Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying To Fix Imsmn.exe & Vundo Bugs


  • Please log in to reply
4 replies to this topic

#1 Papanik

Papanik

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 24 June 2007 - 01:11 AM

I suspected I had acquired a bug, began poking around and discovered that program IMSMN.EXE did not want to go away in the processes list. I researched the issue and found a discussion of and fix for it on your site and signed up. As recommended in that post I am following your ”Preparation Guide for use before posting a HijackThis Log” dated Nov 10 2005, 12:52 PM.

At the moment I am in the second pass of Housecall Anti Virus. I’m getting the pop-up “Windows – No Disk” “Exception Processing Message …” about which I just found another post on your site from about a week ago; a virus called Vundo.

My question is; should I proceed to follow your preparation guide, do the HJT log for review, and proceed to handle the original problem, then deal with the Vundo issue, or should I follow a different plan? Also in your preparation guide, it is unclear to me if you are suggesting we clean with Housecall, Panda, and Bit Defender, or just pick one to clean with before updating and cleaning with our on board virus protection (mine is Norton 360).

Thanks in advance for your response.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:38 PM

Posted 24 June 2007 - 06:39 AM

You can use the tools below to remove the Vundo infections. Bit Defender online scan is good to use because it will remove what it finds. Super Antispyware will remove Vundo, Smitfraud, and other trojans.
Please download http://www.atribune.org/content/view/24/2/
to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Use Virtumundobegone if Vundofix doesn't work.
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Download VirtumundoBegone and save it to your desktop.


Now reboot into Safe Mode.


This can be done tapping the F8 key as soon as you start your computer


You will be brought to a menu where you can choose to boot into safe mode.


Select safe mode with networking using your arrow keys on the keyboard and then press enter.


When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,


Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.


Exit when it has finished, and reboot back to normal mode.

--------------------------------------------------------------------------------

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How To start Windows in Safe Mode
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Papanik

Papanik
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 24 June 2007 - 01:29 PM

Thanks for the response Buddy215, but VundoFix didn't find anything and the VirtumundoBeGone site couldn't be found.

#4 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:38 PM

Posted 24 June 2007 - 01:49 PM

Did you click on this link?
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
It is only 95kb and I just clicked on the link and downloaded it.

If that doesn't work for you, finish the other instructions. Super Antispyware removes Vundo, also.
Super Antispyware removes Smitfraud malware (which you have) but if it doesn't remove all of it, there is another tool
called Smitfraudfix. Instructions are in the link below.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Edited by buddy215, 24 June 2007 - 01:59 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Papanik

Papanik
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 24 June 2007 - 02:26 PM

My error locating VirtumundoBeGone.

Found it and ran it in safe mode both with and w/o networking. Neither scan found anything although I continue to get the Vundo symptoms (see my 1st post) whenever I try to go to the Housecall site and run it.

Now that I think about it, I consistently get that pop up (about 6 or 7 times if I hit Continue) as soon as I hit Next to have Housecall scan the entire computer [that's how I got Housecall to complete its first pass - it found a few cookies and cleaned them]. That's also the first time I recall seeing the pop up. Coincidence? I wonder if Housecall is somehow inadvertently triggering this as it begins the scan - and maybe I don't really have Vundo???

I will continue with the other instructions as you suggest and get back to this topic with results. Thanks again for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users