Help me rid of Vundo

[kittengod094]

i have JUST recieved Vundo and must type this thru my Wii. i have no internet connection that won't take 4 days to download those programs and I'll do anything to save my computer. the Vundo virus file (main) is named vtuustr.dll and I cannot delete it. the virus is logged in as an NT AUTHORITY and is using the file winlogon.exe to avoid deletion. my virus protection is decent and is managing to prevent the virus from making anymore files. i am very tired so i'll check back in a while. there is a good chance that i'll have DIALUP tomorrow but i don't know. all help is appreciated! thnx.

 

[subcan]

here is some info on this virus and a program to remove Vundo
http://forums.spybot.info/showthread.php?t=22621

there is also a fix tool on Symantec:
http://securityresponse.symantec.com/avcenter/FixVundo.exe
page describing use of tool: http://www.symantec.com/business/security_response/writeup.jsp?docid=2004-112210-3747-99

I hope that this helps. I would try the symantec first.

 

[kittengod094]

Okay, I'm still on my Wii but I'm a little bit less stressed out. I think I figured out a way to delete vtuustr.dll w/o any programs. I booted the computer up in diagnostics mode (minimal processes used) and the task manager reports the normal # of svchost.exe processes running (with virus it hits 6-7 of these and normal is 2-3...i hope). I am running a complete scan of the WINDOWS file. I hope i can rid of this once and for all. don't worry, I'll download the programs still and report back later so you may review. wish me luck! thnx

 

[kittengod094]

unfourtunetly, my idea failed, but I learned quite a bit. i have a question so please answer it. can you manually log an NT AUTHORITY off of the computer? thnx in advance

 

[kittengod094]

great news! i have managed to rid myself of Vundo with the bare minimum of programs! i used only HighJackThis and combfix (i known that's not right but eh)! i know that i'm still at risk, but i've made my antivirus foolproof and if i ever see it again, i'll post my HJT log. thnx for the help!

 

[subcan]

I am glad that you solved it. congrats.

 

[kittengod094]

woe is me... i fear that it may still be present but it isn't slowing down my comp. once again there are an abnormal number of svchost.exe running. i have checked my antivirus logs and it seems that NT AUTHORIY/SYSTEM deleted vtuustr.dll, which was the main file (i think) did the virus kill itself or grow bigger? HELP!

 

[subcan]

did you try the suggestions I made a few posts ago?

 

[kittengod094]

My Goodbye

I have just made the decision to perform a non-destructive system recovery and, in the event that the previous fails, I will scavenge what little I can onto CDs and do a full system recovery. I'll still be here, but I wanted to end this thread dramatically. Thank you for all your help.