1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: VUNDO TROJAN Help!!

Discussion in 'Virus & Other Malware Removal' started by Duality*, Jul 15, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    Hi,

    My Pc has been infected with a nasty Case of the Vundo Trojan Virus. I have spent the last week defeating the (insert word here) on my own. I've tried NUMEROUS Spyware Programs and Removal Tools, (Including Ewido Anti-Spyware, Windows Defender, Spybot S&D, Ad-Aware, ect.) But Nothing seems to find them. I know that the Vundo is there because well for one its hogging all my memory, and two i get numerous popups.

    I will happily announce though, That I have defeated most of the Vundo, I had 10 major counts of it, and now I only have four. I determined this by using the SpyNoMore program found at www.spynomore.com .. However little did I know that one must buy such a great program. But what I did was took the locations of each file provided by the program and deleted them manually (in safe mode of course). This I managed to do for all of them except for four.

    One of the four is found here:

    C:\WINDOWS\System 32\awvvu.dll

    However when I search for it, the file isn't there. I've looked many times. So it seems as if the file is 'hiding' from me, but not the SpyNoMore Program.

    The other three counts are found in the registry, and it seems everytime I find their location, delete them and then re-scan, the three registry entries are different. So It seems as if the spyware is on the move.

    I believe that if I could locate the file in the System 32 folder and remove it, that this would cure the registry problem. However I am uncertain to that.

    I have tried almost everything that I know of, printed out pages after pages from other forums, anything that was related to my problem. Again, Nothing has worked for me, except my 'manual deletion' method.

    So Please, I request Some info or help on this Issue.. I Want my Memory back!!!

    -Duality

    P.S. I'm sorry I haven't included a HJT log, I have the program, ran the scan and saved the log. But nothing happened, and I have no clue where to find the HJT Log. Sorry.
     
  2. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    Hi there.

    1. See my sig and download Hijack This, post a log here. (i cannot read it)
    2. See my sig and look at the online AV Scanners.
    3. Download AVG too.
    __________________________________________________________________________

    Please download VundoFix.exe to your desktop.
    · Double-click VundoFix.exe to run it.
    · Put a check next to Run VundoFix as a task.
    · You will receive a message saying vundofix will close and re-open in a minute or less. Click OK· When VundoFix re-opens, click the Scan for Vundo button.
    · Once it's done scanning, click the Remove Vundo button.
    · You will receive a prompt asking if you want to remove the files, click YES
    · Once you click yes, your desktop will go blank as it starts removing Vundo.
    · When completed, it will prompt that it will shutdown your computer, click OK.
    · Turn your computer back on.

    __________________________________________________________________________

    Do all that and you should be ok.
     
  3. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    Hey,

    Ok again, as I mentioned, I am unable to get the HJT Log, so instead I took screen shots and uploaded them.

    HJT log: http://i2.tinypic.com/2054ges.gif
    Running Procceses: http://i1.tinypic.com/2055fyq.gif

    I tried the Vundo Removal tool, however it said it found no files, which is confusing because im still having porblems.

    I will also mention that over the past week I have ran every online scan imaginable, including the ones listed in your signature. Plus I already have Ewido, Windows Defender and Spybot Search and Destroy. As for AVG, I never personally liked the program, and i've heard complaints that it isn't as good as some other programs.

    Currently I am using NOD32 virus protect from www.eset.com
     
  4. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    ok then. Try the online AV in sig.
     
  5. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    The Online what?
     
  6. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    online antivirus. I my sig.
     
  7. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    I just thought i'd post this, its a .gif image of the results when I scan using SpyNoMore.

    http://i2.tinypic.com/2056zxw.gif

    Status: Currently waiting for the Symatec Online Security Check to complete.
     
  8. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    1. Delete awvvu.dll in system32
    2. Remove the registry keys as stated in that spy m no more scan report.
     
  9. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    Dude, sorry but have you read my initial post??

    I've already went to the system 32 folder and tried deleting the file, but its not present, i even did the 'search' from the start up and searched for the awvvu.dll file but its not there..

    Again as I said in my initial post. I delete teh registry keys. but when i scan again, Different registry keys come up.
     
  10. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    ok, the trojan probably has the file hidden. Can you fix it when you scan with that scanner?
     
  11. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    The SpyNomore scanner you mean? I can't unfortunally, If I could I woudlnt be here:p

    It's only a Demo Version, and I have to pay in order to delete the files:(
     
  12. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    UpDate: The Symantec Online Scanner has completed.


    33395 files scanned, 0 file(s) infected on your disk drives.


    No viruses were detected in memory.
     
  13. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    Ok, can you now try Trend Micro online AV Scan?
     
  14. Duality*

    Duality* Thread Starter

    Joined:
    Jul 15, 2006
    Messages:
    9
    *sigh* I'll try it again.. Although I already did a a few days ago, and i've been infected with this thing since July 9th.
     
  15. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    ok so you already tried it?, then dont bother.

    Try this:

    1. Download Prevx1 from here
    2. When the download is comlpete install the program. The program is a trial, but it is fully functional and you do not need to pay to remove infections.
    3. Restart your computer when prompted to do so.
    4. At the end of the restart and when you have logged on Prevx1 will scan your system once and notify you if you have been infected. It will give you the offer to clean infections at system restart. Prevx1 also blocks any malcious from running.
    5. When you are all clean, you may uninstall the program or pay for it if you think its good enough. Also post a new HJT Log along with an Ewido scan report.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483489

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice