Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using Spybot As Per Instructions For Vundo Removal And..


  • Please log in to reply
3 replies to this topic

#1 Kira April

Kira April

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 10 March 2008 - 10:29 PM

Hi, I'm running through the steps as you outlined before submitting a HiJack This Log. I installed Spybot and began running it... it closed my Adware and then proceeded. Then a window popped up during scanning asking if I would allow a change to the registry and naming BM33e63ece and another registry key - both which had previously by flagged by my Trojan Remover. So I hit deny changes thinking it was trying to rename itself, now windows are popping up all over like so:

Posted Image


Now I'm not so sure if I blocked Spybot from removing it (was this the change?) or the program itself from changing its value and I don't know what to do. Could someone possibly help and direct me on what to do? Do I allow these registry changes by the programs which were flagged as components of Vundo before? I'm so unfamiliar with Spybot and none of my reading so far has turned up guidance.

Thank you so much for any help.

Edited by Kira April, 10 March 2008 - 10:37 PM.


BC AdBot (Login to Remove)

 


m

#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:06:31 PM

Posted 10 March 2008 - 10:38 PM

When I denied it in Spybot my whole screen filled up with those boxes :thumbsup: but terribly annoying.
Have you read How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.b?
This should fix all cases of Virtumonde/Trojan.Vundo

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 Kira April

Kira April
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 10 March 2008 - 10:50 PM

Thanks so much for replying! :thumbsup: I've been reading at least a couple library's worth today and I think I look something like this :flowers: now. I did use those two programs and got all the way down to how to submit the Hijack This Log, which I've been following line by like like I'm about to land a jet airliner lol. Can you believe I just found out the 29 bucks I spent to register Adware Alert was a total scam according to SpyBot? Man, they can detect blonde right through the computer.

So it's a good thing I denied those changes? I've got windows ontop of windows just poppin' around. Do they finally stop once you've gone through all the steps?

I swear after this, brain surgery is just cake.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,699 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:31 AM

Posted 15 March 2008 - 09:51 PM

Hello Kira April,

So it's a good thing I denied those changes? I've got windows ontop of windows just poppin' around. Do they finally stop once you've gone through all the steps?


It's hard at this point to say whether it was good that you denied them or not. Were those files in Trojan Remover's quarantine?

The little windows are produced by TeaTimer, a resident protection component of Spybot. Since that initial window popped up when Spybot was scanning, I suspect that you should have ALLOWED the change to reverse damage caused by an infection, unless the file in question was in Trojan Remover's quarantine.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users