Guest pemo Posted July 7, 2008 Posted July 7, 2008 i have caught vondo trojan on another pc. all attempts to remove has not worked. tried fix vondo, vondo fix, both say it is not present. when i run spybot search and destroy, it finds files, including 3 on registry. when i click repair, it has acted two ways-- 1- it removes files (so it seems) but a second scan finds they have reloaded. or 2- the program freezes. when i reboot and scan again, same files are found even though previous scan has said they were deleted. have found two .dll files that are corrupted with the trojan, but i am not permitted to delete them. i am told they are locked or in use by anothe program or person. have tried this over and over in both normal mode and safe mode. have searched and found some info and "repairs" on web, but the repairs do not find virus when they are run, even though spybot does. any info would be appreciated, thanks in advance, pemo
Guest Kayman Posted July 7, 2008 Posted July 7, 2008 Re: vondo/virtumonde help On Mon, 7 Jul 2008 08:50:32 -0400, pemo wrote: > i have caught vondo trojan on another pc. all attempts to remove has not > worked. tried fix vondo, vondo fix, both say it is not present. when i run > spybot search and destroy, it finds files, including 3 on registry. when i > click repair, it has acted two ways-- > 1- it removes files (so it seems) but a second scan finds they have > reloaded. > or > 2- the program freezes. > when i reboot and scan again, same files are found even though previous scan > has said they were deleted. > have found two .dll files that are corrupted with the trojan, but i am not > permitted to delete them. i am told they are locked or in use by anothe > program or person. > have tried this over and over in both normal mode and safe mode. have > searched and found some info and "repairs" on web, but the repairs do not > find virus when they are run, even though spybot does. > any info would be appreciated, > thanks in advance, > pemo http://www.bleepingcomputer.com/forums/index.php?act=Search&CODE=show&searchid=41691ccd3fab16eb31b0c1f6eee4fde1&search_in=posts&result_type=topics&highlite=%2Bvundo%2Fvirtumonde
Guest Sajjad Mehdi Posted July 7, 2008 Posted July 7, 2008 RE: vondo/virtumonde help You can try this tool MalwareBytes Anti-Malware - http://pcsafety.sheiky.net/portables/portable_antimalware.exe This should remove your vundo. -- Mir Sajjad Mehdi Microsoft XP Platform Support "pemo" wrote: > i have caught vondo trojan on another pc. all attempts to remove has not > worked. tried fix vondo, vondo fix, both say it is not present. when i run > spybot search and destroy, it finds files, including 3 on registry. when i > click repair, it has acted two ways-- > 1- it removes files (so it seems) but a second scan finds they have > reloaded. > or > 2- the program freezes. > when i reboot and scan again, same files are found even though previous scan > has said they were deleted. > have found two .dll files that are corrupted with the trojan, but i am not > permitted to delete them. i am told they are locked or in use by anothe > program or person. > have tried this over and over in both normal mode and safe mode. have > searched and found some info and "repairs" on web, but the repairs do not > find virus when they are run, even though spybot does. > any info would be appreciated, > thanks in advance, > pemo > > >
Guest Craig S Posted July 7, 2008 Posted July 7, 2008 RE: vondo/virtumonde help Anyone: Occasionally Malware Fixes include Disabling/Erasing System Restore Files and I'm confused when that needs to be done si SR cannot Re-Introduce the Baddie back in again. Can anyone clarify? I take it that's not an issue here but don't know why. Thanks!
Guest Kelly Posted July 7, 2008 Posted July 7, 2008 Re: vondo/virtumonde help Either use Disk Cleanup/More Options or System Restore/Turn off. The former removes all but the last and the latter removes them all. -- All the Best, Kelly (MS-MVP/DTS&XP) Taskbar Repair Tool Plus! http://www.kellys-korner-xp.com/taskbarplus!.htm SupportSpace http://www.supportspace.com/pages?aiu=kellyskorner "Craig S" <CraigS@discussions.microsoft.com> wrote in message news:274233DD-5F9E-42FD-8DA1-9742BA0D4659@microsoft.com... > > Anyone: Occasionally Malware Fixes include Disabling/Erasing System > Restore > Files and I'm confused when that needs to be done si SR cannot > Re-Introduce > the Baddie back in again. Can anyone clarify? I take it that's not an > issue > here but don't know why. Thanks!
