Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vundo.h and maybe Smitfraud

  • Please log in to reply
No replies to this topic

#1 wmr_frb


  • Members
  • 1 posts
  • Local time:10:57 AM

Posted 27 April 2009 - 04:37 PM

Got a "malicious page" warning from AVG during a net session on Friday last. After accepting AVG's warning and closing the tab, I also got a warning from Spybot.

Now, every time I go to boot, Spybot tries to install one of the "eight random character dll files" into windows\system32. Spybot TRIES to stop it. The Spybot "popups" on bootup give me the ability to say, "NO! Don't allow this change." Doing so results in a sequence of a dozen or so repeat popups.

I've run Malwarebytes at least a dozen times, twice in Safe Mode. It found Smitfraud AND Vundo.h the first time through. I downloaded and ran Smitfraudfix, and that SEEMS to have gone away from subsequent Malwarebytes reports. But I can't seem to get past 2 infected memory modules, 1 registry key, 4 registry values, 1 registry item, and 3 files being infected. MWB finds them every reboot, but they come back.

I've also downloaded and run ATF cleaner. Still no dice.



BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users