1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Remove Vundo/AppInit_DLLs

Discussion in 'Virus & Other Malware Removal' started by rwnewson, Jan 4, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. rwnewson

    rwnewson Thread Starter

    Joined:
    May 23, 2003
    Messages:
    54
    Hello everyone,

    I can usually remove spyware/adware myself without difficulty but this one particular trojan I have is a doozie. Can someone please help me??

    I believe it is a Vundo stored in stubborn DLL files in the C:\WINDOWS\SYSTEM32 directory. Specifically, they appear in my hijackthis log (full log attached) as this line:

    O20 - AppInit_DLLs: C:\WINDOWS\system32\wunufaku.dll C:\WINDOWS\system32\nizukipu.dll c:\windows\system32\hejivego.dll

    For the life of me I cannot remove these three files! Here are the things I've attempted so far, and I've tried them in both regular and safe mode:

    Initially I did the following scans:
    - AVG Free Antivirus 8.0 full system scan
    - Lavasoft Ad-aware
    - Spyware Doctor
    - CCleaner
    - VundoFix.exe
    - HijackThis (removing clearly bad entries)

    Each found some infections and claimed to remove them.
    Then I noticed that about 10 bad DLLs were in my System32 folder still not removed... So I used HijackThis's "delete file on reboot" utility to remove most of them... But the three listed above will not delete. Then I tried:

    - FileAssassin - the program crashes (error message "needs to be shutdown") whenever I try either "FileAssassin's method" or "delete on reboot"
    - KillBox - tried to delete on reboot but keeps giving me the "PendingFileRenameOperations Registry Data has been Removed by External Process" error; and when reboot is done manually, nothing happens. Here is log:

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as Administrator
    was started @ Sunday, January 04, 2009, 8:28 AM
    # 1 [Delete on Reboot]
    Path = c:\windows\system32\nizukipu.dll
    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:29:16 AM
    Killbox Closed(Exit) @ 8:29:23 AM


    I feel like I tried everything and nothing works... the files are still there causing popups and slowing down my computer! PLEASE HELP ME! thanks!!!
     

    Attached Files:

  2. rwnewson

    rwnewson Thread Starter

    Joined:
    May 23, 2003
    Messages:
    54
    Here's an update:

    By iteratively running HiJack This to remove line O20 and then deleting one file at a time on reboot I have removed 2 out of 3 of those annoying DLL files... however, one still remains as indicated by my new log file (attached):

    O20 - AppInit_DLLs: C:\WINDOWS\system32\wunufaku.dll

    No matter what I do I can't get rid of it. I've tried everything (above) twice!! This is getting very annoying. I also installed AVZ and attached that scan too... it doesn't seem to help. If anyone can help I'd be sooo grateful!
     

    Attached Files:

  3. rwnewson

    rwnewson Thread Starter

    Joined:
    May 23, 2003
    Messages:
    54
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/786587