| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57342 | 2005-04-30 01:19:00 | How do you remove Trojan.Vundo.B | ronmar (3384) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 350558 | 2005-04-30 01:19:00 | This trojan arrived on my computer yesterday. I have taken the following steps to remove it:- Ran symantec in normal and safe mode, would not remove it. Ditto for ad aware, same result Ran Spybot, it congratulated me on having no problems !!! Ran Xoftspy which I downloaded from a Google search as the "best" there is, no better. Prior to noticing it, when I updated virus protection from Symantec, I had only been to the Herald web site SMH, ASX, ASB etc. The computer seems to operate OK but each time start it a message from Symantec appears on my desktop that tells me I have a virus, as if I am not aware of this !! From the details of the trojan provided by the symantec web site it appears to only result in " displays pop up advertisements on the compromised computer" Only last week, in response to a windows problem, I had to re install XPPro and all the rest of it. I sincerely hope that this is not the way out again. Is there any solution to my problem? Help would be appreciated (before I take a "long walk on a short wharf") |
ronmar (3384) | ||
| 350559 | 2005-04-30 01:30:00 | have a look thru the faq on spyware. pressf1.pcworld.co.nz 16 hth |
johnboy (217) | ||
| 350560 | 2005-04-30 01:46:00 | Try running a Trojan removal program. The Cleaner (www.majorgeeks.com) is a good one, as is Trojan Hunter (www.majorgeeks.com). | FoxyMX (5) | ||
| 350561 | 2005-04-30 03:50:00 | Try the removal tool from Symantec securityresponse.symantec.com And update your version of Windows. |
Speedy Gonzales (78) | ||
| 350562 | 2005-04-30 07:25:00 | Thank You Speedy Gonzales, the removal tool gave me the message that it had been removed. However I still have the message from norton on my desk top advising me that the virus is still on my computer | ronmar (3384) | ||
| 350563 | 2005-04-30 08:00:00 | this mesage you are getting from your virus checker, does it have the word "restore" any where in it? If so disable system restore (this will of course delete all restore points), reboot your pc then reable system restore. Virus's somtimes hide in this part of the pc and although your virus scanner knows its there it cant clean it out because its a protected area and the only way to get a virus out of there (that I'm aware of) is to disable then reable system restore |
beama (111) | ||
| 350564 | 2005-04-30 08:01:00 | See if any of the registry entries are left behind, and hence triggering the Anti-Virus. If so, save the registry, then remove those entries. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowsm NT\CurrentVersion\Winlogon\Notify\[Trojan file name] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB 5-BD7D-4D49-A1AA-8AB0F3D3CB44} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} |
pheonix (36) | ||
| 350565 | 2005-04-30 22:12:00 | To all - thanks for your suggestions. I have tried them all but to date I am in the same position, the computer appears to work ok and I just push the warning notice "which does not contain the word restore "off screen and carry on using it. I have tried the symantec removal tool, according to their instructions, four times and each time it tells me that it has been removed but no luck it has not. The registry keys that I could find have been removed ,along with those supposedly removed by the symantic tool, disabled system restore, my windows is always updated etc etc etc. Can any one suggest a place to go to get this fixed? |
ronmar (3384) | ||
| 350566 | 2005-04-30 22:55:00 | Could post back the exact wording of the error message please including window title | beama (111) | ||
| 350567 | 2005-04-30 22:57:00 | Seems to be a very difficult one to remove. This from vil.mcafeesecurity.com Certain variants of the Vundo trojan are especially difficult to remove. Current DAT and Engine functionality does not yet provide an automatic method to fully remove this threat if it is active in memory. However, a combination of manual and DAT/Engine removal methods does allow for successful removal of this threat. Instructions Download Process Explorer (procexp.exe) from Sysinternals Reboot the infected machine Launch the VirusScan On-Demand Scanner (ODS), or the command-line scanner, but don't initiate the scan yet Run Process Explorer and suspend the Explorer.exe, Winlogon.exe, and rundll32.exe processes (right-click on these process names and choose suspend) Scan & clean with the current DAT files and engine (the Window launched in step 3 above) [there will be clean failures, that is expected] Physically power the machine off and back on.(a hard reset is required as Windows will not shutdown without Winlogon.exe running, and resuming that process will revert the changes made by the scanner). These steps will removal all relevant registry entries and identified Vundo components. Also read the information at this link forums.techguy.org |
Safari (3993) | ||
| 1 2 3 4 | |||||