Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Do I Still Have Virtumonde/vundo/f-nimda?

  • Please log in to reply
1 reply to this topic

#1 wolverene13


  • Members
  • 5 posts
  • Local time:02:14 PM

Posted 24 February 2008 - 05:18 PM

Hey guys,

I recently got F-Nimda AND Virtumonde at the same time. It was a mess. My start bar and icons were missing and I think I fixed that by editing the registry. I kept receiving alerts from AntiVir that it detected TR/Vundo.Gen on my system in the directory C:\WINDOWS\System32\ and then it would have a .dll file that appeared to be generated randomly by the trojan, as it would have a different name every time (most recently css4[1].dll). So, I updated and ran Ad-Aware, Spybot, CCcleaner, and did a scan with AntiVir. I fixed or deleted all of the detections from all programs and got rid of a bunch of unnecessary files (temp files, etc.). I have no idea if it worked or not. I realized I cannot change my desktop background in Control Panel>Display and I also am unable to browse for a file to attach to an e-mail in Hotmail (I click the "Browse" button and nothing happens) I also can not "Save picture as..." in Firefox. How do I fix these?


Sure enough, right after I hit "post" I got an alert that a virus was found in C:\Documents and Settings\Allen\Temporary Internet Files\Content.IE5\LBIH12U4\css4[1] Is the Trojan horse TR/Vundo.Gen
Also, I got one at the same time that said it was in C:\WINDOWS\system32\pmnll.dll.......GRRRRRRRR!!!!!

Edited by wolverene13, 24 February 2008 - 05:58 PM.

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,062 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:14 PM

Posted 25 February 2008 - 01:26 PM

Hello wolverene13,

There seems to be some confusion with your threads. Your original thread has been closed since the assumption was that you have posted a new HJT log in the HJT forum.

Question: As that has not, in fact been done, before I provide any disinfection procedures, do you want to post an HJT log in the proper forum? If not, we'll see what we can do for you here. It is possible that we might be able to completely disinfect your system without having to post in the HJT forum.

Here is the thread to the closed thread which provides additional information: http://www.bleepingcomputer.com/forums/t/132933/stupid-vundovirtumonde-trojan/

In your other thread, you mentioned that you ran vundofix and virtumundobegone. Did you do so by following this guide: http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/ ?

If you decide to try to continue disinfecting your computer here in the Infected forum, please post your Vundo log as a reply and let us know that you want to continue the disinfection process in this forum. If not, please follow the directions boopme gave you in the other thread and post your log in the appropriate forum. boopme provided the link in the instructions he gave you. When you have done so, please paste the link to your new thread as a reply so that we know the HJT team is helping you.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users