Vundo virus help

ahurwich · Feb 19, 2009

Hello,

My computer seems to have a Vundo virus. I was reading miscellaneous news articles online a few days ago when McAfee popped up saying it found a Vundo virus. I ran a few scans (McAfee, SpyBot), came up with a few viruses, and went about my business. The next day McAfee popped up with the same notification, so I searched for removal help and found this place.

McAfee has been finding and deleting Vundo, Vundo.gen.ab, Downloader, and some other Trojans (I would list them all but I neglected to write them down before clearing the quarantine folder...oops). I haven't been having noticable performance issues so far, but I'm getting ~10 virus notifications a day and I don't like that. I just finished the Read & RUN ME FIRST (logs attached). I'm hoping you can help me from here.

Thanks in advance for your help!

A

ahurwich · Feb 19, 2009

MGtools log attached.

TimW · Feb 20, 2009

Not to be a nag.....but you are running out of hard drive space.

The only things I see in your logs are these, so use windows explorer to find and delete:
c:\windows\ejaperulazex.dll
C:\WINDOWS\system32\rn.tmp

Now run CCleaner --> both the cleaner and the registry and make the backup when prompted.

Tell me what issues you may still have.

ahurwich · Feb 20, 2009

Ok. I'm not in front of my laptop right now, but I'll do it as soon as I am.

A clarification question: at what point do I toggle system restore? Do I wait for you to tell me to do so, or should I have done that after posting here?

Also, after I ran the run + readme, McAfee was still finding viruses every hour or so. Not sure if that's significant. Thanks for your help.

TimW · Feb 20, 2009

Do not toggle system restore until we are sure you are clean. You need to tell me exaclty what McAfee is reporting.

ahurwich · Feb 21, 2009

I found and deleted those two files, and ran CCleaner (cleaner and registry) on all accounts. I attached a screenshot of McAfee's Quarantine Manager--is that sufficient or do you need more info?

I haven't had any issues since the most recent virus detection listed in that screenshot, and my computer has started going to sleep after 30 minutes of being idle, which I have it set to do and which I realized it was not doing for the last 3 days. I have not had any more virus detections since running CCleaner, but that was only 10 minutes ago.

TimW · Feb 21, 2009

Then your AV software is doing it's job. Let me know if you have any continuing issues.

If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

ahurwich · Feb 22, 2009

Above steps completed with no apparent issues. One last question: when I boot up, I get a screen where I can choose to boot either MS Windows XP or MS Windows Recovery Console. Do I still need to keep the recovery console option, and if not, how do I get rid of it so I don't have to wait for that screen to auto-select Windows XP every time I reboot my computer?

Thanks for all your help.

TimW · Feb 22, 2009

You should keep that option, it may save you when you have a system failure. If you just have to remove it, post in the software section. But I would recommend keeping it.

You are welcome...safe surfing.

Log in or Sign up

Vundo virus help

ahurwich Private E-2

Attached Files:

combofixlog.txt

mbam-log-2009-02-19 (19-29-35).txt

SUPERAntiSpyware Scan Log - 02-19-2009 - 18-23-46.log

ahurwich Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ahurwich Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ahurwich Private E-2

Attached Files:

mcafeedetections.JPG

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ahurwich Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member