cant get rid of trojan.vundo

[frankg]

Windows XP

Downloaded the removal tool from symantec and run it in safe mode without
success.
It appears to reside in the system32 dll file and cant be removed/deleted
Removal suggestions please ?

 

[Art]

Windows XP

Downloaded the removal tool from symantec and run it in safe mode without
success.
It appears to reside in the system32 dll file and cant be removed/deleted
Removal suggestions please ?

Here's a procedure:

http://tinyurl.com/ab3w6

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[frankg]

Here's a procedure:

http://tinyurl.com/ab3w6

Art

it's not the trojan.vundoB version , just plain trojan.vundo - same
procedure/tools?

 

[Art]

it's not the trojan.vundoB version , just plain trojan.vundo - same
procedure/tools?

The general tools such as Killbox and HiJackThis should prove to be
helpful. I see Symantec has removal utils for at least a couple of
variants of vundo. Did you Google them up and try them?

Remember Google is your friend. There are forums for help with
HiJackThis results.

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[Art]

it's not the trojan.vundoB version , just plain trojan.vundo - same
procedure/tools?

A couple of other things. This McAfee writeup should be helpful as
well:

http://vil.mcafeesecurity.com/vil/content/v_127690.htm

Also, download BHO Demon:

http://www.definitivesolutions.com/bhodemon.htm

It will allow you see and remove the BHOs.

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[frankg]

thanks I'll give it a go

A couple of other things. This McAfee writeup should be helpful as
well:

http://vil.mcafeesecurity.com/vil/content/v_127690.htm

Also, download BHO Demon:

http://www.definitivesolutions.com/bhodemon.htm

It will allow you see and remove the BHOs.

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[Larry Sabo]

Windows XP

Downloaded the removal tool from symantec and run it in safe mode without
success.
It appears to reside in the system32 dll file and cant be removed/deleted
Removal suggestions please ?

I just deleted it on a system this morning, using UBCD4WIN to delete
the dll. The system had NAV2005 and kept alerting on the dll and
couldn't remove it in Normal or Safe mode. If you don't have UBCD4WIN
or BartPE, boot from the XP (or Win2k) CD and use the command console
in Repair mode to do so.

Then do a scan on the Windows directory with your up-to-date
anti-virus program.

If this doesn't do it, you will probably have to use the more thorough
methods outlines in the other posts. I didn't have to remove any BHOs
or reg entries, so perhaps I was lucky.

Larry

 

[tim]

Windows XP

Downloaded the removal tool from symantec and run it in safe mode without
success.
It appears to reside in the system32 dll file and cant be removed/deleted
Removal suggestions please ?

http://www.bleepingcomputer.com/forums/topic30555.html

I fixed up a computer with that one as well. Symantec had removers for
2 versions of this trojan and neither worked. Following the
instructions on this page resulted in the removal of it.
Of course 3 days later and I have to go back and do it all over again.
tim

 

[frankg]

Thank you!
This is the thing that seems to have worked
http://www.bleepingcomputer.com/for...-Search42com-MSevents-tx18610-0.html#symptoms