Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Winfixer/vundo Using Rootkit

  • Please log in to reply
2 replies to this topic

#1 h-drix


  • Members
  • 1 posts
  • Local time:08:50 AM

Posted 20 October 2007 - 02:23 PM

I need as much help as possible, im freaking out really bad and i cant handle dealing with these things any longer. i need all the help possible.

ive been working on these god damn trojans now for about a week. every time i delete one it seems like another comes back. i saw vundo in my registry yesterday when i used the free version of spyhunter. it couldnt let me delete it cause i would of had to pay. i went in to the registry and was about delete it manually but i decided i shouldnt. i waited a day thinking things couldnt get any worse and they did. i keep getting messages in my taskbar saying bad stuff is being stopped or malware is detected. (the little triangle with an "!" is flashing but i cant do anything about it)

it seems to be getting worse. i tried using vundofix and vuntrumundobegone and neither worked. vundo fix got rid of C:windows/system32/:ntnirndan.dll ; vacaxxojd.dll ; vturrqo.dll

the one it could not get rid of is opnlkki.dll

in my C hardrive theres a folder called "vundofix backups with the three files in them with the an added ".bad"

if you could describe what to do in a fairly easy language because im not great with computers. thanks alot guys.

edit: ad-aware and spybot S&D dont seem to be working now.

Attached Files

Edited by h-drix, 20 October 2007 - 03:37 PM.

BC AdBot (Login to Remove)


#2 sarahw


  • Members
  • 248 posts
  • Local time:10:50 PM

Posted 20 October 2007 - 07:18 PM

Hi h-drix,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in safe mode so you will be unable to access this thread at that time. These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :thumbsup:

#3 sarahw


  • Members
  • 248 posts
  • Local time:10:50 PM

Posted 25 October 2007 - 10:22 AM

You are using a BETA version of Hiojack This. Could you please click HERE and download the correct Version of Hijack This. Post a fresh log when you have finnished the rest of these instructions.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

When you are finished, please reboot the computer as you normally would. Post The Smitfraud fix log, the Vundofix log, and HijackThis log from the correct version here in a reply. Also, please let me know of any problems you may have encountered or questions you want to ask.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users