Home > Cannot Get > Cannot Get Rid Of Vundo Variant Rel

Cannot Get Rid Of Vundo Variant Rel

Vundo can impede download progress. True story - Barney Stinson Its gonna be legen.. Install windows using the borrowed disk and use the Magical Jelly Bean Keyfinder (http://sourceforge.net/projects/keyfinder) to change the default embedded key of that windows media disk to your correct windows key (as heh!) The first time I ran SuperAntiSpyware it detected over 100 infections. navigate here

My firewall is on, automatic updates are on, and also my antispyware. tsecJune 30th, 2008, 02:20 PMStrange that ZA didnt pick these up during the deep scan in safe mode. Malwarebytes' Anti-Malware 1.31 Database version: 1476 Windows 5.1.2600 Service Pack 3 12/8/2008 10:43:05 PM mbam-log-2008-12-08 (22-43-05).txt Scan type: Full Scan (C:\|) Objects scanned: 124691 Time elapsed: 24 minute(s), 32 second(s) Memory It will be your best interest..When finished, it shall produce a log for you. http://www.bleepingcomputer.com/forums/t/184043/cannot-get-rid-of-vundo-variant-rel/

Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. Almost all varieties of Vundo feature some sort of pop-up advertising as well as rooting themselves to make them difficult to delete. Retrieved March 14, 2012. ^ SuperMWindow - A New Vundo. Help Home Top RSS Terms and Rules All content Copyright ©2000 - 2015 MajorGeeks.comForum software by XenForo™ ©2010-2016 XenForo Ltd.

Lets do some cleanup...Please download OTCleanIt and save it to Desktop.Make sure you have internet connection..Double-click OTCleanIt.exeClick the CleanUp! READ & RUN ME FIRST. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

mauserme: Just to be safe please download OTMoveIt by OldTimer. Borrow any windows on a media disk that is the same version of windows as yours - xp sp2 he or xp sp1 he or xp sp1 pe, etc. See here: http://smartdefense.zonealarm.com/tmpl/body/spyware/sdicReporting.jsp Cheers, Fax willtheoctJuly 2nd, 2008, 05:32 AMdon't use HJT. read the full info here Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silentO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - Global Startup: Digital Line Detect.lnk = ?O4

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Please help improve this article by adding citations to reliable sources. and if you have still the files of the infection you may want to send it to ZA malware analyst. HJT has detected nothing.

dary! http://forums.majorgeeks.com/index.php?threads/cant-get-rid-of-vundo.165109/ SDFix2. I am gonna keep an eye on things and do a few more scans using ZA, SaS and Adaware over the next few days and see if this things is really Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view ZoneAlarm Forums - Your ZoneAlarm Information Source > ZoneAlarm Forums > Malware Discussion > "Trojan.Win32.Monderc.gen" ZoneAlarm Can not Remove,

Short URL to this thread: https://techguy.org/786052 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? check over here Using the site is easy and fun. Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. And so on.

Thread Status: Not open for further replies. The second go round have the 1 after it. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... http://anyforgeek.com/cannot-get/cannot-get-rid-of-trojan-vundo-h.html That's gone now, but still.

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Log Uninstall any versions of Java you find that have older version numbers than the one you just installed.Have the trojan warnings stopped now?I am still just a bit suspicious of C:\WINDOWS\system32\mucltui.dll The desktop background may be changed to the image of an installation window saying there is adware on the computer.

Invision Power Board © 2001-2017 Invision Power Services, Inc.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mstalter, Jul 22, 2008. Please visit HERE if you don't know how.. I have run the F-Secure rootkit detector a few times and so far its found nothing. also, its randomly generated filenames, and the zonealarm developpers have seriously overlooked the "scan the **bleep** contents of the file" part.

HKEY_CLASSES_ROOT\Interface\{947af619-a242-422c-beb8-28d0df96c4f7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. After the previously mentioned tool did its stuff, ZA was able to successfully quarantine Monderc.gen :) hongkongrickJune 29th, 2008, 11:15 PMSame issue here. Both the background and screensaver are in the System32 folder, however the screensaver cannot be deleted. weblink Am gonna run another scan and see what happens.

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Vundo may attempt to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager, registry editor, and msconfig, thereby preventing the system from If something does not run, write down the info to explain to us later but keep on going. This will restore almost anything that was deleted by Kaspersky.

As the title of this post suggests, the name of one of the reoccurring infections, as labeled by SuperAntiSpyware, is Adware.Vundo Variant/Rel while the other infection is Rogue Component/Trace. Almost any user with this malware has got this from cracked softwares and not innocently by some email or web browser drive by. Thank you for all your help. BLEEPINGCOMPUTER NEEDS YOUR HELP!

This thing must be everywhere, because I do not know where it could have come from this time around. Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silentO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Keep getting a scan result that i cannot remove it says 'file contains malware and cannot be disenfected".

Do not assume that because one step does not work that they all will not. if you cannot get these out, try a hex editor and wiping the whole file to a blank byte. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Yahoo! Ever hear of the joke about the guy and the unremoveable troyans on his cracked Windows? (sorry, but could not resist that last shot, I will be nice now)


Okay this

So where this Vundo stuff came from is a mystery to me.