This content has been marked as final. Show 3 replies
Unfortunately, you haven't told us which operating system you're using but if you've got Win2000 or XP, please try this:
First, try the VundoFix instructions below:
First, Download and run the "SDFix.exe" program to extract the files to the C:\SDFix folder.. Next, restart into Safe Mode, navigate to the C:\SDfix folder, then run the "RunThis.bat" file inside. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Next, run the "VundoFix.exe" tool. After "VundoFix" starts, click on the "Scan for Vundo" button and after the files are found, then click on the "Remove Vundo" button.
SDFix (Clicking on the link below will immediately start the download dialogue box.)
After you've performed the instructions above, then continue on with the procedures below:
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Hope this helps and let us know how it goes. Exact malware names and the names of infected files would help.
Thx for you help firstofall!
Here is how it went:
SDfix performed the scan and deleded teh following files:
Trojan Files Found:
C:\WINDOWS\system32\geBuTkkh.dll - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Folder C:\Program Files\Fichiers communs\Carlson - Removed
Don't now if you need other informations from the report?
VundoFix was performed and found NO infections (wasnt performed in safe mode though!?
Anti-malaware found multiples Trojan.Vundo files :
Memory Modules Infected:
C:\WINDOWS\system32\SvxHRqru.ini2 (Trojan.Vundo) .
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KEZ37C0P\kb456456 (Trojan.Vundo)
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -
C:\WINDOWS\system32\fccccYqQ.dll (Trojan.Vundo) .
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer)
What that Dialer did or where i get that i dont now be seems to be deleded eitherway...
ABAM demanded resatart to delete some files.
After restart i runned the scan again an he refound those 3 files:
abam fixed them *** soon without restart and another scan found no infected files.
The computer now seems to show no symptoms of the virus anymore.
I'm just wondering why Vundo.fix found no infected files.
If anything reappears i'll let you know.
Good job so far.. Just a test though to make sure the scanners actually removed things.. Please restart the computer and try scanning again.. And if you're up to it, please get a "second opinion" with the free spyware removal tool at the link below.. Download the file to your desktop, install it, then update it.. Once that's done, restart the computer into Safe Mode and run a full system scan.
SUPERAntispyware Removal Tool
The point here is that there are a number of tools which "say" they're removing problem trojan files.. Unfortunately, they're not perfect so it's always good to restart the computer, then run another scanner to get a second opinion. There have been a few occasions where I've found it necessary to manually delete an infected file using a command prompt from the Recovery Console.
As to why Vundofix didn't find all the files, I can only say that it's a great tool when it finds the malware which is in it's own definition database.. Although the definition database is updated occasionally, other tools are available which update their definitions much more frequently.. As most have found, it's best to use a number of spyware scanners because they all seem to find something the others don't.
Hope this helps and let us know how it goes..