Help Removing Vundo

Hello,

I've been trying to rid my laptop of the dreaded trojan.vundo that Norton picked up for about 24 hours. I have tried countless ways of running the FixVundo from Symantec. I have run it with system restore off, in safe mode, with all other programs shut down and even with winlogon and explorer suspended. No dice. Last night I stumbled upon the forums here in my search for answer, and proceeded to follow all the steps listed in the DO NOT POST UNTIL YOU HAVE READ THIS post. So now here I am, still infected and wondering where to go from here. Please help. Thanks

Zak

 

After doing ALL of the step in our sticky you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Here is my HJT file. I followed the instructions you provided in the link. Please let me know where I should go from here. Thank you very much

Zak

 

Look in Add or Remove Programs an Unistall, MyWay, MyWay Search, MyWay Web Search or similar sounding programs. Also uninstall and terminate the CWShredder service.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  
  it should look like this

• At this point press enter one time.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\ddcca.dll​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\accdd.*​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
• Once your machine reboots please attach a fresh HJT log from normal mode.

 

Thank you very very much for your help. I followed your instructions and now booted in normal mode to no virus alert . Here is the HJT file you requested. Please let me know what I need to do from here if anything. And once again I cant thank you enough for all this help. It is vastle appreciated.

 

Your HijackThis log is clean. How is your system running?

 

System is running great. Nice and smooth, loading quickly. No problems. Thanks again so much for the help. Not sure how I would have gotten this sorted out without your assistance.

Sincerely,
Zak