Can not Remove Vundo after serveral attempts - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

May 16^th, 2008, 3:35am

   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Can not Remove Vundo after serveral attempts

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: Can not Remove Vundo after serveral attempts (Read 255 times)

Trojan2Hal
Newbie

Posts: 7

Can not Remove Vundo after serveral attempts
« on: Mar 30^th, 2008, 10:50am »

Quote

Modify

Well I've run TrojanHunter 3 times (rebooted each time) and Vundo is still present. This is with 3/28/08 Rule list. It finds Vundo.b and Vundo (2 different files) but each time it reboots it is back again.

Hal

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: Can not Remove Vundo after serveral attempts
« Reply #1 on: Mar 30^th, 2008, 12:03pm »

Quote

Modify

Please do the following:

1. Download/install program Hijackthis per the instructions in the link below.

http://www.misec.net/forum/board/FAQ/1163329424

2. Go to the link below and download program Combofix.exe and save it on your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

3. Temporarily de-Activate all your security programs EXCEPT your software firewall.

4. Close down as many programs as you can (programs in the Notification Tray- next to the clock).

5. Close your browser.

6. Double click on Combofix.exe to execute it and follow the instructions.

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

- When Combofix.exe is finished, it will save a log on your system.

7. Post the Combofix log back here

8. Run Hijackthis and post a HiJackthis scan log back here. DO NOT fix anything with HJT...just post the scan log.

Quote:

It finds Vundo.b and Vundo (2 different files) but each time it reboots it is back again.

Also please tell me which files TH is detecting as infections.

« Last Edit: Mar 30^th, 2008, 12:04pm by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

Trojan2Hal
Newbie

Posts: 7

Re: Can not Remove Vundo after serveral attempts
« Reply #2 on: Mar 30^th, 2008, 12:14pm »

Quote

Modify

Will do. Right now I am trying th in safe mode to see if that helps. It's only a 900 mhz laptop so it may take a few hours.

Hal

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: Can not Remove Vundo after serveral attempts
« Reply #3 on: Mar 30^th, 2008, 12:52pm »

Quote

Modify

Okay... But please do the procedure I provided above even if TH is successful in removing what it detects. I just would like to be certain that everything is cleaned out.

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

Trojan2Hal
Newbie

Posts: 7

Re: Can not Remove Vundo after several attempts
« Reply #4 on: Mar 30^th, 2008, 4:18pm »

Quote

Modify

While I was in the midst of doing all that Avast finally updated, noticed the new vundo, and then killed it so I never got to see if the combo*.exe was going to work. When I got the malware I loaded everything I could find, Avast being another. Nothing worked initially so it was the dark horse but your company certainly worked with me even on a Sunday which I find extremely commendable! But I guess Avast had people working on Sunday as well. And of course the jerks who update vundo are probably circle j****** and working as well (@!#$%&!).

Hal

« Last Edit: Mar 30^th, 2008, 4:18pm by Trojan2Hal »

IP Logged