Greetings, this is my first Bleeping Computer post, and i am not ususlly a blog/threads? user, although slightly more computer literate than a novice
(BTW -- love the name of your site, so very appropriate!!)
Posting from my wireless laptop because my desktop has become very unstable and can't even access internet now.
Home Desktop: Dell Dimension
Internet Explorer 7.0
scan daily with McAfee and Ad-Aware
have never had such a severe problem with it; have never had to reformat
Have been battling Trojan Vundo.gen.k
for almost a week now.
As of 5 minutes ago, I had a clean Ad-Aware and McAfee virus scan; BUT, I'm not convinced that the thing is really gone.The main question in this post is:
IS THERE SOMETHING ELSE I SHOULD DO TO MAKE SURE THE TROJAN IS GONE AND ALL THE CORRUPTED SYSTEM FILES IT MAY HAVE ATTACKED ARE REPAIRED?If you want/need more info and the play-by-play of events over the last 5 days, keep reading...
Husband first discovered problem on routine Ad-Aware scan. Unfortunately, he did not inform me of any problem.
He said there was a line entry in the log under Tracking Objects that had a green smiley with horns.
He said he "removed" it as usual, as he has with the daily dozen or so Tracking Cookies and MRU objects.
Then the *#&)@ hits the fan.
Certain things on the internet not working. For one example: I have a separate hotmail (live.com) email address. While I could log on to the account and see my Inbox, it would not open individual emails for me to read (did NOT happen when I accessed same email account from our wireless laptop).
Husband also said that "internet would work for about an hour, then freeze".
Then the internet just stopped working altogether (but, could still get our email from Outlook Express on the Dell, and had no problem with any internet things when connected wireless in our home on the hp laptop).
Ad-Aware did not pick up any other problems like the one my husband initially found. Initially, when my husband ran manual McAfee scans, he said they came up clean also. However, 2-3 days ago, when I decided to run another McAfee antivirus scan myself, the trojan showed up; AND when I reviewed the log file for McAfee, I discovered it had been "Repaired (removed)" every day
since 10/2/08 by the "Real-Time" scan; oddly enough, my "Manual Scan" on 10/6/08 only showed as "Quarantined".
I subsequently googled as much as I could find about this Vundo.gen.k and found out it's a nasty bugger.
randomly generated, self-replicating System32 dll files
attached to the winlogon and explorer.exe files
I have run "FixVundo" "VundoFix" and "VirtumondoBeGone" and all come up clean, no vundo found.
Then thinking my explorer.exe and winlogon files are corrupted, I booted from the WindowsXP start up disk and let it run it's automatic repair thing. I've actually done that a few times now, because I kept getting various errors....including .... the blue screen of death
!! in the middle of the Windows set up/automatic repair process where the
"problem detected" was
Windows then restarted itself, and the Set Up process resumed automatically (don't ask me?)
Was able to get onto internet for a brief moment, tried to run Windows Update (so I could get my Service Pack 2 again), but the Update program wasn't running and couldn't manually start it, wouldn't let me??
Another error I kept getting was a window where the title wasExplorer.exe - ENTRY POINT NOT FOUND
The procedure entry point Encode Pointer could not be located in the dynamic link library Kernel32.dllThat's when I knew I was out of my league; I have NO IDEA what any of that means.
Windows is up and running (from the disk) (I am fearful of restarting/rebooting because what I read was that the trojan was activated every time Windows started).
A McAfee pop-up window showed up shortly after start up. It found a "Potentially Unwanted Program" PrcViewer.
This was a new development, I have not seen that pop-up or program name in this whole time I've been trying to fix the problem. MA was able to remove it. ?????
I was able to print a document from Word (which we HAD to do tonight).
I was able to, again, run Ad-Aware and McAfee virus scans manually, neither of which detected any trojan.
But I'm scared to do anything else, like try to connect to the internet or see if that Automatic/Windows Update problem has been corrected.
So, thanks for listening, you guys are like therapists too. Have been so frustrated and exhausted over this the past week.Any advice on how I can be sure the computer is clean and repaired is GREATLY, GREATLY APPRECIATED!!!!
I just want to know if it's safe to surf again
2 Cor 5:17