How to remove Trojan:Win32/Vundo.gen!A

Discussion in 'Malware Help (A Specialist Will Reply)' started by tapasbni, Mar 21, 2008.

  1. tapasbni

    tapasbni Private E-2

    Hi ,

    I am getting complain from my Windows OneCare about the failure of removal of Trojan:Win32/Vundo.gen!A from the past 3-4 days.
    I have followed the procedures mentioned in READ & RUN ME FIRST. Malware Removal Guide but it did not help.
    The significant change in my system from the past one week is the installation of CorelDraw X4 grphics suite application and windows OneCare.
    Otherwise I do generally download movies from the torrent sites(like desitorrents,bwtorrents,dctorrent,etc)using ABC torrent client and play them sing vlc media player.
    Here I am attaching the resuired logs.Please help me to resolve this issue.

    --Tapas.
     

    Attached Files:

    tapasbni, Mar 21, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You actually don't look too bad...let's do this:

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.

    Be sure to tell us how things are running.
     
    TimW, Mar 21, 2008
    #2
  3. tapasbni

    tapasbni Private E-2

    Thanks for you help.
    But the problem persists even after I performed your prescribed actions.
    I did run the Windows OneCare scap right after the cleaning operations and it is still listing the Vundo.But unable remove.
    Here I am attaching the updated MGtools logs.
    Thanks in advance for your further help and suggestion.

    Happy Easter!

    --Tapas.
     

    Attached Files:

    tapasbni, Mar 22, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please tell me exactly what it is reporting and the full path to the file(s).
     
    TimW, Mar 22, 2008
    #4
  5. tapasbni

    tapasbni Private E-2

    The file search with string "*Vundo.gen!D" does not result anything but the Windows Live OneCare scan always reports about the virus.Please find attached the screenshot of the Scan Report.

    --Tapas.
     

    Attached Files:

    tapasbni, Mar 26, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I'm not seeing it in your logs (which makes me wonder if it is a false positive), but to be sure:
    Go to Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

    Click-on the Detected Problems tab. Then select Click here to export the scan report

    When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
     
    TimW, Mar 26, 2008
    #6
  7. tapasbni

    tapasbni Private E-2

    Please find the required bdscan report attached.It seems nothing found in the scan.But my windows onecare daily scan still found the vundo.

    --Tapas.
     

    Attached Files:

    tapasbni, Mar 27, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you have the option.....tell OneCare to ignore it ( as I think it is a false positive).

    Can you not take the title bar and slide it over to see where the file is ....?
     
    TimW, Mar 27, 2008
    #8
  9. tapasbni

    tapasbni Private E-2

    While checking through the Windows One care quarantine section I found the infected files list and their location.
    The quarantine section's snapshot is attached.
    It seems one care is able to quarantine but failed remove the infection from the system.

    --Tapas.
     

    Attached Files:

    tapasbni, Mar 28, 2008
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The files you gave me a screen shot of are quarantined and no longer effecting your system...I'm not familiar with OneCare but you should have the option to remove them. It is doing its job. :)
     
    TimW, Mar 28, 2008
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds