trojan.vundo.h -- help, please! |
trojan.vundo.h -- help, please! |
Jun 15 2009, 02:50 PM
Post
#1
|
|
hello : ) Group: Official Member Posts: 4,227 Joined: Apr 2004 Member No: 13,139 |
I've tried researching this all over the internet and I cannot get this virus off of my roommate's computer. I've read that I should use Malwarebyte's Anti-Malware and then it will delete the virus. I have scanned the computer several times (with Malwarebyte) and it always shows up that there are 4 items infected. 3 of them are registry keys and 1 is a file. All four are the trojan.vundo.h. I try to remove all items and it says they will all delete on reboot, but even after the computer reboots, it still stays infected because I scan the computer again and the 4 items are STILL there. The logfile is always the same, saying that they will be deleted on reboot. What do I do?! Now I cannot access the internet on her computer (through IE) even though our connection is perfect because I can access the internet on another computer.
Can someone please help?? |
|
|
Jun 15 2009, 02:55 PM
Post
#2
|
|
Ley <3 Group: Member Posts: 579 Joined: Jul 2008 Member No: 664,894 |
That happened to my moms computer and I couldn't figure it out either. I took it to some computer place and he said a week longer and the computer would have completely crashed. Hope that helps somehow.
|
|
|
Jun 15 2009, 03:06 PM
Post
#3
|
|
kthxbai Group: Official Designer Posts: 2,832 Joined: Feb 2008 Member No: 621,203 |
OMG FREAK OUT
Vundo is srsz bizznis. Get SuperAntiSpyware. Last time I had Vundo, it removed it completely. here is the link to install it http://download.cnet.com/SuperAntiSpyware-....html?tag=mncol MAKE SURE TO RUN IN SAFE MODE (restart computer + press F8 repeatedly until you see a screen that lets you choose safe mode). This will work. |
|
|
Jun 15 2009, 03:11 PM
Post
#4
|
|
Senior Member Group: Official Member Posts: 1,036 Joined: May 2009 Member No: 727,246 |
^^ oh my gosh, good advice. by boyfriend needs to do this asap.
|
|
|
Jun 15 2009, 03:27 PM
Post
#5
|
|
Senior Member Group: Official Member Posts: 1,574 Joined: Aug 2007 Member No: 555,438 |
good luck, alright... I'll try and help you. But this virus is f*cking nasty. To be honest you're better off just reformatting your computer. If your friend caught vundo then she/he's liable to have other things on his/her computer as well.
You say that Malwarebyte's is unable to remove it? Have you tried running a TrendMicro house call scan? http://housecall.trendmicro.com/ Have you tried manually deleting the associated registry keys and files? If you cannot delete the files because they are being used have you tried using trend micro's hijack this to delete files on boot? http://www.trendsecure.com/portal/en-US/to...ools/hijackthis |
|
|
Jun 15 2009, 03:31 PM
Post
#6
|
|
hello : ) Group: Official Member Posts: 4,227 Joined: Apr 2004 Member No: 13,139 |
How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet.
|
|
|
Jun 15 2009, 03:39 PM
Post
#7
|
|
Senior Member Group: Official Member Posts: 1,574 Joined: Aug 2007 Member No: 555,438 |
How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet. Chances are she has a rouge device river installed on her computer. Can you access regedit from Start>Run? Can you access cmd from Start>Run? If you answer yes to both of these then you may have to do the following. 1. Rename your regedit.exe located in c:\windows to a file like pctech.exe then double click and open your registry. 2. Browse to the following location. HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32. You'll see an entry called aux2 and if you double click it you will see the file path. 3. Goto the path of the viral file (mine was "C:\\WINDOWS\\system32\\..\\bbk.igj"), in my case it was called: bkk.igj 4. Click start then go to run and paste the path and click ok. 5. You should see the file listed there. If not you may have to turn on hidden files. 6. Use TrendMicro Hijackthis to delete the file on reboot, and remove the registry entry from the registry This came from a trouble ticket that I completed at work. C:\\WINDOWS\\system32\\..\\bbk.igj = C:\WINDOWS\SYSTEM32\..\bbk.igj = C:\WINDOWS\bbk.igj |
|
|
Jun 15 2009, 04:24 PM
Post
#8
|
|
hello : ) Group: Official Member Posts: 4,227 Joined: Apr 2004 Member No: 13,139 |
I would have tried to manually delete the registry keys and file but I'm too afraid that if I do, I could damage her computer further. Should I post the infected registry keys and file here? I could run regedit and cmd but when I browsed that location, I could not find aux2. I don't know, maybe I did something wrong? But the location is the exact one you said to look in so yea...
Thanks for helping guys :) |
|
|
*Guest* |
Jun 16 2009, 07:49 AM
Post
#9
|
Guest |
I would have tried to manually delete the registry keys and file but I'm too afraid that if I do, I could damage her computer further. Should I post the infected registry keys and file here? I could run regedit and cmd but when I browsed that location, I could not find aux2. I don't know, maybe I did something wrong? But the location is the exact one you said to look in so yea... Thanks for helping guys :) If you can access regedit and cmd. If you browsed to that exact location and couldn't find it. You definitely don't have the virus my user had. Anyway, why don't you post the registry keys and files. I'll tell you if it's Ok to delete them. -Uronacid |
|
|
*Guest* |
Jun 16 2009, 05:51 PM
Post
#10
|
Guest |
If you can access regedit and cmd. If you browsed to that exact location and couldn't find it. You definitely don't have the virus my user had. Anyway, why don't you post the registry keys and files. I'll tell you if it's Ok to delete them. -Uronacid Any reason for not logging in? |
|
|
Jun 16 2009, 09:40 PM
Post
#11
|
|
Tick tock, Bill Group: Administrator Posts: 8,764 Joined: Dec 2005 Member No: 333,948 |
|
|
|