Question:

Can anyone tell me how to get rid of vundo trojan?

by | earlier

I tried (against my better judgement) running a national geographic screensaver from a less-than-reliable source, and since then my antivirus has been telling me that I have files infected with this win32/vundo.aat trojan. Every time it pops up to tell me that it's found it again, it says I need to reboot the computer to permanently clean infected files, but It keeps coming back.

The file paths for infected files are:

C:\WINDOWS\system32\cbXQGYQh.dll

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\V64W3Y44\ico[1] (I don't use IE by the way)

When I search for these files, either through explorer or the search tool, they don't seem to exist.

I tried running Symantec's vundo removal tool, and it told me that it couldn't find a trace of it.

Can anyone tell me where it hides out, or how to kill it for good?

I'd be most grateful for any ideas.

Tags:

Report

Answer The Question I've Same Question Too

Follow Question

4 ANSWERS

Sort By: Date | Rating

I am dealing with the same devil for the last 30 hours....Wikipedia explains HOW it works.......even the SuperAntiSpyware that Wikipedia reccomends has not worked....keep me posted ....and I you......
Report (0) (0) | earlier
If you suspect that it is from the screensaver you can do a search for files that were modified on the day you downloaded the screen saver.

Or you can try ad-aware.  http://lavasoft.com/single/trialpay.php

...the free one.
Report (0) (0) |   earlier
Download SuperAntiSpyware and scan the Computer

- http://www.superantispyware.com

Download SDFix -http://www.bleepingcomputer.com/forums/t...

Download MalwareBytes AntiMalware

- http://www.malwarebytes.org/mbam.php

- Update and Scan

These are the same tools that used when my computer was infected with vundo
Report (0) (0) | earlier
This was horrible and annoying as h**l to get rid of.

The tool from Norton doesn't work

Before you do anything get an up to date virus scanner and get ready to do a lot of scans and restarts as the virus attaches itself to the winlogon service which starts before any anti virus will start.

Recommend Computer associates E-Trust anti virus.

Make sure to scan any USB flash drives and external HDDs that's connected to the machine as well. It didn't affect any computers through the network just anything directly connected to the machine. Even if you have a card reader and inserted an SD card it will be there.

And if you had friends come over to connect their USB drive etc to your comp they'll have it. It doesn't seem to affect vista machines.

It hides in the recycle bin as a hidden system file as well as the actual program executable in windows system 32.

When winlogon starts the virus will restore the executable in system 32 with the executable hidden in the recycle bin.

And also the second it looks like it is removed go to Internet explorer options and reset the Internet explorer.

Right click on thee Internet explorer icon - properties - Advanced tab - reset button at th bottom

Do this at the very end before you attempt to use the internet as it installs itself as an IE Plug-in and take you back to the beginning. :S

Good Luck may the force be with you....
Report (0) (0) | earlier