Guest Ken Blake, MVP Posted July 7, 2008 Posted July 7, 2008 Re: vondo/virtumonde help On Mon, 7 Jul 2008 09:08:02 -0700, Craig S <CraigS@discussions.microsoft.com> wrote: > > Anyone: Occasionally Malware Fixes include Disabling/Erasing System Restore > Files and I'm confused when that needs to be done si SR cannot Re-Introduce > the Baddie back in again. Can anyone clarify? I take it that's not an issue > here but don't know why. Thanks! Any form of malware--whether spyware, virus, or anything else--in a restore point is completely innocuous and can do nothing at all *unless* you restore from that restore point. You don't necessarily have to get rid of all the restore points; instead you can just keep a record of which are infected and be sure not to restore from them. Then wait for the infected point(s) to fall off the end of the chain--a maximum of 90 days. -- Ken Blake, Microsoft MVP - Windows Desktop Experience Please Reply to the Newsgroup
Guest pemo Posted July 7, 2008 Posted July 7, 2008 Re: vondo/virtumonde help tried both of these fixes yesterday, they would find the files, but on re-boot the virus/worm reloaded. thanks anyway ----- Original Message ----- From: "Kayman" <kaymanDeleteThis@operamail.com> Newsgroups: microsoft.public.windowsxp.general Sent: Monday, July 07, 2008 9:43 AM Subject: Re: vondo/virtumonde help > On Mon, 7 Jul 2008 08:50:32 -0400, pemo wrote: > >> i have caught vondo trojan on another pc. all attempts to remove has not >> worked. tried fix vondo, vondo fix, both say it is not present. when i >> run >> spybot search and destroy, it finds files, including 3 on registry. when >> i >> click repair, it has acted two ways-- >> 1- it removes files (so it seems) but a second scan finds they have >> reloaded. >> or >> 2- the program freezes. >> when i reboot and scan again, same files are found even though previous >> scan >> has said they were deleted. >> have found two .dll files that are corrupted with the trojan, but i am >> not >> permitted to delete them. i am told they are locked or in use by anothe >> program or person. >> have tried this over and over in both normal mode and safe mode. have >> searched and found some info and "repairs" on web, but the repairs do not >> find virus when they are run, even though spybot does. >> any info would be appreciated, >> thanks in advance, >> pemo > > http://www.bleepingcomputer.com/forums/index.php?act=Search&CODE=show&searchid=41691ccd3fab16eb31b0c1f6eee4fde1&search_in=posts&result_type=topics&highlite=%2Bvundo%2Fvirtumonde "Kayman" <kaymanDeleteThis@operamail.com> wrote in message news:uQMCodD4IHA.4856@TK2MSFTNGP02.phx.gbl... > On Mon, 7 Jul 2008 08:50:32 -0400, pemo wrote: > >> i have caught vondo trojan on another pc. all attempts to remove has not >> worked. tried fix vondo, vondo fix, both say it is not present. when i >> run >> spybot search and destroy, it finds files, including 3 on registry. when >> i >> click repair, it has acted two ways-- >> 1- it removes files (so it seems) but a second scan finds they have >> reloaded. >> or >> 2- the program freezes. >> when i reboot and scan again, same files are found even though previous >> scan >> has said they were deleted. >> have found two .dll files that are corrupted with the trojan, but i am >> not >> permitted to delete them. i am told they are locked or in use by anothe >> program or person. >> have tried this over and over in both normal mode and safe mode. have >> searched and found some info and "repairs" on web, but the repairs do not >> find virus when they are run, even though spybot does. >> any info would be appreciated, >> thanks in advance, >> pemo > > http://www.bleepingcomputer.com/forums/index.php?act=Search&CODE=show&searchid=41691ccd3fab16eb31b0c1f6eee4fde1&search_in=posts&result_type=topics&highlite=%2Bvundo%2Fvirtumonde
Guest pemo Posted July 7, 2008 Posted July 7, 2008 Re: vondo/virtumonde help the recommendations to disable the restore point and disable network connections were required prior to running "fix vondo", and "vondo fix", both programs by the way were ineffective. antivir pe found the bad .dll(s) and the corrupt registry items, but could not seem to delete the files. reboot would show that they were back on system. the antimalware.exe in sajjad's post worked excellently. A+ "Craig S" <CraigS@discussions.microsoft.com> wrote in message news:274233DD-5F9E-42FD-8DA1-9742BA0D4659@microsoft.com... > > Anyone: Occasionally Malware Fixes include Disabling/Erasing System > Restore > Files and I'm confused when that needs to be done si SR cannot > Re-Introduce > the Baddie back in again. Can anyone clarify? I take it that's not an > issue > here but don't know why. Thanks!
