Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Figuring Out Vundofix In Order To Remove What Might Be Winfixer?


  • Please log in to reply
7 replies to this topic

#1 Hobbes

Hobbes

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 26 June 2006 - 04:10 AM

WinXP pro

I was referred to this thread http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/ after posting the following in cnet forums.

Getting ride of ErrorSafe & Winsoftware. WinAntiVirusPro2006
These two buggers showed up and won't go away. They don't so far seem to work on opera. But they will persist on bugging me in IE, I have been forced to set my IE security to max, its the only way to stop their multitude of popups of "installing &/or downloading their software" where each one you close brings up a new one (sometimes set in the install buttons fashion, sometimes in a window, each one different)

Spybot has removed these "cookies" again and again (according to history 7 times for one, 6 for the other) But they keep coming back. I also have adaware, zonealarm, AVG antivirus, spywareblaster, counterspy.. None of the rest of these find anything/stop these buggers. Only spot bot finds em and its only a temporary measure.


I am also awaiting help in a hijackthis forum(a different one) More recently the name mentioned on the popups has changed to systemprot but the resulting popups are identical.


Anyways, the vundofix thread. I was experimenting with VundoFix. I had it do a scan not as a task. It found a number of entries, I checked one of them and told it to remove it. It restarted my computer even though I could have sworn I told it not to :thumbsup: Anyways when I restarted I did a scan again. It came back with nothing (even though I only checked one entry, maybe it erased em all anyways? maybe taking out the one file caused the others to go away?)

When I check run as task, vundofix closes down, but never restarts. Tried many a time, it just won't run as a task.

That link, it refers to entries. Entries in what? Hijackthis? I had no such entries in hijack this, yet the program seemed to have found infection.

How do I know if the infection has gone away or not or if there is more infections? Could the virus having lost one of its files now be masking itself to prevent more removal? The thread keeps saying "if the infections still present" but not how to determine that.

Edited by Hobbes, 26 June 2006 - 04:12 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:55 PM

Posted 26 June 2006 - 08:16 AM

I am also awaiting help in a hijackthis forum

After posting a log (regardless of where) you should NOT make further changes to your computer (install/uninstall programs, use fix tools, delete files and other items on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted and can complicate the malware removal process.

If you have already been doing some of these things on your own, be sure to advise the expert who is helping with your log.

Also some newer variants of vundo target Hijackthis.exe and hide certain entries so there are no signs in a log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Hobbes

Hobbes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 26 June 2006 - 03:40 PM

So why can't I run vundo as a task?

Also some newer variants of vundo target Hijackthis.exe and hide certain entries so there are no signs in a log.

I'm not sure I follow what your saying here. You mean vundo intentionally hides what it suppose to destroy? Why recommend its use then?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:55 PM

Posted 26 June 2006 - 04:19 PM

I'm not sure I follow what your saying here. You mean vundo intentionally hides what it suppose to destroy? Why recommend its use then?

Some newer variants of the vundo infection, NOT the vundofix tool, target Hijackthis.exe and hide certain entries so there are no signs in a log.

And as I said before, since you already posted a log it's not a good idea to keep experimenting with special fix tools or make further changes to your computer unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted and can complicate the malware removal process.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Hobbes

Hobbes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 26 June 2006 - 09:31 PM

So why won't vundofix run as a task? Why is it no longer able to find any infection, even though I only deleted one of the files it found the first time? *points up to all the stuff he said and asked*

#6 Hobbes

Hobbes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 30 June 2006 - 02:42 AM

*bump*

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:55 PM

Posted 30 June 2006 - 06:41 AM

So why won't vundofix run as a task?

Try moving VundoFix.exe to the root directory (usually C:\) and run it as a task from there.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Hobbes

Hobbes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 15 July 2006 - 01:40 PM

My drive is partitioned into C:\ & E:\, XP pro is in E:. Are both C & E considered root directories for this purpose?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users