Member Avatar for grungetta

Hi there,

I'v had heaps of problems lately, symptoms like popups to anti-virus software sites, adult sites, system restarting. It seems I have successfully removed some trojans, but with this particular one, it just keeps coming back.

Whenever I attempt to delete the Virtumonde in the registry - even in safe mode, after it has been deleted from AdAware, TrojanHunter, and even PCCillin, I immediately see my explorer in the background flash and reset, and when I scan again, the registry key has been replicated.

I have been using HijackThis, AdAware, TrojanHunter, Ewido, PCCillin, in safe mode and in normal mode, and I have been using CTCleaner and restarting my Windows after each fix, but to no avail, this one just keeps coming back!

If you have any information that could be of assistance, your post will be much appreciated.

Cheers!

  • 4 Contributors
  • 3 Replies
  • 127 Views
  • 1 Year Discussion Span
  • Latest Post Latest Post by EddyJawed

Recommended Answers

All 3 Replies

Member Avatar for kylethedarkn

To do anything we need your HiJackThis log if you don't have this downloaded you can download it from here.

After you download the zip extract the contents to a permanent folder such as C:\HJT or something similar.

Post the HJT log in your next reply.

Member Avatar for tayspen

Along with that, go ahead and do this.

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Member Avatar for EddyJawed

Hi,

Another way to fix Vundo is:

1. Get a free spyware scanner to locate the .dll file. Make a note of this file and where its kept (in my case the trojan kept dropping the file in C:\Windows\System32 folder with all kinds of names for the dll files).

2. Get your windows XP startup recovery disk, boot your PC up with it - and using recovery console option 'R' go to the file location in the Dos like console, and delete it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.