Guest PA Bear [MS MVP] Posted July 7, 2008 Posted July 7, 2008 Re: vondo/virtumonde help Speaking from experience, I would NOT assume that machine's 100% clean if all you did was run MBAM. pemo wrote: > the recommendations to disable the restore point and disable network > connections were required prior to running "fix vondo", and "vondo fix", > both programs by the way were ineffective. antivir pe found the bad > .dll(s) > and the corrupt registry items, but could not seem to delete the files. > reboot would show that they were back on system. the antimalware.exe in > sajjad's post worked excellently. A+ > > "Craig S" <CraigS@discussions.microsoft.com> wrote in message > news:274233DD-5F9E-42FD-8DA1-9742BA0D4659@microsoft.com... >> >> Anyone: Occasionally Malware Fixes include Disabling/Erasing System >> Restore >> Files and I'm confused when that needs to be done si SR cannot >> Re-Introduce >> the Baddie back in again. Can anyone clarify? I take it that's not an >> issue >> here but don't know why. Thanks!
Guest pemo Posted July 8, 2008 Posted July 8, 2008 Re: vondo/virtumonde help thank you --yes, i am still vigilant! i have been running spybot search and destroy, a2square, and adaware, been deleting all cookies, emptying temp folders, rebooting, defrag and start the process doing it all again and again. have emptied all cache, quarantined files etc.. any other suggestions papa bear? "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:eN2G%23LI4IHA.3484@TK2MSFTNGP05.phx.gbl... > Speaking from experience, I would NOT assume that machine's 100% clean if > all you did was run MBAM. > > pemo wrote: >> the recommendations to disable the restore point and disable network >> connections were required prior to running "fix vondo", and "vondo fix", >> both programs by the way were ineffective. antivir pe found the bad >> .dll(s) >> and the corrupt registry items, but could not seem to delete the files. >> reboot would show that they were back on system. the antimalware.exe in >> sajjad's post worked excellently. A+ >> >> "Craig S" <CraigS@discussions.microsoft.com> wrote in message >> news:274233DD-5F9E-42FD-8DA1-9742BA0D4659@microsoft.com... >>> >>> Anyone: Occasionally Malware Fixes include Disabling/Erasing System >>> Restore >>> Files and I'm confused when that needs to be done si SR cannot >>> Re-Introduce >>> the Baddie back in again. Can anyone clarify? I take it that's not an >>> issue >>> here but don't know why. Thanks! >
Guest PA Bear [MS MVP] Posted July 8, 2008 Posted July 8, 2008 Re: vondo/virtumonde help It's PA (as in Pennsylvania) Bear, please. Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://aumha.net/viewforum.php?f=30, http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, or other appropriate forums for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ pemo wrote: > thank you --yes, i am still vigilant! i have been running spybot search > and > destroy, a2square, and adaware, been deleting all cookies, emptying temp > folders, rebooting, defrag and start the process doing it all again and > again. have emptied all cache, quarantined files etc.. > any other suggestions papa bear? > "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message > news:eN2G%23LI4IHA.3484@TK2MSFTNGP05.phx.gbl... >> Speaking from experience, I would NOT assume that machine's 100% clean if >> all you did was run MBAM. >> >> pemo wrote: >>> the recommendations to disable the restore point and disable network >>> connections were required prior to running "fix vondo", and "vondo fix", >>> both programs by the way were ineffective. antivir pe found the bad >>> .dll(s) >>> and the corrupt registry items, but could not seem to delete the files. >>> reboot would show that they were back on system. the antimalware.exe in >>> sajjad's post worked excellently. A+ >>> >>> "Craig S" <CraigS@discussions.microsoft.com> wrote in message >>> news:274233DD-5F9E-42FD-8DA1-9742BA0D4659@microsoft.com... >>>> >>>> Anyone: Occasionally Malware Fixes include Disabling/Erasing System >>>> Restore >>>> Files and I'm confused when that needs to be done si SR cannot >>>> Re-Introduce >>>> the Baddie back in again. Can anyone clarify? I take it that's not an >>>> issue >>>> here but don't know why. Thanks!
