Another needing help with Vundo trojan

Like other posts.........Been working on getting rid of the vundo trojan for more than a day now. Keep getting the norton notice, says things are removed, but also that some files can'r be accessed. Just found your site and just completed your required steps before posting. virus scan picks up the trojan. Says it affects 26 areas - one (ddaby.dll) under system32 file, and 25 under registry keys. I remove it and it says it is successful only to come back again. Have done your extra things too, as well as symantec's fixvundo. - everything says I'm good or vundo isn't identified- Have run in regular and safe mode, system restore is off, etc. I'm not too proficient in computer things/lingo, but please help!

 

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans? Were you unable to download any of the tools? Did you do the on-line scans as suggested?

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

I did all the steps. Please let me know if you need more information (and what it specifically would be. I have my log below. what now?

 

Look in Add or Remove Programs an Unistall, MyWay, MyWay Search, MyWay Web Search or similar sounding programs. Also uninstall and terminate the CWShredder service.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this

• At this point press enter one time.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\ddaby.dll​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\ybadd.*​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
• Once your machine reboots please attach a fresh HJT log from normal mode.

Now after you have completed all the above, go back and complete the scans requested in teh READ ME FIRST. Your log shows no signs of having completed any of the requested on-line scans.

 

will do.............how can it say I didn't run any of the programs? I went through every single one and did an optional one? Arg.....sometimes I swear my PC plots against me.

 

I couldn't find all of the quoted items to fix check. Only saw 2 and they said file missing afterwards. Tried to get out of it.........but now I have the blue screen and it won't reboot. I have a laptop (Dell inspiron 6000) I can't even get it to shut off

 

Press and hold the On/Off Switch. You may have to keep it pressed for 30 Seconds or longer. If that doesn't work, unplug the computer, then plug it back in and restart the computer.

 

OK - didn't realize I needed to hold it down for so long (had tried unplugging, but it automatically went to battery mode, I guess)

Do I rerun vundofix since I didn't find all the fixcheck items? Or rerun a hijacklog now that the norton notice isn't popping up anymore (breakthrough!)

(By the way - thank you so much for your patience)

 

You don't need to rerun the Vundo Fix. Post a freash HijackThis log as an attachment.

 

Updated Log. Again, thank you so much for your help. I will check back in the morning to check your response.

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to CWShredder Service ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

CWShredder Service

Now have HijackThis fix the follwoing:

Reboot and post a fresh HijackThis log.

 

updated log...........hopefully the last one, for now

 

OK, your HijackThis log is clean. How is your computer running?

 

looking good right now - I will actually try to start using it and see how it does. Thank you so much! I just wish I could repay you for your help.