- Oct 6, 2007
- 4,902
- 0
- 71
About two weeks ago my main PC became infected with Vundo/Virtumondo. I manually wiped out as many of the files and registry items as I could find, which at least opened up the use of Malware Bytes, SuperAntiSpyware and Spybot for me. However, none of those has been completely able to kill the virus. Because some of the DLLs are in use, all of those programs as well as HijackThis are unable to remove them.
The DLLs that are scheduled for deletion on reboot stick around nonetheless, and there's a registry value that I can't delete which seems to be part of the source of the problem. There are also a couple DLLs which are residing in C:\windows\system32 according to HT and ListDLLs, but they don't show up there in Windows Explorer or the command prompt.
I downloaded Symantec's Vundo removal tool, but after running the scan for a half hour it declared that there was no Vundo infection, which is BS. SAS and MB report the virus as Vundo, and it's clear from the symptoms and the names of the rogue DLLs that it's a version of Vundo.
OS is Windows XP 32 SP3. I'm at work right now, but I can post a HijackThis log when I get home. I know what items need to be removed, it's just that HT can't get the job done.
My system is sufficiently usable that I could relatively easily backup my data and do a clean wipe, but I'm stubborn, and I'd rather beat this thing if possible. (Although really, it's been almost a year since I built the machine, so a clean install would probably be a good thing, and would let me set the machine up according to mechBgon's guide.)
My laptop, on a separate network, recently became infected as well and has had the same problems with removing the trojan. The laptop was provided to me by the city school system, so a total wipe isn't possible. I may just end up turning the machine over to them to be fixed, I'll have to check with IT.
The DLLs that are scheduled for deletion on reboot stick around nonetheless, and there's a registry value that I can't delete which seems to be part of the source of the problem. There are also a couple DLLs which are residing in C:\windows\system32 according to HT and ListDLLs, but they don't show up there in Windows Explorer or the command prompt.
I downloaded Symantec's Vundo removal tool, but after running the scan for a half hour it declared that there was no Vundo infection, which is BS. SAS and MB report the virus as Vundo, and it's clear from the symptoms and the names of the rogue DLLs that it's a version of Vundo.
OS is Windows XP 32 SP3. I'm at work right now, but I can post a HijackThis log when I get home. I know what items need to be removed, it's just that HT can't get the job done.
My system is sufficiently usable that I could relatively easily backup my data and do a clean wipe, but I'm stubborn, and I'd rather beat this thing if possible. (Although really, it's been almost a year since I built the machine, so a clean install would probably be a good thing, and would let me set the machine up according to mechBgon's guide.)
My laptop, on a separate network, recently became infected as well and has had the same problems with removing the trojan. The laptop was provided to me by the city school system, so a total wipe isn't possible. I may just end up turning the machine over to them to be fixed, I'll have to check with IT.