Guest pemo Posted July 8, 2008 Posted July 8, 2008 Re: vondo/virtumonde help my apologies. i have added "super antispyware" to the arsenal. i will add "hijack this" as well. thanks for the reply-- and the tips. i'll need to do a little reading too! pete "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:umeYHVJ4IHA.4488@TK2MSFTNGP03.phx.gbl... > It's PA (as in Pennsylvania) Bear, please. > > Run a /thorough/ check for hijackware, including posting your hijackthis > log to an appropriate forum. > > Checking for/Help with Hijackware > http://aumha.org/a/parasite.htm > http://aumha.org/a/quickfix.htm > http://aumha.net/viewtopic.php?t=5878 > http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction > http://mvps.org/winhelp2002/unwanted.htm > http://inetexplorer.mvps.org/data/prevention.htm > http://inetexplorer.mvps.org/tshoot.html > http://www.mvps.org/sramesh2k/Malware_Defence.htm > http://defendingyourmachine2.blogspot.com/ > http://www.elephantboycomputers.com/page2.html#Removing_Malware > > When all else fails, HijackThis v2.0.2 > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use. > It will help you to both identify and remove any hijackware/spyware with > assistance from an expert. **Post your log to > http://aumha.net/viewforum.php?f=30, > http://forums.spybot.info/forumdisplay.php?f=22, > http://castlecops.com/forum67.html, or other appropriate forums for review > by an expert in such matters, not here.** > > If the procedures look too complex - and there is no shame in admitting > this isn't your cup of tea - take the machine to a local, reputable and > independent (i.e., not BigBoxStoreUSA) computer repair shop. > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > pemo wrote: >> thank you --yes, i am still vigilant! i have been running spybot search >> and >> destroy, a2square, and adaware, been deleting all cookies, emptying temp >> folders, rebooting, defrag and start the process doing it all again and >> again. have emptied all cache, quarantined files etc.. >> any other suggestions papa bear? >> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message >> news:eN2G%23LI4IHA.3484@TK2MSFTNGP05.phx.gbl... >>> Speaking from experience, I would NOT assume that machine's 100% clean >>> if >>> all you did was run MBAM. >>> >>> pemo wrote: >>>> the recommendations to disable the restore point and disable network >>>> connections were required prior to running "fix vondo", and "vondo >>>> fix", >>>> both programs by the way were ineffective. antivir pe found the bad >>>> .dll(s) >>>> and the corrupt registry items, but could not seem to delete the files. >>>> reboot would show that they were back on system. the antimalware.exe in >>>> sajjad's post worked excellently. A+ >>>> >>>> "Craig S" <CraigS@discussions.microsoft.com> wrote in message >>>> news:274233DD-5F9E-42FD-8DA1-9742BA0D4659@microsoft.com... >>>>> >>>>> Anyone: Occasionally Malware Fixes include Disabling/Erasing System >>>>> Restore >>>>> Files and I'm confused when that needs to be done si SR cannot >>>>> Re-Introduce >>>>> the Baddie back in again. Can anyone clarify? I take it that's not an >>>>> issue >>>>> here but don't know why. Thanks! >
Guest Kelly Posted July 8, 2008 Posted July 8, 2008 Re: vondo/virtumonde help Awesome program, thanks, Sajjad! As per your question: How antivirus software and System Restore work together http://support.microsoft.com/kb/831829 -- All the Best, Kelly (MS-MVP/DTS&XP) Taskbar Repair Tool Plus! http://www.kellys-korner-xp.com/taskbarplus!.htm SupportSpace http://www.supportspace.com/pages?aiu=kellyskorner "pemo" <nospam@nowhere.net> wrote in message news:%239jsOJH4IHA.3784@TK2MSFTNGP06.phx.gbl... > the recommendations to disable the restore point and disable network > connections were required prior to running "fix vondo", and "vondo fix", > both programs by the way were ineffective. antivir pe found the bad > .dll(s) > and the corrupt registry items, but could not seem to delete the files. > reboot would show that they were back on system. the antimalware.exe in > sajjad's post worked excellently. A+ > > "Craig S" <CraigS@discussions.microsoft.com> wrote in message > news:274233DD-5F9E-42FD-8DA1-9742BA0D4659@microsoft.com... >> >> Anyone: Occasionally Malware Fixes include Disabling/Erasing System >> Restore >> Files and I'm confused when that needs to be done si SR cannot >> Re-Introduce >> the Baddie back in again. Can anyone clarify? I take it that's not an >> issue >> here but don't know why. Thanks! > >
