Vundo virus

Status
Not open for further replies.
Oh yeah!

Reboot run it again post new log and neew HJT log!

You were eat up!

See edit in my last post!

Mike
 
Totally infested like a dog with so many fleas it is being "eat up"!:)

An American saying!

Mike

EDIT: yes both!
 
One more thing I am surprised is still there.

So 1 more tool!

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-clickto RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Copy and paste the Report.txt file to your next post.

Mike
 
Hopefully after I see a new HJT log.

Have you had a Norton - Symantec product before?

And a status report how is it running.

mike
 
I had Norton over 2yrs ago and delted it due to errors....

HJT attached...

just found out, i got now system restore point...

no entry in regedit either...
linked to vundo you think ?
 
Ok

HJT Remove below

O20 - AppInit_DLLs: qnlifb.dll

OK for wife to go now but you and I will finish a few detials tommorow.

I will post.

Run another MBAM and SAS but only while sleeping or at work!

Mike
 
just deleted another 1 from HJT...
refernce to BTinternet...
old service provider..!!

now gonna run MAM n SAS....

Wife 2 B can hang slack bud..

this pc is linked to ptr for daughters homework on printer..
i want it running tip top !
 
We will get it that way but for now i am headed to Dinner and a movie!:)

It has a few performance issues but you should be clean.

I will look at new logs when I return.

Mike
 
Hi Paul

Did you not do post 35: O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab

and

Post 38: O20 - AppInit_DLLs: qnlifb.dll

If not then run HJT delete them and post new HJT log.
----------------------------------------------------------------------------------------------------------------------------------
OK lets see if we can't get rid of norton (Norton/Symantec is extremely hard to eradicate)

Drag mouse copy for pasting all inside the box below

Code: 
@echo off
cd\
attrib  -h -s -r norton*.* /s  /d >"%USERPROFILE%"\Desktop\NortonLeftOvers.txt
echo ...............................................
dir /b /s norton*.* >>"%USERPROFILE%"\Desktop\NortonLeftOvers.txt
echo ................................................
del /s norton*.* /f /q >>"%USERPROFILE%"\Desktop\NortonLeftOvers.txt
rd /s /q norton*.*

attrib  -h -s -r syman*.* /s /d >"%USERPROFILE%"\Desktop\SymantecLeftOvers.txt
echo .................................................
dir /b /s syman*.* >>"%USERPROFILE%"\Desktop\SymantecLeftOvers.txt
echo ..................................................
del /s syman*.* /f /q >>"%USERPROFILE%"\Desktop\SymantecLeftOvers.txt
rd /s /q synan*.*
exit
exit

Then open the command prompt and paste directly to the Black screen.

Attach the norton and symantec files created on the desktop.

Then go here do all in this post except the registry editing we will do that differently and deeper.

https://www.techspot.com/vb/post560473-8.html
Note when you run rnav2003 do all versions but decline to reboot until the last one (no need to reboot 4 times)
----------------------------------------------------------------------------------------------------------------------------------

SYMMSICLEANUP.reg ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg

Save the file to the Windows desktop.
If using Firefox. Right-click the following link and then click Save Link As to download the file.

On the Windows desktop, double-click SYMMSICLEANUP.reg,
Click Yes when prompted, and then click OK.

Download RegSeeker http://www.hoverdesk.net/dl/en/RegSeeker.zip

Unzip install and run.

Click Find in Registry
type
norton
delete all it finds

do same process with Symantec

You are finally clean of Norton/Symantec.

Enough for one post.

Good night,
Mike
 
Good morning from here anyway

Apparently Bobbye did not read all we did in post #43, that entry no longer exists anyway but the one below does.

After you do the below Last thing do a HJT Scan only and remove
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

Delete all the log files we created on the desktop.

Then cut and past operation on the box in my last post.
I had a typo and added a couple of lines.

Then send me the norton and syman files again.

After all above now delete the entry above and send HJT log.

Mike
 
Apparently Bobbye did not read all we did in post #43, that entry no longer exists anyway but the one below does.
After you do the below Last thing do a HJT Scan only and remove
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -
Click to expand...
Look up the CLSID: It is related to Symantec products, specifically 'Related to Symantec Script Runner class.'
So the SymantecLeftOvers.txt did not fully remove the entry, which was why I suggested the Norton Removal Tool.

This bother me:
Then cut and past operation on the box in my last post.
I had a typo and added a couple of lines.
Click to expand...
You instructed the use to enter code but now said there was a 'typo' and you added lines? It would be of concern what happens if the incorrect, too short code is used.
 
Paul

Please, please excuse and ignore this entire post as it has nothing to do with you or your thread!

Bobbye from my very last post can you not see this or just intent on finding fault O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

Good morning from here anyway

Apparently Bobbye did not read all we did in post #43, that entry no longer exists anyway but the one below does.

After you do the below Last thing do a HJT Scan only and remove
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

Delete all the log files we created on the desktop.

Then cut and past operation on the box in my last post.
I had a typo and added a couple of lines.

Then send me the norton and syman files again.

After all above now delete the entry above and send HJT log.

Mike
Click to expand...

I glad you worry for me I am not perfect I make mistakes I admit and take responsibility and correct my mistakes.

But I am glad someone perfect mistake free like you is worrying for me.

So continue worrying and let Paul and I finish up, we have cleaned his infections and are now doing some other general system cleanup!

You have found fault several times in this post on things that were not faults at all but had already been addressed. Actually the same ones twice!

Find something real and I will thank you.

Mike
 
I was only point out the the Norton entry had not been remove using the program you gave.

Paul, this post was inappropriately put here. My apology to you, TechSpot members can contact each other privately and should not drag out personal matters at the expense of the person with the problem.
 
Hey guys....

dont fall out over me,

i read everything..!! and take advice where needed and really appreciate the help given..


Thanks again..
 
Status
Not open for further replies.

Similar threads

B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
8K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
midian182
Save now on HP laptops, powerful gaming PCs, and accessories, all discounted and in-stock
Replies
0
Views
1K
midian182
midian182

Latest posts

Back