I tried (against my better judgement) running a national geographic screensaver from a less-than-reliable source, and since then my antivirus has been telling me that I have files infected with this win32/vundo.aat trojan. Every time it pops up to tell me that it's found it again, it says I need to reboot the computer to permanently clean infected files, but It keeps coming back.
The file paths for infected files are:
C:\WINDOWS\system32\cbXQGYQh.dll
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\V64W3Y44\ico[1] (I don't use IE by the way)
When I search for these files, either through explorer or the search tool, they don't seem to exist.
I tried running Symantec's vundo removal tool, and it told me that it couldn't find a trace of it.
Can anyone tell me where it hides out, or how to kill it for good?
I'd be most grateful for any ideas.
Tags: