trojan.vundo.h -- help, please! |
 Jun 15 2009, 02:50 PM
Post
#1
|
|
 hello : )  Group: Official Member Posts: 4,227 Joined: Apr 2004 Member No: 13,139  |
I've tried researching this all over the internet and I cannot get this virus off of my roommate's computer. I've read that I should use Malwarebyte's Anti-Malware and then it will delete the virus. I have scanned the computer several times (with Malwarebyte) and it always shows up that there are 4 items infected. 3 of them are registry keys and 1 is a file. All four are the trojan.vundo.h. I try to remove all items and it says they will all delete on reboot, but even after the computer reboots, it still stays infected because I scan the computer again and the 4 items are STILL there. The logfile is always the same, saying that they will be deleted on reboot. What do I do?! Now I cannot access the internet on her computer (through IE) even though our connection is perfect because I can access the internet on another computer.
Can someone please help?? |
|
|
|
 |
Replies
|
Jun 15 2009, 03:31 PM
Post
#2
|
|
|
hello : ) Group: Official Member Posts: 4,227 Joined: Apr 2004 Member No: 13,139 |
How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet.
|
|
|
|
|
Jun 15 2009, 03:39 PM
Post
#3
|
|
 Senior Member Group: Official Member Posts: 1,574 Joined: Aug 2007 Member No: 555,438 |
QUOTE(xTINAA @ Jun 15 2009, 04:31 PM)  How can I install it on her computer if her computer can't access the internet? :( I don't know if its because of that virus (I don't really know anything about how this virus works) but her computer says its connected to the wireless internet. Chances are she has a rouge device river installed on her computer. Can you access regedit from Start>Run? Can you access cmd from Start>Run? If you answer yes to both of these then you may have to do the following. 1. Rename your regedit.exe located in c:\windows to a file like pctech.exe then double click and open your registry. 2. Browse to the following location. HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32. You'll see an entry called aux2 and if you double click it you will see the file path. 3. Goto the path of the viral file (mine was "C:\\WINDOWS\\system32\\..\\bbk.igj"), in my case it was called: bkk.igj 4. Click start then go to run and paste the path and click ok. 5. You should see the file listed there. If not you may have to turn on hidden files. 6. Use TrendMicro Hijackthis to delete the file on reboot, and remove the registry entry from the registry This came from a trouble ticket that I completed at work. C:\\WINDOWS\\system32\\..\\bbk.igj = C:\WINDOWS\SYSTEM32\..\bbk.igj = C:\WINDOWS\bbk.igj |
|
|
|
Posts in this topic
xTINAA trojan.vundo.h -- help, please! Jun 15 2009, 02:50 PM
ley That happened to my moms computer and I couldn... Jun 15 2009, 02:55 PM emberfly OMG FREAK OUT
Vundo is srsz bizznis.
Get SuperAn... Jun 15 2009, 03:06 PM DressYourEyelids ^^ oh my gosh, good advice. by boyfriend needs to ... Jun 15 2009, 03:11 PM Uronacid good luck, alright... I'll try and help you. B... Jun 15 2009, 03:27 PM
xTINAA I would have tried to manually delete the registry... Jun 15 2009, 04:24 PM Guest QUOTE(xTINAA @ Jun 15 2009, 04:24 PM) I w... Jun 16 2009, 07:49 AM Guest QUOTE(Guest @ Jun 16 2009, 07:49 AM) If y... Jun 16 2009, 05:51 PM superstitious QUOTE(Guest @ Jun 16 2009, 05:51 PM) Any ... Jun 16 2009, 09:40 PM |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members: