TechSpot

Vundo troubles

By atown11
Apr 8, 2009
Topic Status:
Not open for further replies.
  1. I have been infected with Vundo and need some help making sure I have gotten rid of everything. I have attached the logs from the 8 steps. Thanks!
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Here's a further 8-Steps: ;)

    Download the following 4 tools

    1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
    2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
    3. Restart computer and press F8 to run Windows in Safe Mode
    4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
    5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
    6. Run VirtumondoBeGone. Click Continue and wait for the report.
    7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
    8. Restart computer and run Windows normally.
  3. atown11

    atown11 Newcomer, in training Topic Starter

    OK I did the other steps and re-did the original 8 steps. Here is what I have for logs.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please locate C:\Combofix folder and then locate the Combofix log and attach that as well
    If you cannot find this log you can just as easily re-run ComboFix in Normal Mode again

    Uninstall your AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
    Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

    Restart

    Install Avira free AntiVirus
    Confirm Avira is updated by right clicking on the tray icon and selecting "Start Update"
    Then run a full scan with Avira and provide that log as well

    Restart

    Run a fresh HijackThis scan, and provide that log as well

    3 logs pending :)
  5. atown11

    atown11 Newcomer, in training Topic Starter

    The Combofix log was too big to attach so I had to split it into 4 parts. I will upload the HijackThis log on the next post.

    Here is the hijackthis log.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    BitTorrent found

    File Sharing Programs found in logs

    Info on using P2P Programs => http://www.techspot.com/vb/topic124748.html

    Quote from 8-Step Removal Guide:
    Also uninstall your McAfee Antivirus
    Then run the McAfee Removal Tool
  7. atown11

    atown11 Newcomer, in training Topic Starter

    I uninstalled McAfee and did the clean up. As for BitTorrent, I uninstalled it over a year ago so I did a search on my computer and deleted everything that was left over. Is there something else I should do in regards to BitTorrent?
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please run another ComboFix scan in Normal Mode
    And save the log to be supplied to a new reply (I usually save it to Desktop for easy access)

    Then restart and then run a fresh HijackThis scan and attach the log to a new reply
    By the way if you are very thorough you could actually go through the HijackThis scan yourself and check (place a tick) in each entry that has "file missing" ( or "no file") at the end of the entry, and then select Fix.
    Then restart again, and then provide a new HijackThis scan (run again) log (this will help you and me view the log much easier ;)
  9. atown11

    atown11 Newcomer, in training Topic Starter

    Here are the logs. I went through the hijackthis log but I only saw two "no file" and one was yahoo toolbar which I dont use so I did want to check it and then the other one I didnt know what it was so I didnt want to touch it. Let me know what you think. Thanks!
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please run HJT scan only
    Close your Internet Browser (IE or Firefor or whichever you use)
    Place a check mark (tick the box) next to the following entries
    And then select Fix
    Before restarting, run the Norton Removal tool

    Restart


    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    • [​IMG]
    • When shown the disclaimer, Select "2"
    (Note: 1 space after ComboFix in that uninstall command)


    Restart


    All should be OK :)
  11. atown11

    atown11 Newcomer, in training Topic Starter

    Thank you! I really appreciate it!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.