Question:

Can anyone tell me how to get rid of vundo trojan?

by  |  earlier

0 LIKES UnLike

I tried (against my better judgement) running a national geographic screensaver from a less-than-reliable source, and since then my antivirus has been telling me that I have files infected with this win32/vundo.aat trojan. Every time it pops up to tell me that it's found it again, it says I need to reboot the computer to permanently clean infected files, but It keeps coming back.

The file paths for infected files are:

C:\WINDOWS\system32\cbXQGYQh.dll

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\V64W3Y44\ico[1] (I don't use IE by the way)

When I search for these files, either through explorer or the search tool, they don't seem to exist.

I tried running Symantec's vundo removal tool, and it told me that it couldn't find a trace of it.

Can anyone tell me where it hides out, or how to kill it for good?

I'd be most grateful for any ideas.

 Tags:

   Report

4 ANSWERS


  1. I am dealing with the same devil for the last 30 hours....Wikipedia explains  HOW it works.......even the SuperAntiSpyware that Wikipedia reccomends has not worked....keep me posted ....and I you......


  2. If you suspect that it is from the screensaver you can do a search for files that were modified on the day you downloaded the screen saver.  

    Or you can try ad-aware.  http://lavasoft.com/single/trialpay.php

    ...the free one.

  3. Download SuperAntiSpyware and scan the Computer

    - http://www.superantispyware.com

    Download SDFix -http://www.bleepingcomputer.com/forums/t...

    Download MalwareBytes AntiMalware

    - http://www.malwarebytes.org/mbam.php

    - Update and Scan

    These are the same tools that  used when my computer was infected with vundo

  4. This was horrible and annoying as h**l to get rid of.

    The tool from Norton doesn't work

    Before you do anything get an up to date virus scanner and get ready to do a lot of scans and restarts as the virus attaches itself to the winlogon service which starts before any anti virus will start.

    Recommend Computer associates E-Trust anti virus.

    Make sure to scan any USB flash drives and external HDDs that's connected to the machine as well. It didn't affect any computers through the network just anything directly connected to the machine. Even if you have a card reader and inserted an SD card it will be there.

    And if you had friends come over to connect their USB drive etc to your comp they'll have it. It doesn't seem to affect vista machines.

    It hides in the recycle bin as a hidden system file as well as the actual program executable in windows system 32.

    When winlogon starts the virus will restore the executable in system 32 with the executable hidden in the recycle bin.

    And also the second it looks like it is removed go to Internet explorer options and reset the Internet explorer.

    Right click on thee Internet explorer icon - properties - Advanced tab - reset button at th bottom

    Do this at the very end before you attempt to use the internet as it installs itself as an IE Plug-in and take you back to the beginning. :S

    Good Luck may the force be with you....

Question Stats

Latest activity: earlier.
This question has 4 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Unanswered Questions