Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Virus? Cannot remove Please Help


  • This topic is locked This topic is locked
1 reply to this topic

#1 raellen89

raellen89

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 21 March 2010 - 05:44 PM

Hello! I most humbly come here asking for your knowledge and help. Three days ago my husband accepted an upgrade for Firefox from 3.58 to 3.6. After the upgrade, I noticed that programs requiring things such as java applets where not loading at all or slow to load. I uninstalled the upgrade and went back to Firefox 3.56. After that, we started getting Pop Ups, the commercial type. Our Pop UP blocker is enabled, but these Pop Ups are obvious, not the norm. At the time we had Malware Bytes on our computer and it had been scheduled to run everyday at 6pm for over the past year now and did so faithfully. I went to do a scan and noticed that it had disappeared from my System tray. I went into my Programs list to try and execute it from there only to get a "missing dll" file error message. So, I went on the net to download another copy of the installation for Malware Bytes, ran it and right at the end of the installation, received the same error. That evening, I downloaded a fresh copy of "Combo Fix", ran it, and got my report. But yet the Pop Ups still continued. The next day, I installed a purchased licensed copy of Kaspersky Internet Security 2010, ran a full scan, it found 1 virus, and 1 Trojan. Still Pop Ups, today Kaspersky is still picking up Trojans, we are up to 9 now, but still Pop Ups. Kaspersky has reported the following:

VirusRootKit.WIN32.TDSS.Y ( 1 Event) Disinfected
Trojan Program Trojan-Downloader.JS.Agent.fce (1 Event) Status not Know
Trojan Program Trojan.WIN32.Monder.DDMB (7 Events) Deleted
Trojan Progam Trojan.WIN32.StartPage.ehg (1 Event) Deleted

Ok, moving on. Kaspersky is not getting rid of it period. I think is is getting worse. I have turned off system Restore before running any thing to try and get rid of this.

Next, I installed Symantec Trojan Vundo Removal Tool 1.5, ran it was told I did not have Vundo.

I followed your instructions for getting started here before posting. I was unable to run the DDS application, it ran but I never saw the small black window, but notepad did come up and the text was not readable. I was able to run GMER. I have attached both reports.

I am running Windows XP Home Edition
Mozilla Firefox 3.56

Thank you for being here, I hope to hear back from the Forum soon. Hope you can help us.

Kind Regards,
Raelllen89

PS. I cannot upload the DDS text file/log, it is too large. I do not think you could read it anyways, as it is not normal readable text.

PSS> I have posted this again in another Forum because I am not getting any replies, I am still infected with many variants of Vundo and nothing is removing and most tools I use are geting messed up trying. if anyone can help please

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 21 March 2010 - 08:01 PM

Hello.

I see that you have a topic opened in the Malware Removal forum now: http://www.bleepingcomputer.com/forums/t/303814/pop-ups-vundo-virtumonde/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Note:

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Response Team.


To avoid confusion, I am closing this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users