Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sticky Vundo Problem, Tools Aren't Working


  • Please log in to reply
3 replies to this topic

#1 craigt

craigt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 12 June 2008 - 09:54 PM

ok, maybe it isn't the tools, maybe it is me... but here is what i have tried and seen: Symantec found the virus but couldn't fix it, that is how I knew the name. I tried FixVundo.exe, VundoFix.exe, VirtuMundobeGone.exe (in normal and safe modes). I tried the symantec scan with nothing found, installed Trend Micro Internet Security and used its scan with no results. Spybot taught me that the rundll32 was being used to call the randomly named .dlls (but Trend Micro forced me to remove SpyBot). I can see (using msconfig) the name of the current .dll causing the problem and can rename or delete it to get some temporary relief. I have had FireFox and IE unable to load sites such as Google or Yahoo or Support.Microsoft.com. I downloaded Windows defender and get an error when I try to update the definitions so I can't use it to scan. I cannot use Windows Auto Updates, can't turn it on, can't start the service, and am even altogether missing a subkey that should be set to allow AutoUpdates to work. I recently added HijackThis, but cannot make much sense of it. I can still see the .dll, but do not know how that .dll is added to System32 directory or the Run registry folder... All of the forums seem to go a different direction on the removal process and I can't quite pin the best one down, so I decided to ask you guys. Please direct me to the place to post this, and where I can have someone look at my HJT log. Thank you so much.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:07 PM

Posted 12 June 2008 - 10:45 PM

The HJT Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. However, we may be able to assist you here and resolve this issue without having to post a log.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Instructions with screenshots if needed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 craigt

craigt
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 13 June 2008 - 12:21 AM

the Malwarebytes anti-malware seems to have done the trick. It found a whole bunch of Trojan.Vundo files and keys and so far, everything seems to be working as it should. I will consider this closed for now, but will post again if things get sour.

Thank you so much. I wish I would have joined and posted several days ago. I was just about ready to put the computer to sleep, forever. Thanks again.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:07 PM

Posted 13 June 2008 - 02:20 PM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users