Guest Kayman Posted July 8, 2008 Posted July 8, 2008 Re: vondo/virtumonde help On Mon, 7 Jul 2008 16:41:32 -0400, pemo wrote: > tried both of these fixes yesterday, they would find the files, but on > re-boot the virus/worm reloaded. thanks anyway > ----- Original Message ----- > From: "Kayman" <kaymanDeleteThis@operamail.com> > Newsgroups: microsoft.public.windowsxp.general > Sent: Monday, July 07, 2008 9:43 AM > Subject: Re: vondo/virtumonde help > > >> On Mon, 7 Jul 2008 08:50:32 -0400, pemo wrote: >> >>> i have caught vondo trojan on another pc. all attempts to remove has not >>> worked. tried fix vondo, vondo fix, both say it is not present. when i >>> run >>> spybot search and destroy, it finds files, including 3 on registry. when >>> i >>> click repair, it has acted two ways-- >>> 1- it removes files (so it seems) but a second scan finds they have >>> reloaded. >>> or >>> 2- the program freezes. >>> when i reboot and scan again, same files are found even though previous >>> scan >>> has said they were deleted. >>> have found two .dll files that are corrupted with the trojan, but i am >>> not >>> permitted to delete them. i am told they are locked or in use by anothe >>> program or person. >>> have tried this over and over in both normal mode and safe mode. have >>> searched and found some info and "repairs" on web, but the repairs do not >>> find virus when they are run, even though spybot does. >>> any info would be appreciated, >>> thanks in advance, >>> pemo >> >> http://www.bleepingcomputer.com/forums/index.php?act=Search&CODE=show&searchid=41691ccd3fab16eb31b0c1f6eee4fde1&search_in=posts&result_type=topics&highlite=%2Bvundo%2Fvirtumonde > > > "Kayman" <kaymanDeleteThis@operamail.com> wrote in message > news:uQMCodD4IHA.4856@TK2MSFTNGP02.phx.gbl... >> On Mon, 7 Jul 2008 08:50:32 -0400, pemo wrote: >> >>> i have caught vondo trojan on another pc. all attempts to remove has not >>> worked. tried fix vondo, vondo fix, both say it is not present. when i >>> run >>> spybot search and destroy, it finds files, including 3 on registry. when >>> i >>> click repair, it has acted two ways-- >>> 1- it removes files (so it seems) but a second scan finds they have >>> reloaded. >>> or >>> 2- the program freezes. >>> when i reboot and scan again, same files are found even though previous >>> scan >>> has said they were deleted. >>> have found two .dll files that are corrupted with the trojan, but i am >>> not >>> permitted to delete them. i am told they are locked or in use by anothe >>> program or person. >>> have tried this over and over in both normal mode and safe mode. have >>> searched and found some info and "repairs" on web, but the repairs do not >>> find virus when they are run, even though spybot does. >>> any info would be appreciated, >>> thanks in advance, >>> pemo >> >> http://www.bleepingcomputer.com/forums/index.php?act=Search&CODE=show&searchid=41691ccd3fab16eb31b0c1f6eee4fde1&search_in=posts&result_type=topics&highlite=%2Bvundo%2Fvirtumonde Download/execute: CCleaner - Free Cleans temporary internet files, cookies, history, recent urls, application MRUs, etc. ... http://www.filehippo.com/download_ccleaner/ If Windows Defender is utilized go to Applications, under Utilities uncheck "Windows Defender". Then: Download David H. Lipman's MULTI_AV.EXE from the URL: http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/ Or: Kaspersky's AVPTool for on demand scanning: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ There's no updating involved since the application is updated several times a day and you simply download the updated scanner whenever you want to do a scan. (Scan in Safe-Mode). Or: Dr.Web CureIt!® Utility - FREE http://www.freedrweb.com/cureit/ Or: http://www.malwarebytes.org/mbam/program/mbam-setup.exe Good luck :)
Recommended Posts