Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Remove Vundo/AppInit_DLLs


(!)

rwnewson's Avatar
rwnewson rwnewson is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: May 2003
Location: University of Toronto, Canada
04-Jan-2009, 09:32 AM #1
Remove Vundo/AppInit_DLLs
Hello everyone,

I can usually remove spyware/adware myself without difficulty but this one particular trojan I have is a doozie. Can someone please help me??

I believe it is a Vundo stored in stubborn DLL files in the C:\WINDOWS\SYSTEM32 directory. Specifically, they appear in my hijackthis log (full log attached) as this line:

O20 - AppInit_DLLs: C:\WINDOWS\system32\wunufaku.dll C:\WINDOWS\system32\nizukipu.dll c:\windows\system32\hejivego.dll

For the life of me I cannot remove these three files! Here are the things I've attempted so far, and I've tried them in both regular and safe mode:

Initially I did the following scans:
- AVG Free Antivirus 8.0 full system scan
- Lavasoft Ad-aware
- Spyware Doctor
- CCleaner
- VundoFix.exe
- HijackThis (removing clearly bad entries)

Each found some infections and claimed to remove them.
Then I noticed that about 10 bad DLLs were in my System32 folder still not removed... So I used HijackThis's "delete file on reboot" utility to remove most of them... But the three listed above will not delete. Then I tried:

- FileAssassin - the program crashes (error message "needs to be shutdown") whenever I try either "FileAssassin's method" or "delete on reboot"
- KillBox - tried to delete on reboot but keeps giving me the "PendingFileRenameOperations Registry Data has been Removed by External Process" error; and when reboot is done manually, nothing happens. Here is log:

Pocket Killbox version 2.0.0.881
Running on Windows XP as Administrator
was started @ Sunday, January 04, 2009, 8:28 AM
# 1 [Delete on Reboot]
Path = c:\windows\system32\nizukipu.dll
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:29:16 AM
Killbox Closed(Exit) @ 8:29:23 AM


I feel like I tried everything and nothing works... the files are still there causing popups and slowing down my computer! PLEASE HELP ME! thanks!!!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
rwnewson's Avatar
rwnewson rwnewson is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: May 2003
Location: University of Toronto, Canada
04-Jan-2009, 11:05 AM #2
Here's an update:

By iteratively running HiJack This to remove line O20 and then deleting one file at a time on reboot I have removed 2 out of 3 of those annoying DLL files... however, one still remains as indicated by my new log file (attached):

O20 - AppInit_DLLs: C:\WINDOWS\system32\wunufaku.dll

No matter what I do I can't get rid of it. I've tried everything (above) twice!! This is getting very annoying. I also installed AVZ and attached that scan too... it doesn't seem to help. If anyone can help I'd be sooo grateful!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
rwnewson's Avatar
rwnewson rwnewson is offline
Member with 54 posts.
THREAD STARTER
 
Join Date: May 2003
Location: University of Toronto, Canada
04-Jan-2009, 01:56 PM #3
Yay! Someone graciously helped me fix the problem here:

http://www.techspot.com/vb/topic119190.html

Done!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