Guest apeke Posted September 17, 2007 Posted September 17, 2007 I have purchased and installed Bit Defender a couple months ago and two days ago it started popping up a Virus Alert informing me it has detected a trojan/virus. It will show the file path then the state what the virus is: i.e: PATH: c:\windows\system32\nnnnkhe.dll Infected with: Trojan.Vundo.DNE Since this initial alert popped up, I have ran HJT and tried removing the file (Trojan) through that program, as well as downloaded and installed several so called Virus/Trojan removal tools from Microsoft, etc.... I have run scans through Stinger, VundoFix, SmitfraudFix, jv16 power tools, etc and so on and none of these software scanners will remove the infected file, nor do they actually state any virus was found in the end results of said scan, but I keep getting different pop up alerts from Bit Defender and have located MOST of the files it claims are infedcted, with a majority of them being located in System32 under WINDOWS folder. Here is a list of files the alert directs to my attention just today: system32/nnnnkhe.dll --> infected with: VUNDO.A system32/wmvds32.dll --> infected with: Downloader.VB.ASX and a couple more that do not show a file path only showing a web like address starting with http:// (and numbers following).... Anyway...I'm at a loss as to know how to either remove (permanately) these so called infected files, or stop my Bit Defender AVP from constantly popping up these alerts. Thank you.. Vicki
Guest nass Posted September 17, 2007 Posted September 17, 2007 RE: VIRUS ALERT??? "apeke" wrote: > I have purchased and installed Bit Defender a couple months ago and two days > ago it started popping up a Virus Alert informing me it has detected a > trojan/virus. > It will show the file path then the state what the virus is: i.e: > > PATH: c:\windows\system32\nnnnkhe.dll > > Infected with: Trojan.Vundo.DNE > > > Since this initial alert popped up, I have ran HJT and tried removing the > file (Trojan) through that program, as well as downloaded and installed > several so called Virus/Trojan removal tools from Microsoft, etc.... > I have run scans through Stinger, VundoFix, SmitfraudFix, jv16 power tools, > etc and so on and none of these software scanners will remove the infected > file, nor do they actually state any virus was found in the end results of > said scan, but I keep getting different pop up alerts from Bit Defender and > have located MOST of the files it claims are infedcted, with a majority of > them being located in System32 under WINDOWS folder. > > Here is a list of files the alert directs to my attention just today: > > system32/nnnnkhe.dll --> infected with: VUNDO.A > > system32/wmvds32.dll --> infected with: Downloader.VB.ASX > > and a couple more that do not show a file path only showing a web like > address starting with http:// (and numbers following).... > > Anyway...I'm at a loss as to know how to either remove (permanately) these > so called infected files, or stop my Bit Defender AVP from constantly popping > up these alerts. > Thank you.. > Vicki http://forums.spybot.info/showthread.php?t=15583 Trojan-Downloader:W32/VB.AXS http://uk.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_VB.DMF http://www.f-secure.com/v-descs/trojan-downloader_w32_vb_axs.shtml Download AutoRuns for Windows v8.73 and delete the pre-mentioned infected files/folders. By Mark Russinovich and Bryce Cogswell http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx = Click Start >> Control Panel>>Network and Internet Connections >> Double click Internet Options. On the IE properties windows you will see these Tabs: General | Security | Privacy | Content | Connections | Programs | Advanced. Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. [ ] Disable script Debugging (internet Explorer) <= check this box [ ] Disable Script Debugging (Other) <= check this box Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Run Disk Cleanup and Defrag in Safe Mode. HTH. nass ---- http://www.nasstec.co.uk
Guest PA Bear Posted September 17, 2007 Posted September 17, 2007 Re: VIRUS ALERT??? You've got a Vundo infection, at least, and need the assistance of an expert. Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert analysis, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE, OE, Security, Shell/User) since 2002 AumHa VSOP & Admin http://aumha.net; DTS-L http://dts-l.org/ apeke wrote: > I have purchased and installed Bit Defender a couple months ago and two > days > ago it started popping up a Virus Alert informing me it has detected a > trojan/virus. > It will show the file path then the state what the virus is: i.e: > > PATH: c:\windows\system32\nnnnkhe.dll > > Infected with: Trojan.Vundo.DNE > > > Since this initial alert popped up, I have ran HJT and tried removing the > file (Trojan) through that program, as well as downloaded and installed > several so called Virus/Trojan removal tools from Microsoft, etc.... > I have run scans through Stinger, VundoFix, SmitfraudFix, jv16 power > tools, > etc and so on and none of these software scanners will remove the infected > file, nor do they actually state any virus was found in the end results of > said scan, but I keep getting different pop up alerts from Bit Defender > and > have located MOST of the files it claims are infedcted, with a majority of > them being located in System32 under WINDOWS folder. > > Here is a list of files the alert directs to my attention just today: > > system32/nnnnkhe.dll --> infected with: VUNDO.A > > system32/wmvds32.dll --> infected with: Downloader.VB.ASX > > and a couple more that do not show a file path only showing a web like > address starting with http:// (and numbers following).... > > Anyway...I'm at a loss as to know how to either remove (permanately) these > so called infected files, or stop my Bit Defender AVP from constantly > popping up these alerts. > Thank you.. > Vicki
Guest Kayman Posted September 17, 2007 Posted September 17, 2007 Re: VIRUS ALERT??? On Mon, 17 Sep 2007 12:00:27 -0700, apeke wrote: > I have purchased and installed Bit Defender a couple months ago and two days > ago it started popping up a Virus Alert informing me it has detected a > trojan/virus. > It will show the file path then the state what the virus is: i.e: > > PATH: c:\windows\system32\nnnnkhe.dll > > Infected with: Trojan.Vundo.DNE > http://www.google.com/search?q=vundo+infection+fix
Recommended Posts