Infected with vundo - need removal help

By xavier100 ยท 5 replies
Mar 21, 2009
  1. my pc is infected with the vundo virus (vundo!grb). I need help removing it. Please, if you can help me, I would appreciate it very much.

  2. kritius

    kritius TS Guru Posts: 2,084

    I need you to follow all the steps HERE and then post back with the three requested logs as attachments

    • Malwarebytes
    • SAS
    • Hijackthis

    Dont forget to make sure that Malwarebytes is set to remove the results.
  3. xavier100

    xavier100 TS Rookie Topic Starter

    Ok, done with the 8 steps

    attached are the logs

  4. kritius

    kritius TS Guru Posts: 2,084

    Fix entries using HiJackThis

    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    O3 - Toolbar: (no name) - {8D911181-10AA-4B3E-BC7F-8D4AD359921B} - (no file)
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O20 - AppInit_DLLs: C:\WINDOWS\system32\saduyome.dll c:\windows\system32\niresibu.dll

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Download random's system information tool (RSIT) by random/random from HERE and save it to your Desktop.

    • Double click on RSIT.exe to run.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt <will be maximized and info.txt <will be minimized
    • Please post the contents of both logs in the next reply.
  5. xavier100

    xavier100 TS Rookie Topic Starter

    Done. attached are the two logs

  6. xavier100

    xavier100 TS Rookie Topic Starter

    everything seems to be back to normal.

    Thanks Kritius
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...