Question:

PC Repair ?????

by  |  earlier

0 LIKES UnLike

A friend of mine has picked up what I think is the Trojan Vundo but I have run out of ideas on how to repair it because it seems to be blocking me from loading up any security websites - shows as page not allowed. Therefore I can't get rid of it because it doesn't seem to be showing on McAfee Anti Virus which he has running.

In the UK is there anywhere where the PC can be repaired and what are the prices?

Also does anyone have any ideas on what to do. The PC is a Dell Laptop.

 Tags:

   Report

6 ANSWERS


  1. Run Malwarebytes

    http://malwarebytes-anti-malware-1-16-fr...


  2. Vundo recreates DLLs so all of them must be removed at once otherwise Vundo will repopulate itself. Some programs may be able to fully remove Vundo such as VundoFix, Spyware Doctor, Windows Defender, or Hijackthis.

    If you wish to remove the virus completely on your own or if these methods do not work for you, you will need to determine which DLLs are being used by the virus and remove them. The DLL names can change since Vundo creates random names for its files. First off, run MSConfig. Check the Start Up and Services and disable anything with gibberish names. To be safe, run a Google search to determine if these are actually non virus related DLLs or not. In addition to disabling these, search for these DLLs on your machine and delete them. If you are unable to delete these files, keep track of them for deletion later. In any case, keep track of the DLL name for later. These are half of the DLLs associated with the virus.

    The primary root of the problem lies in the BHO (Browser Helper Object) and this is the tricky part of removing the virus. You can determine which DLLs are tied to the virus by going to Tools->Internet Options->Programs->Manage Add-Ons (IE7). Scan through the list of add-ons and keep note of the suspicious ones. Again, do a quick search on Google to determine if these are legitimate DLLs. If not, then keep track of the name and location of those DLLs (though they are likely in Windows\System32). Disable these just in case.

    Next, you'll need to reboot but utilize a clean bootup disk or alternative operating system (such as knoppix). Safe Mode may work for you, but some people will find Windows automatically loads the Browser Help Object DLLs even if you run in Safe Mode with Command Prompt only. In this case, it's impossible to remove those DLLs since they'll be "in use" and you must use a boot up disk or an alternative OS. Which ever the method you use, delete the all the DLLs you have noted as being associated with the virus.

    Finally, reboot your machine in Windows normally. Run MSConfig to make sure nothing new is there (no more suspicious entries are enabled in your start up or services), then run Regedit. Run a search on every DLL associated with the virus and delete all keys tied to the DLL. Make sure you scan the entire registry for each one as they may show up more than once. Finally, do a search for "MS Juan" and delete all keys associated with that too. Reboot one more time and check to see if you can find any traces of the virus.

  3. Try restarting the pc in safe mode and see if you can log into websites .. If that doesn't work then just use any other pc to download the programs that you're looking for, burn them on cd and install them on your friend's pc.  Download a program called Adaware from www.lavasoftusa.com

    it's quite good. Can't think of anything else besides formatting lol

  4. i think u shud firstly update d McAfee !!And den run a full scan !!

    and if dat doesnt help den run ur computer in safe mode after updating d antivirus program and run a full scan

    this should solve ur problem

    To run d comp in safemode , during booting wen d first splash on d screen is seen press F8 continuously  and den select d option Safe Mode!!

  5. Certain malware has been known to modify your Windows HOSTS file to  block access to a security web-site totally.. Perhaps this will help.

    First check your HOSTS file located at:

    Vista & XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC

    Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

    Win 98/ME = C:\WINDOWS

    Be sure and check-mark "Show Hidden Files and Folders" and uncheck-mark "Hide Protected Operating System Files" in your Folder Options first.

    Open HOSTS with notepad. A 'standard" MS HOSTS file will look like this:

    # Copyright © 1993-1999 Microsoft Corp.

    #  

    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

    #  

    # This file contains the mappings of IP addresses to host names. Each

    # entry should be kept on an individual line. The IP address should

    # be placed in the first column followed by the corresponding host name.

    # The IP address and the host name should be separated by at least one

    # space.

    #  

    # Additionally, comments (such as these) may be inserted on individual

    # lines or following the machine name denoted by a "#" symbol.

    #  

    # For example:

    #  

    # 102.54.94.97 rhino.acme.com # source server

    # 38.25.63.10 x.acme.com # x client host

    #  

    127.0.0.1 localhost

    ______________________________________...

    There should be no entries or IP addresses on the lines below "127.0.0.1 localhost". If there are other entries,  delete them, close notepad, and answer 'Yes" if prompted.

    Now to cure Vundo...

    VundoFix.exe is a specialized removal tool developed to remove Vundo (aka Virtumonde) infections.

    VundoFix removal tool is here:

    http://vundofix.atribune.org/

    It's free.

  6. Go to btexpress.page.tl this site helps anyone with almost all computer problems
You're reading: PC Repair ?????

Question Stats

Latest activity: earlier.
This question has 6 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.