Posted 27 December 2009 - 06:01 PM
About a week ago my boyfriend's computer was invaded by the vundo virus. Shortly thereafter it was also invaded by the IS2010 fake program. Symptoms were the logon/logoff loop problem, the IS2010 fake antivirus popups, MBAM.exe was being deleted so we couldnt run Malwarebytes.
Using the steps provided in other posts on this site Ive deleted registry entries, system 32 files and ran malwarebytes etc. 2 days ago all seemed well. We ran SuperAntiSpyware, Malwarebytes, checked the registry and system 32 folder and nothing was found. No pop ups, no logon/logoff loops, no IS2010 and his computer was faster.
Yesterday though Malwarebytes indicated that vundo was back. My boyfriend hasn't been to any sites at all since the original scans came back clean. He was only running Malwarebytes one last time before going onto a website to assure ourselves the threat was gone (Although he hasnt visited any websites we are contantly connected to the internet through direct connection not wireless so this may have something to do with it). The only thing I can think of is that there is a file we keep missing that allows Vundo to re-spawn or something. Today we removed vundo using the same steps we previously used and it seems to be gone again (so the scans say).
The only trouble (right now) is a lingering file that only shows up on the task manager (karezabu.dll). Research shows this to be a bad file and we are unable to get rid of it. Occasionally other files with different names have popped up as well but we have been able to remove those. I believe these files are related to the Vundo virus that keeps popping back up on my boyfriend's computer. I have a hijakthis log I can post that was ran today if requested. Any help on making sure that Vundo is really and truly gone from the system and that any other malware/spyware that is causing us grief is gone as well is appreciated. Reformatting his computer is an absolute last ditch effort that we do not want to resort to unless there is nothing left for us to do.
Troublesome Files That Keep Reappearing Despite Deleting Them and Cleaning The Computer With Malwarebytes (These can be deleted at any time and cause no problem except that they keep reappearing):
The only exception to this rule is karezabu.dll which I have already stated we are unable to get rid of.
I work with computers and this is the only time Ive been stumped. HELP!
Desperate girlfriend who spends her days off repairing her boyfriend's computer