Help Removing Vundo

loganpetersen · Aug 1, 2007

I'm having some major problems removing Vundo from a desktop. Attached is the HiJackThis logfile. Please help in letting me know what to remove.

Thanks

TimW · Aug 1, 2007

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

CounterSpy

AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy

Bitdefender - from step 6

Panda Scan - from step 6

runkeys.txt - the log from GetRunKey.bat

newfiles.txt - the log from ShowNew.bat

HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

loganpetersen · Aug 1, 2007

Still having major issues after taking the suggested house cleaning actions. Trend Micro keeps finding the same Vundo over and over again and nothing I do can get it off. Any suggestions?

TimW · Aug 1, 2007

Download this file - Combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.
Attach the log in your next post.

loganpetersen · Aug 1, 2007

Thanks Tim, I actually read through and translated the HiJack This log and identified the problematic files, manually removed them, ran VundoFix in safe mode, deleted the files it found, restarted in normal mode, ran Trend Micro, and removed 83 infections. Thank you again for the reply though and I'll go ahead and run the combofix just to be sure.

-Logan

chaslang · Aug 1, 2007

If you had a Vundo infection, running VundoFix and even TrendMicro will probably not remove all of the related problem files. It is highly recommended that you complete what Tim requested in message # 2. But I will make a deal with you to possible save you time. Just get the requested ShowNew log from the READ ME and attach it. If it comes up clean, then perhaps you are done. If it does not come up clean, you really need to run the procedure.

chaslang · Aug 1, 2007

On second look, based on your HJT log first posted, you need to run the READ ME.

Log in or Sign up

Help Removing Vundo

loganpetersen Private E-2

Attached Files:

hijackthis.log

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

loganpetersen Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

loganpetersen Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member