a quick net search for information on this vtutq.dll file and all the hits I got were malware related.

Typically when you get a virus it makes an entry in your registry instructing your computer to run the virus everytime you start. Your antivirus found the virus and deleted it, but this entry is still in your registry, which is why you are getting the error message. Using the AutoRuns utility you should be able to locate this entry and delete it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 xaeroevo

xaeroevo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 August 2007 - 03:40 AM

ok thanks! i found it on the winlogon tab :D thanks!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 28 August 2007 - 03:45 AM

You're welcome :thumbsup:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 xaeroevo

xaeroevo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 August 2007 - 04:35 AM

WAIT! it didnt work, i deleted the entry, restart my laptop, but when i clicked on any icon on my desktop, i still get the error msg..
if its nothing seroius i can just leave it as it is right?

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 28 August 2007 - 04:44 AM

I don't think the error message in itself is harmful. It's most like caused by the malware making changes to your registry.

You could try the following fix from Kelly's Korner.

Restore Desktop Icons and Taskbar - #195 on the right.

Right click on it and save the .vbs file to your desktop. Then, double click on the file icon (on your desktop) to run the script. You may need to reboot your computer for the changes to take affect.

With any fix like this you should backup the registry first.

How To Back Up The Registry

If that doesn't work I would suggest you post a HijackThis Log in the HijackThis Forum and let the experts have a look.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:55 AM

Posted 28 August 2007 - 06:17 AM

There could be a couple of reasons for this:
1) the computer is still infected and the virus is respawning
To double check, try one of these free, online scans:
http://safety.live.com
http://housecall.trendmicro.com

2) the Autoruns entry that you fixed wasn't the only one or wasn't the correct one for this cause. To double check it, try the free program Startup List on this page: ( http://www.spywareinfo.com/~merijn/programs.php ) and use it to create a startup list - then search the list for the vtutq.dll string. Once you locate it there, then you can delete/disable it using Autoruns.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 xaeroevo

xaeroevo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 August 2007 - 07:50 AM

i scanned with the online scanners and got the same virus :
Posted Image
i clicked remove but nothing happens.. (

the start-up list thingie doesnt work either.. :thumbsup: i see the string but i cannot locate it on the directory..
its nowhere to be found, i even checked show hidden files in folder options.. but i still dont see it anywhere...
what do i do now? grrr...

i'm gonna try out kaspersky's online scanner.. see how it goes..

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 28 August 2007 - 08:12 AM

Try this Bleeping Computer removal guide:

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 xaeroevo

xaeroevo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 August 2007 - 08:53 AM

i scanned with kaspersky and i got this :
http://www.viruslist.com/en/viruses/encycl...?virusid=145905
... i'm gonna check out the link budapest posted now since i cant remove the virus..

#11 xaeroevo

xaeroevo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 August 2007 - 09:50 AM

hey it worked! now my laptop is fine.. managed to get rid of vundo :D.. but my start-up is extremely slow now ... :thumbsup: ..
thanks budapest and usasma :D

#12 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:55 AM

Posted 30 August 2007 - 06:17 PM

Now that it's gone, try some more scans to be sure you've gotten everything. Once you've got a couple of clean scans under your belt, then we can try fixing up the damage that was done to the OS.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users