Can't get rid of Vundo virus - keeps reinstalling itself

Welcome to Major Geeks!

You also forgot to attach the requested log from MGtools which we need to continue; however, before doing this, please do the below.

First run MSconfig and select Normal Startup as we requested in step 1 of the READ & RUN ME.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Check Add/Remove Programs for any of the below and uninstall if found.
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar



Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Backup you Favorites from FireFox and then uninstall FireFox then reboot and delete the below folders:

C:\Program Files\Mozilla FireFox
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox

Then download and install FireFox from here: Mozilla FireFox

A ton???? Destop.ini files are quite normal. You probably never saw them before if you have system files hidden. Now they are unhidden.

I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

Please run the below then reboot. After reboot run it one more time.
Norton Removal Tool (SymNRT)


You did not run this next step as requested in my last message. Please do this now.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Spybot - Search & Destroy 1.5.2.20

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

After clicking Fix, exit HJT.

Now delete the below two files. The first is very old and the second is not where we asked you to save and run MGtools.exe from. If you save it anywhere but where we request, it may not always run properly and it can be suspected as being malware.
C:\Documents and Settings\All Users\Desktop\spybotsd14.exe
C:\Documents and Settings\Owner\My Documents\Downloads\MGtools.exe

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!