cancel
Showing results for 
Search instead for 
Did you mean: 

VIVDM.EXE executing AWOLA Rogue Anti Spyware

Hi all,

I've Virusscan Enterprise + Anti Spyware Module 8.0.0. Scan Engine 5200. Patch version 16.

Windowx XP SP2, 1 GB RAM on Lenovo T60 laptop.

I was browsing some sites and all of a sudden, a Triagle shape icon sits at the tray (almost similar to the Windows Update icon). Gives a message "Your computer infected. Windows can automatically download the virus removal tool......etc and if I click on the message, the AWOLA Anti Spyware gets installed and shows that it's scanning the system.


I have uninstalled Awola but the Windows Updater like message keeps coming in tray icon after every reboot. I did some research and found a file in Task Manager by name "VIVDM.EXE". Once I closed it, the tray icon disappeared.

I did a search in my entire C drive but could not find the file by name vivdm.exe

Unfortunately, my Mcafee AV cannot even detect this software nor the spyware.

Can someone help?

Thanks.

Ravi
6 Replies
melboy
Level 7
Report Inappropriate Content
Message 2 of 7

RE: VIVDM.EXE executing AWOLA Rogue Anti Spyware

you could try here:

http://www.malwarebytes.org/malwarenet.php?name=Rogue.Awola

scroll down the below link, past the green button for download and the orange one for buy now to the download url's. i found downloading from besttechie easiest:

http://www.malwarebytes.org/mbam.php

save it to your desktop/my documents then run the installer and run a quick scan once you've updated it. it'll post a report in notebook. follow any prompts it gives you.
its free.

RE: VIVDM.EXE executing AWOLA Rogue Anti Spyware

Thank you for the links. My problem is not with Awola, but with the file vivdm.exe.

I found it in Application Data folder of My documents. Have renamed it for now and would restart the system to check if this comes up again. Have saved it to be forwarded to Mcafee labs.

Will update after the reboot.

Ravi

RE: VIVDM.EXE executing AWOLA Rogue Anti Spyware

I restarted the system after renaming the vivdm.exe to vivdm.e1e.

The problem seems to have rectified now.

Can someone tell me how can I send the file to Mcafee labs?

Thanks.

Ravi
melboy
Level 7
Report Inappropriate Content
Message 5 of 7

RE: VIVDM.EXE executing AWOLA Rogue Anti Spyware

how did you uninstall awola? if vivdm.exe is still present and is related to the pop up message your getting then i would say some remnants of the rouge program awola still remain. running mbam may get rid of it. see here:

http://forum.securitycadets.com/index.php?showtopic=5755

the mcafee lab for malware samples:

https://www.webimmune.net/default.asp

RE: VIVDM.EXE executing AWOLA Rogue Anti Spyware

Hi Ann,

Try the steps Melboy suggested. They work.

I took a different route. I ran Trojan Remover which identified files 12.tmp, 13.tmp and 14.tmp registerd in the Windows registry without any associations. The software removed these three files.

Next, I downloaded "Process Explorer", available at
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

and checked which process does not correspond to normal working. Found a file VIVDDM.EXE with no details, but the file was stored in Application Data of my profile. Renamed this file and rebooted. Everything worked fine.

I also ran the SmitFraudfix.exe as mentioned in one of the links Melboy suggested. This has to be run in safe mode to give better results. For me, the software did not give any infected files (probably my previous steps already removed the infections).

Ravi

Thanks so much!

Ravi,

Thank you so much....your instructions worked perfect.

Anne