Home > Possible Vundo > Possible Vundo Infection Not Cleared After Previous Help

Possible Vundo Infection Not Cleared After Previous Help

I told my friend to start digging for his recovery disks if he has them. Just a note about what I think is going on here. Edited by Geiger, 02 April 2009 - 10:18 AM. Here's the HJT log... this contact form

Bulbous (talk) 05:11, 21 December 2008 (UTC) An article about a virus on wikipedia should probably include the following (Name, Creator, FirstAppearance, VirusMethod, Symptoms, RemovalHelp/links to help on removal). I ALSO suspect those who give advice (since they could be promoting installation of malware under the guise of being helpful). During this research, however, I discovered a tool that claimed to specifically remove Trojan.Vundo.H. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.

I'll give it another try tonight and I'll try the new sites if it looks like it's not going to work again. This article is not How to Remove Trojan.Vundo.H from Your System, but How I Removed Trojan.Vundo.H from My System. (one thing that frustrated me during this process was websites along the I do think my observations and notes explain some things about Trojan.Vundo.H that will help clarify some things for people.

It says it'll put them into the "delete on reboot" part but every reboot the problems are still there. Any help would be gratefully appreciated! Besides, it is easier to believe the recommendation of 'jump right to Recovery Console' after seeing everything else that was tried and failed. If someone could look at my hijackthis logs and offer advice in the meantime, I'd much appreciate it.

At the time of writing, it has been over 120 hours, without even the courtesy of a response. Why does Microsoft do this? see below I renamed as instructed - many thanksLogfile of HijackThis v1.99.1Scan saved at 21:02:42, on 19/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\ewido TechSpot is a registered trademark.

thanks richbuff 18.03.2009 05:02 Run this script: CODEbeginRegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2');end.Then, run this one:CODEbeginCreateQurantineArchive('c:\quarantine.zip');end.A file called quarantine.zip should be created in C:\. I have a subscription with a modern version and updated definitions. Anyone have any ideas? (talk) 14:58, 30 March 2009 (UTC) Corrections[edit] I've started correcting this article. Get with it wikipedia. (talk) 05:10, 13 November 2008 (UTC) Not only is the removal section against policy, the removal "guide" is complete nonsense.

Am Fam Physician. 2011 Sep 1;84(5):519-26.Smaill FM, Vazquez JC; Antibiotics for asymptomatic bacteriuria in pregnancy. It did everything wrong -- it said it removed the infection when it did not, it failed to detect the infection when the evidence was overwhelming that it remained, and their Shouldn't this be put in? On the dialogue box that appears select Create a Restore Point3.

I was doing my test above with 'dir /ah', which means (I think, anyway), show hidden files only. weblink I'm also going to see if Spybot will work now. **EDITED to add: Not an hour later and AVG is once again reported an infected mswsock32.dll -- I am running most CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES 4.

Please do not PM me for HJT help, we all benefit from posting on the open board.Want to help others? It also did not allow me to install various programs such as NoAdware and Spybot (Although I'm not sure if this was caused by the floating-point problem). some files cannot delete ..pls help me......for the past 2 weeks, my computer is having problemsI uploaded the Malwarebyte Log filepls help methanks in Advance richbuff 17.03.2009 10:03 Welcome. [Split] from navigate here When you get the "Done Cleaning" message, click OK.

How stupid and illogical is that? HKEY_CLASSES_ROOT\CLSID\{78ef26a1-de6e-4979-ad77-485c679d0eaf} (Trojan.Vundo.H) -> No action taken. Please don't go surfing while your resident protection is disabled!

So I say, that should be added. (talk) 13:35, 6 November 2008 (UTC) No kidding.

  1. Join the ClassRoom and learn how.MS - MVP Consumer Security 2009 - 2016 Back to top #9 Geiger Geiger Member Members 143 posts Location:Inver Grove Heights, MN Posted 02 April 2009
  2. Procmon is a difficult tool to use, and the log files are huge, but working thru them, I discovered that winlogin.exe was the process responsible for the regeneration.
  3. One conclusion that I think can be made with a relative degree of certainly is that I believe that it is impossible for any legitimate malware removal product to remove Trojan.Vundo.H.
  4. They may otherwise interfere with our tools (Click on this link to see a list of programs that should be disabled.) http://www.bleepingc...opic114351.html Double click on Combo-Fix.exe & follow the prompts.
  5. I am a free lancer who likes to write about stuff.
  6. There was actually evidence that this could be done, if done quickly.
  7. I did another install, and quickly copied mbam.exe to another name before it was deleted.
  8. I downloaded procmon from this site -- http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx This tool is hot, and seems a must have in general.
  9. Credits | Terms of Use | Contact Login _ Social Sharing Find TechSpot on...
  10. WikiProject Computing / Software (Rated Start-class, Low-importance) ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Information technology portal v t e This article is within the scope of WikiProject Computing, a collaborative effort to improve

McAfee was completely disabled -- the resident protection was off and would not turn on, it would not scan or update either. Commonly used antibiotics for kidney infections include ciprofloxacin or co-amoxiclav. It was not an easy task, except in the end, once I began to understood how it worked. It allowed me to monitor changes to the registry, files, directories, all of it.

Join our Urinary Tract Infection Forums 495 members 417 recent postsJoin for free today Already registered? Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well. Secondly, it's factually inaccurate to label HijackThis as a Vundo removal tool since HijackThis is not capable of removing Vundo. his comment is here CAUTION: Do not mouse-click ComboFix's window while it is running.

Several functions may not work. If so, you can throw me a bone. I am not affiliated with any of the software mentioned in this article. For example, any constipation should be treated promptly, as constipation can increase your chances of a bladder or kidney infection.

It finds things but it's clearly not fixing them. Here is more info on it. Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar This virus has killed my computer and is killing the internet along with it.

You need an "out of band" mechanism, such as Recovery Console, making the affected disk a slave, etc. The infected system was Windows XP, SP2. And yes, this is how I dealt with it while I was short the cash to get Norton 360: It is quite simple really. The pattern of these random names was cvcvcvcv (where c=consonant, v=vowel, 8 characters). (These files were hidden and required 'dir /ah' at the command prompt to be seen). The Morning

I've tried reinstalling, updating, and running in normal and safe mode with the same results. Please try the request again. At least it seemed legit, in contrast to all the bullshit web sites that claimed to tell you how to remove it, but were simply too vague to be useful, and This fit with my working model as above.

A google search later confirmed that one of the symptoms of Trojan.Vundo.H (et. Email address * Please wait... Don't select to run the Recovery Console as we don't need it. This will start the program and scan your system.

Post that log in your next reply. Apr 3, 2009 #3 gguerra TS Maniac Posts: 317 The file mswsock32.dll is actually malware and not part of windows. I've found nothing (including vundofix) that will take this off my machine.