Hi there, and thank you for this site. My laptop/Windows XP (professional) has been infected with a couple variants of the Vundo Virus and something mcAfee calls "spyware-agent.bw.gen.e. I am having most of the problems your other forum members are experiencing (slow start up; looping and repetitious IE pop ups telling me to install mcAfee site advisor on a yahoo tool bar which I dont use; constant 100% process load in task manager, unable to boot in any form of safe mode, inability to run various malware removal tools)
I found your website while researching the issue and began to try to remove the viruses. I disabled system restore, In normal mode because I cannot access safe mode).
Then I backed up my personal files, ran mcAfee virusscan, emptied its quarantine file of over 35,000 (not a typo) files sitting there, emptied recycle bin.
Then I used cCleaner.
One of the first problems I encountered was not being able to access msconfig, in any way you or other sites suggested. i never resolved the problem, but I ran hijackthis.
Next I ran Superantispyware (log attached)
I ran Malwarebyte's antimalware (log attached) and encountered bad image errors.
At the end of my MBAM scan it identified about 30 infected files and I hit "remove the files" it began to do so then indicated about 5-6 could not be removed, and asked me to restart my laptop again to remove them. So I did immediately.
Before, during and after windows was loading on reboot I began to get "Bad Image" errors associated with many programs and a dll file "wifufulu.dll". MBAM identified the wifufulu.dll as malware in the scan. I assume this means the trojan/virus was trying to load at start up, and am wondering if that is right, and if so, has MBAM gotten rid of it? Here are the bad image files:
c:/windows/system32/Lsass.exe
c:/windows/system32/services.exe
c:/windows/system32/wifufulu.dll
c:/windows/system32/mbamgui.exe
c:/windows/system32/hkcmd.exe
c:/windows/system32/igfxtray.exe
c:/windows/system32/igfxpers.exe
c:/windows/system32/nerocheck.exe
c:/windows/system32/syntpenh.exe
c:/windows/system32/mcagent.exe
c:/windows/system32/WLtray.exe
c:/windows/system32/QTTask.exe
c:/windows/system32/iTunesHelper.exe
c:/windows/system32/Rundll32.exe
c:/windows/system32/ctmon.exe
c:/windows/system32/adobeupdate.exe
c:/windows/system32/reader_sl.exe
c:/windows/system32/MBAM.exe
Is this normal? I restarted my laptop later, without getting the bad image error messages, and re-ran malwarebyte's. it turned up one infected file- a trojan.vundo in c://windows/system32/- another "dll" file with the random name. I chose remove, but it seems obvious this trojan is embedded deep and not going anywhere.
What now? Some people say run combofix, but that scares me.
thank you soo much.
I found your website while researching the issue and began to try to remove the viruses. I disabled system restore, In normal mode because I cannot access safe mode).
Then I backed up my personal files, ran mcAfee virusscan, emptied its quarantine file of over 35,000 (not a typo) files sitting there, emptied recycle bin.
Then I used cCleaner.
One of the first problems I encountered was not being able to access msconfig, in any way you or other sites suggested. i never resolved the problem, but I ran hijackthis.
Next I ran Superantispyware (log attached)
I ran Malwarebyte's antimalware (log attached) and encountered bad image errors.
At the end of my MBAM scan it identified about 30 infected files and I hit "remove the files" it began to do so then indicated about 5-6 could not be removed, and asked me to restart my laptop again to remove them. So I did immediately.
Before, during and after windows was loading on reboot I began to get "Bad Image" errors associated with many programs and a dll file "wifufulu.dll". MBAM identified the wifufulu.dll as malware in the scan. I assume this means the trojan/virus was trying to load at start up, and am wondering if that is right, and if so, has MBAM gotten rid of it? Here are the bad image files:
c:/windows/system32/Lsass.exe
c:/windows/system32/services.exe
c:/windows/system32/wifufulu.dll
c:/windows/system32/mbamgui.exe
c:/windows/system32/hkcmd.exe
c:/windows/system32/igfxtray.exe
c:/windows/system32/igfxpers.exe
c:/windows/system32/nerocheck.exe
c:/windows/system32/syntpenh.exe
c:/windows/system32/mcagent.exe
c:/windows/system32/WLtray.exe
c:/windows/system32/QTTask.exe
c:/windows/system32/iTunesHelper.exe
c:/windows/system32/Rundll32.exe
c:/windows/system32/ctmon.exe
c:/windows/system32/adobeupdate.exe
c:/windows/system32/reader_sl.exe
c:/windows/system32/MBAM.exe
Is this normal? I restarted my laptop later, without getting the bad image error messages, and re-ran malwarebyte's. it turned up one infected file- a trojan.vundo in c://windows/system32/- another "dll" file with the random name. I chose remove, but it seems obvious this trojan is embedded deep and not going anywhere.
What now? Some people say run combofix, but that scares me.
thank you soo much.