4 Replies Latest reply on Oct 27, 2009 12:43 PM by AratanAenor

    Problem with spam popups+trojan

      Yesterday, mcafee blocked a artemis trojan or something like that. Then popups began to occur randomly (still continuing today). I have tried scanning with McAfee and adaware neither of them found the problem. I tryed to download malwarebytes numerous times but during the installation process it says file couldn't be specified or version of that. Please help. A reply would be appreciated.
        • 1. RE: Problem with spam popups+trojan
          I am also receiving adware such as registry defender but i looked in the registry keys and couldn't find it.
          • 2. RE: Problem with spam popups+trojan
            Same thing just happened to me.

            Try renaming the malwarebytes installer before running it. Then open the folder you want to install malwarebytes to and run the installer. As soon as the file mbam.exe appears in the folder, right-click on it, and rename it to a random number or letter. You have to be fast, because the trojan will try to delete it first. It took me three tries to get it renamed, but I finally got it.

            After that it ran, detected, and deleted the infected registry values as well as the infected files (Trojan.Vundo.H) and (Adware.minibug). Even after this, two infected .dll files still remained and were not removed by malwarebytes until I ran it in safe mode.
            • 3. Artemis/Vundo/hiyuhose/etc. Solution!


              AratanAenor is amazing!!! How he had the brains to figure this one out I'll never know. I tried this approach six times...the trojan kept deleting mbam.exe before I could rename it. I then did it quick enough to do the job. I then ran a full system scan (with malwarebytes) and it detected and deleted eight of these crazy trojans. However, the hiyuhose thing remained in my registry until I ran malwarebytes in safe mode...problem solved.

              AratanAenor, I have no idea who you are, but I would definitely buy you a beer if you were here in San Diego. Many thanks!!!
              • 4. RE: Artemis/Vundo/hiyuhose/etc. Solution!
                One other thing, I learned the hard way this morning that this trojan can copy itself to Window's system restore. Then, every time you reboot your computer it will automatically replace all of the infected files and keys you removed. So, if it appears again after you've removed it, just turn off system restore, which instantly deletes all system restore files on the computer. Then you can run a full scan with malwarebytes in safe mode and remove the infection permanently.