I've tried researching this all over the internet and I cannot get this virus off of my roommate's computer. I've read that I should use Malwarebyte's Anti-Malware and then it will delete the virus. I have scanned the computer several times (with Malwarebyte) and it always shows up that there are 4 items infected. 3 of them are registry keys and 1 is a file. All four are the trojan.vundo.h. I try to remove all items and it says they will all delete on reboot, but even after the computer reboots, it still stays infected because I scan the computer again and the 4 items are STILL there. The logfile is always the same, saying that they will be deleted on reboot. What do I do?! Now I cannot access the internet on her computer (through IE) even though our connection is perfect because I can access the internet on another computer.
Can someone please help??
Full Version: trojan.vundo.h -- help, please!
That happened to my moms computer and I couldn't figure it out either. I took it to some computer place and he said a week longer and the computer would have completely crashed. Hope that helps somehow.
OMG FREAK OUT
Vundo is srsz bizznis.
Get SuperAntiSpyware. Last time I had Vundo, it removed it completely.
here is the link to install it
http://download.cnet.com/SuperAntiSpyware-....html?tag=mncol
MAKE SURE TO RUN IN SAFE MODE
(restart computer + press F8 repeatedly until you see a screen that lets you choose safe mode).
This will work.
Vundo is srsz bizznis.
Get SuperAntiSpyware. Last time I had Vundo, it removed it completely.
here is the link to install it
http://download.cnet.com/SuperAntiSpyware-....html?tag=mncol
MAKE SURE TO RUN IN SAFE MODE
(restart computer + press F8 repeatedly until you see a screen that lets you choose safe mode).
This will work.
^^ oh my gosh, good advice. by boyfriend needs to do this asap.
good luck, alright... I'll try and help you. But this virus is f*cking nasty. To be honest you're better off just reformatting your computer. If your friend caught vundo then she/he's liable to have other things on his/her computer as well.
You say that Malwarebyte's is unable to remove it?
Have you tried running a TrendMicro house call scan? http://housecall.trendmicro.com/
Have you tried manually deleting the associated registry keys and files?
If you cannot delete the files because they are being used have you tried using trend micro's hijack this to delete files on boot? http://www.trendsecure.com/portal/en-US/to...ools/hijackthis
You say that Malwarebyte's is unable to remove it?
Have you tried running a TrendMicro house call scan? http://housecall.trendmicro.com/
Have you tried manually deleting the associated registry keys and files?
If you cannot delete the files because they are being used have you tried using trend micro's hijack this to delete files on boot? http://www.trendsecure.com/portal/en-US/to...ools/hijackthis
How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet.
QUOTE(xTINAA @ Jun 15 2009, 04:31 PM) 
How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet.
Chances are she has a rouge device river installed on her computer.
Can you access regedit from Start>Run? Can you access cmd from Start>Run? If you answer yes to both of these then you may have to do the following.
1. Rename your regedit.exe located in c:\windows to a file like pctech.exe then double click and open your registry.
2. Browse to the following location. HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32. You'll see an entry called aux2 and if you double click it you will see the file path.
3. Goto the path of the viral file (mine was "C:\\WINDOWS\\system32\\..\\bbk.igj"), in my case it was called: bkk.igj
4. Click start then go to run and paste the path and click ok.
5. You should see the file listed there. If not you may have to turn on hidden files.
6. Use TrendMicro Hijackthis to delete the file on reboot, and remove the registry entry from the registry
This came from a trouble ticket that I completed at work.
C:\\WINDOWS\\system32\\..\\bbk.igj = C:\WINDOWS\SYSTEM32\..\bbk.igj = C:\WINDOWS\bbk.igj
I would have tried to manually delete the registry keys and file but I'm too afraid that if I do, I could damage her computer further. Should I post the infected registry keys and file here? I could run regedit and cmd but when I browsed that location, I could not find aux2. I don't know, maybe I did something wrong? But the location is the exact one you said to look in so yea...
Thanks for helping guys :)
Thanks for helping guys :)
QUOTE(xTINAA @ Jun 15 2009, 04:24 PM)
I would have tried to manually delete the registry keys and file but I'm too afraid that if I do, I could damage her computer further. Should I post the infected registry keys and file here? I could run regedit and cmd but when I browsed that location, I could not find aux2. I don't know, maybe I did something wrong? But the location is the exact one you said to look in so yea...
Thanks for helping guys :)
Thanks for helping guys :)
If you can access regedit and cmd. If you browsed to that exact location and couldn't find it. You definitely don't have the virus my user had.
Anyway, why don't you post the registry keys and files. I'll tell you if it's Ok to delete them.
-Uronacid
QUOTE(Guest @ Jun 16 2009, 07:49 AM)
If you can access regedit and cmd. If you browsed to that exact location and couldn't find it. You definitely don't have the virus my user had.
Anyway, why don't you post the registry keys and files. I'll tell you if it's Ok to delete them.
-Uronacid
Anyway, why don't you post the registry keys and files. I'll tell you if it's Ok to delete them.
-Uronacid
Any reason for not logging in?
QUOTE(Guest @ Jun 16 2009, 05:51 PM)
Any reason for not logging in?
At least he signed his name and is trying to help. What's YOUR reason, other than a failed attempt at humor. ;)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.