Log In · Register

 
 
Reply to this topicStart new topic
trojan.vundo.h -- help, please!
xTINAA
post Jun 15 2009, 02:50 PM
Post #1


hello : )
*******

Group: Official Member
Posts: 4,227
Joined: Apr 2004
Member No: 13,139



I've tried researching this all over the internet and I cannot get this virus off of my roommate's computer. I've read that I should use Malwarebyte's Anti-Malware and then it will delete the virus. I have scanned the computer several times (with Malwarebyte) and it always shows up that there are 4 items infected. 3 of them are registry keys and 1 is a file. All four are the trojan.vundo.h. I try to remove all items and it says they will all delete on reboot, but even after the computer reboots, it still stays infected because I scan the computer again and the 4 items are STILL there. The logfile is always the same, saying that they will be deleted on reboot. What do I do?! Now I cannot access the internet on her computer (through IE) even though our connection is perfect because I can access the internet on another computer.

Can someone please help??
 
ley
post Jun 15 2009, 02:55 PM
Post #2


Ley <3
*****

Group: Member
Posts: 579
Joined: Jul 2008
Member No: 664,894



That happened to my moms computer and I couldn't figure it out either. I took it to some computer place and he said a week longer and the computer would have completely crashed. Hope that helps somehow.
 
emberfly
post Jun 15 2009, 03:06 PM
Post #3


kthxbai
******

Group: Official Designer
Posts: 2,832
Joined: Feb 2008
Member No: 621,203



OMG FREAK OUT

Vundo is srsz bizznis.

Get SuperAntiSpyware. Last time I had Vundo, it removed it completely.

here is the link to install it

http://download.cnet.com/SuperAntiSpyware-....html?tag=mncol

MAKE SURE TO RUN IN SAFE MODE

(restart computer + press F8 repeatedly until you see a screen that lets you choose safe mode).

This will work.
 
-DressYourEyelid...
post Jun 15 2009, 03:11 PM
Post #4


Senior Member
******

Group: Official Member
Posts: 1,036
Joined: May 2009
Member No: 727,246



^^ oh my gosh, good advice. by boyfriend needs to do this asap.
 
Uronacid
post Jun 15 2009, 03:27 PM
Post #5


Senior Member
******

Group: Official Member
Posts: 1,574
Joined: Aug 2007
Member No: 555,438



good luck, alright... I'll try and help you. But this virus is f*cking nasty. To be honest you're better off just reformatting your computer. If your friend caught vundo then she/he's liable to have other things on his/her computer as well.

You say that Malwarebyte's is unable to remove it?

Have you tried running a TrendMicro house call scan? http://housecall.trendmicro.com/
Have you tried manually deleting the associated registry keys and files?
If you cannot delete the files because they are being used have you tried using trend micro's hijack this to delete files on boot? http://www.trendsecure.com/portal/en-US/to...ools/hijackthis
 
xTINAA
post Jun 15 2009, 03:31 PM
Post #6


hello : )
*******

Group: Official Member
Posts: 4,227
Joined: Apr 2004
Member No: 13,139



How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet.
 
Uronacid
post Jun 15 2009, 03:39 PM
Post #7


Senior Member
******

Group: Official Member
Posts: 1,574
Joined: Aug 2007
Member No: 555,438



QUOTE(xTINAA @ Jun 15 2009, 04:31 PM) *
How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet.


Chances are she has a rouge device river installed on her computer.

Can you access regedit from Start>Run? Can you access cmd from Start>Run? If you answer yes to both of these then you may have to do the following.

1. Rename your regedit.exe located in c:\windows to a file like pctech.exe then double click and open your registry.
2. Browse to the following location. HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32. You'll see an entry called aux2 and if you double click it you will see the file path.
3. Goto the path of the viral file (mine was "C:\\WINDOWS\\system32\\..\\bbk.igj"), in my case it was called: bkk.igj
4. Click start then go to run and paste the path and click ok.
5. You should see the file listed there. If not you may have to turn on hidden files.
6. Use TrendMicro Hijackthis to delete the file on reboot, and remove the registry entry from the registry

This came from a trouble ticket that I completed at work.


C:\\WINDOWS\\system32\\..\\bbk.igj = C:\WINDOWS\SYSTEM32\..\bbk.igj = C:\WINDOWS\bbk.igj
 
xTINAA
post Jun 15 2009, 04:24 PM
Post #8


hello : )
*******

Group: Official Member
Posts: 4,227
Joined: Apr 2004
Member No: 13,139



I would have tried to manually delete the registry keys and file but I'm too afraid that if I do, I could damage her computer further. Should I post the infected registry keys and file here? I could run regedit and cmd but when I browsed that location, I could not find aux2. I don't know, maybe I did something wrong? But the location is the exact one you said to look in so yea...

Thanks for helping guys :)
 
*Guest*
post Jun 16 2009, 07:49 AM
Post #9





Guest






QUOTE(xTINAA @ Jun 15 2009, 04:24 PM) *
I would have tried to manually delete the registry keys and file but I'm too afraid that if I do, I could damage her computer further. Should I post the infected registry keys and file here? I could run regedit and cmd but when I browsed that location, I could not find aux2. I don't know, maybe I did something wrong? But the location is the exact one you said to look in so yea...

Thanks for helping guys :)


If you can access regedit and cmd. If you browsed to that exact location and couldn't find it. You definitely don't have the virus my user had.

Anyway, why don't you post the registry keys and files. I'll tell you if it's Ok to delete them.

-Uronacid
 
*Guest*
post Jun 16 2009, 05:51 PM
Post #10





Guest






QUOTE(Guest @ Jun 16 2009, 07:49 AM) *
If you can access regedit and cmd. If you browsed to that exact location and couldn't find it. You definitely don't have the virus my user had.

Anyway, why don't you post the registry keys and files. I'll tell you if it's Ok to delete them.

-Uronacid

Any reason for not logging in?
 
superstitious
post Jun 16 2009, 09:40 PM
Post #11


Tick tock, Bill
*******

Group: Administrator
Posts: 8,764
Joined: Dec 2005
Member No: 333,948



QUOTE(Guest @ Jun 16 2009, 05:51 PM) *
Any reason for not logging in?

At least he signed his name and is trying to help. What's YOUR reason, other than a failed attempt at humor. ;)
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members: