 |  |  |  |  |  |  |  |
Virtumonde - Does anyone know how to clean this?
 |
Hi there,
I'v had heaps of problems lately, symptoms like popups to anti-virus software sites, adult sites, system restarting. It seems I have successfully removed some trojans, but with this particular one, it just keeps coming back.
Whenever I attempt to delete the Virtumonde in the registry - even in safe mode, after it has been deleted from AdAware, TrojanHunter, and even PCCillin, I immediately see my explorer in the background flash and reset, and when I scan again, the registry key has been replicated.
I have been using HijackThis, AdAware, TrojanHunter, Ewido, PCCillin, in safe mode and in normal mode, and I have been using CTCleaner and restarting my Windows after each fix, but to no avail, this one just keeps coming back!
If you have any information that could be of assistance, your post will be much appreciated.
Cheers!
I'v had heaps of problems lately, symptoms like popups to anti-virus software sites, adult sites, system restarting. It seems I have successfully removed some trojans, but with this particular one, it just keeps coming back.
Whenever I attempt to delete the Virtumonde in the registry - even in safe mode, after it has been deleted from AdAware, TrojanHunter, and even PCCillin, I immediately see my explorer in the background flash and reset, and when I scan again, the registry key has been replicated.
I have been using HijackThis, AdAware, TrojanHunter, Ewido, PCCillin, in safe mode and in normal mode, and I have been using CTCleaner and restarting my Windows after each fix, but to no avail, this one just keeps coming back!
If you have any information that could be of assistance, your post will be much appreciated.
Cheers!
•
•
Join Date: May 2006
Posts: 599
Reputation: 
Solved Threads: 36
A.K.A. The Laughing Man
To do anything we need your HiJackThis log if you don't have this downloaded you can download it from here.
After you download the zip extract the contents to a permanent folder such as C:\HJT or something similar.
Post the HJT log in your next reply.
After you download the zip extract the contents to a permanent folder such as C:\HJT or something similar.
Post the HJT log in your next reply.
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Along with that, go ahead and do this.
Please download VundoFix.exe to your desktop.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Put a check next to Run VundoFix as a task.
- You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
- When VundoFix re-opens, click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Hi,
Another way to fix Vundo is:
1. Get a free spyware scanner to locate the .dll file. Make a note of this file and where its kept (in my case the trojan kept dropping the file in C:\Windows\System32 folder with all kinds of names for the dll files).
2. Get your windows XP startup recovery disk, boot your PC up with it - and using recovery console option 'R' go to the file location in the Dos like console, and delete it.
Another way to fix Vundo is:
1. Get a free spyware scanner to locate the .dll file. Make a note of this file and where its kept (in my case the trojan kept dropping the file in C:\Windows\System32 folder with all kinds of names for the dll files).
2. Get your windows XP startup recovery disk, boot your PC up with it - and using recovery console option 'R' go to the file location in the Dos like console, and delete it.
|
Similar Threads
- Clean Previous Next Script for MySQL results (PHP)
- Clean Your Prefetch to Improve Performance (Windows tips 'n' tweaks)
- T22 dirty screen how do I clean? (Monitors, Displays and Video Cards)
- help with clean win2000 install (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: How likely is it to be hijacked?
- Next Thread: windows cant load or open explorer.exe in normal mode! help!!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
