Question:

Vitumonde(vundo) VIRUS !!!!!!!!!!

by  |  earlier

0 LIKES UnLike

i has mcafee plus 2008 with avg antispyware 7.5. When i turn on my computer mcafee popup open and say virus vundo,vundo,vundo removed. I think that virus is already deleted nd i safe and i scan my computer and its find vundo again. and after all that ways i thought i was clear from vundo virus.But no,when i turn on my computer again mcafee popup open again and said vundo virus removed again.it always like that until now. Someone has solution? Are i must change another antivirus that can delete that virus forever from my computer??! And why that virus infected my computer again and again??

 Tags:

   Report
Answer The Question I've Same Question Too

5 ANSWERS

Sort By: Date  |  Rating

  1. The virus hide itself in the system restore folder.

    Whenever it is deleted, Windows will restore it.

    Your only solution Avast.

    Avast boot scan in Windows safe mode is the most effective way to get rid of stubborn trojans and viruses that keep coming back to haunt you. These trojan and viruses hide themselves in system restore folder and many anti-virus programs cannot get rid of them. So whenever, you restart your PC, the viruses are restore back by WIndows.

    Avast boot scan help to get rid of them in the system restore folders and ensure your system are clean.

    Anti-virus installation

    http://www.avast.com/eng/download-avast-...

    How to configure ?

    http://www.infodiv.unimelb.edu.au/soe/an...


  2. use manual removal instructions

    http://removers.volyn.net/2007/08/16/rem...

  3. Follow the instruction on the link below to clean your computer

    10 easy step virus and spyware removal using free software

    http://www.review-ninja.com/2008/08/10-e...

  4. mcafee is removing the vundo trojan, system restore is putting it back.

    1. turn off system restore

    2 boot in safe mode

    3. run mcafee

    4 re boot if clean turn on system restore.

    this should do the trick if not run:

    http://www.bleepingcomputer.com/forums/t...


  5. Ok. I finally fixed this myself. This rootkit is one tricky mfer. To fix the issue follow these steps..

    1 Run VundoFix.exe tool.. you can download it all over the place

    2 Edit your boot.ini file and add a second boot option and set it as safe mode

    3 download barts pe and create a basic XP preinstallation CD

    4 If you're not going to attempt a system restore you should turn it off and delete the restore points.

    Then....

    Boot normally. .... run vundofix, when you computer reboots itself, select the safe mode from the boot loader.

    in safe mode open the registry with regedit,

    go to HKLM>Software>Microsoft>Windows>Current Version>Run - delete all values that start with rundll32.exe

    do the same scrub under HKCU and HKEYUSERS>SID to make sure you remove it from all profiles

    put the Barts PE cd in the computer then reboot and boot to the CD.

    once in barts open the a43 file management utility and navigate to C:\Windows\System32

    you will see several DLL's that are hidden and possibly marked as readonly. Delete them.. If fact I recommend deleting all files that are hidden in this directory. Search for RUNDLL32.exe and rename it to RUNDLL32.EXEBAD

    restart the computer (remove the cd) and boot back to safe mode. Run VundoFix again and HijackThis scan and fix of BHO objects and any BS services that were added. Also reverify that the registry scrub done earlier still looks clean. If so reboot into normal mode and install all the latest MS security patches and update your antivirus and run one final scan.

    If you do this in the right order you should be clean.

    As a final step you might want to download the rootkit revealer tool from microsoft and run it to double check you have not missed anything.

    Hope this helps.. it will work if done properly.

You're reading: Vitumonde(vundo) VIRUS !!!!!!!!!!

Question Stats

Latest activity: earlier.
This question has 5 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Register Now