vundo virus

[Guest richiegodsmack@hotmail.com]

i got a virus may28 and it messed my laptop all up

and i cannot restore to a date before then?? -- how can i restore my pc to a

date between may14 and may29?????

richard

[Guest PD43]

Re: vundo virus

 

richiegodsmack@hotmail.com

<richiegodsmackhotmailcom@discussions.microsoft.com> wrote:

>i got a virus may28 and it messed my laptop all up

>and i cannot restore to a date before then?? -- how can i restore my pc to a

>date between may14 and may29?????

 

Doesn't look like that's possible.

 

Better start looking for the restore disc.

[Guest Hetch]

Re: vundo virus

 

richiegodsmack wrote:

> i got a virus may28 and it messed my laptop all up

> and i cannot restore to a date before then?? -- how can i restore my pc to a

> date between may14 and may29?????

> richard

 

 

Disable System Restore since it won't help at the best of times.

Download, install, update, and run SUPERAntiSpyware.

 

http://downloads2.superantispyware.com/downloads/SUPERAntiSpywarePro.exe

[Guest richiegodsmack]

Re: vundo virus

 

thanx.......but i dont have one!!!

richard

 

 

"PD43" wrote:

> richiegodsmack@hotmail.com

> <richiegodsmackhotmailcom@discussions.microsoft.com> wrote:

>

> >i got a virus may28 and it messed my laptop all up

> >and i cannot restore to a date before then?? -- how can i restore my pc to a

> >date between may14 and may29?????

>

> Doesn't look like that's possible.

>

> Better start looking for the restore disc.

>

[Guest David H. Lipman]

Re: vundo virus

 

From: "richiegodsmack@hotmail.com" <richiegodsmackhotmailcom@discussions.microsoft.com>

 

| i got a virus may28 and it messed my laptop all up

| and i cannot restore to a date before then?? -- how can i restore my pc to a

| date between may14 and may29?????

| richard

 

No, you do not have a "virus", you may have a Vundo "Trojan".

 

How do you know you have a Vundo Trojan ?

What have you done to mitigate it ?

 

That kind of information is important.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest richiegodsmack]

Re: vundo virus

 

than

x.......i will try that--

richard

 

 

"Hetch" wrote:

> richiegodsmack wrote:

> > i got a virus may28 and it messed my laptop all up

> > and i cannot restore to a date before then?? -- how can i restore my pc to a

> > date between may14 and may29?????

> > richard

>

>

> Disable System Restore since it won't help at the best of times.

> Download, install, update, and run SUPERAntiSpyware.

>

> http://downloads2.superantispyware.com/downloads/SUPERAntiSpywarePro.exe

>

[Guest PA Bear [MS MVP]]

Re: vundo virus

 

Unexplained computer behavior may be caused by deceptive software

http://support.microsoft.com/kb/827315

 

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.

It will help you to both identify and remove any hijackware/spyware with

assistance from an expert. **Post your log to

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html,

http://forums.subratam.org/index.php?showforum=7,

http://aumha.net/viewforum.php?f=30, or other appropriate forums for review

by an expert in such matters, not here.**

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

richiegodsmack@hotmail.com wrote:

> i got a virus may28 and it messed my laptop all up

> and i cannot restore to a date before then?? -- how can i restore my pc to

> a

> date between may14 and may29?????

> richard

[Guest richiegodsmack]

Re: vundo virus

 

i already detected and then delete it using avg anti virus....but it disabled

my cd drive and deleted and changed alot of my registry keys... i have a

system recovery disc that i got from hp but when i insert them into my cd

drive and restart my pc, the drive doesnt start the disc???? i cant get the

recovery disc to open??? thanx ahead for ur time and any help that u

may give to me...

--

richard

 

 

"David H. Lipman" wrote:

> From: "richiegodsmack@hotmail.com" <richiegodsmackhotmailcom@discussions.microsoft.com>

>

> | i got a virus may28 and it messed my laptop all up

> | and i cannot restore to a date before then?? -- how can i restore my pc to a

> | date between may14 and may29?????

> | richard

>

> No, you do not have a "virus", you may have a Vundo "Trojan".

>

> How do you know you have a Vundo Trojan ?

> What have you done to mitigate it ?

>

> That kind of information is important.

>

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

>

[Guest Ken Blake, MVP]

Re: vundo virus

 

On Fri, 6 Jun 2008 12:53:04 -0700, richiegodsmack@hotmail.com

<richiegodsmackhotmailcom@discussions.microsoft.com> wrote:

> i got a virus may28

 

 

How do you know.

 

> and it messed my laptop all up

> and i cannot restore to a date before then?? -- how can i restore my pc to a

> date between may14 and may29?????

 

 

System Restore wouldn't fix the problem, anyway.

 

--

Ken Blake, Microsoft MVP - Windows Desktop Experience

Please Reply to the Newsgroup

[Guest MowGreen [MVP]]

Re: vundo virus

 

Hetch wrote *IMPRUDENT* advice :

>

>

>

> Disable System Restore since it won't help at the best of times.

> Download, install, update, and run SUPERAntiSpyware.

>

> http://downloads2.superantispyware.com/downloads/SUPERAntiSpywarePro.exe

 

Would you rather have a leaky lifeboat or just sink it because it's leaky ?

 

System Restore should be Disabled WHEN THE SYSTEM HAS BEEN CLEANED UP

or, use DiskCleanup, which deletes all but the most recent restore

points, *AFTER* the system is free of malware.

 

As long as infected restore points are not used, there is *NO* danger of

reinfestation.

 

MowGreen [MVP 2003-2008]

===============

*-343-* FDNY

Never Forgotten

===============

[Guest richiegodsmack]

Re: vundo virus

 

thanx......i am going to try the highjack removal software that u provided me..

--

richard

 

 

"PA Bear [MS MVP]" wrote:

> Unexplained computer behavior may be caused by deceptive software

> http://support.microsoft.com/kb/827315

>

> Run a /thorough/ check for hijackware, including posting your hijackthis log

> to an appropriate forum.

>

> Checking for/Help with Hijackware

> http://aumha.org/a/parasite.htm

> http://aumha.org/a/quickfix.htm

> http://aumha.net/viewtopic.php?t=5878

> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/data/prevention.htm

> http://inetexplorer.mvps.org/tshoot.html

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> http://defendingyourmachine2.blogspot.com/

> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>

> When all else fails, HijackThis v2.0.2

> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.

> It will help you to both identify and remove any hijackware/spyware with

> assistance from an expert. **Post your log to

> http://forums.spybot.info/forumdisplay.php?f=22,

> http://castlecops.com/forum67.html,

> http://forums.subratam.org/index.php?showforum=7,

> http://aumha.net/viewforum.php?f=30, or other appropriate forums for review

> by an expert in such matters, not here.**

>

> If the procedures look too complex - and there is no shame in admitting this

> isn't your cup of tea - take the machine to a local, reputable and

> independent (i.e., not BigBoxStoreUSA) computer repair shop.

>

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

> richiegodsmack@hotmail.com wrote:

> > i got a virus may28 and it messed my laptop all up

> > and i cannot restore to a date before then?? -- how can i restore my pc to

> > a

> > date between may14 and may29?????

> > richard

>

>

[Guest John A]

Re: vundo virus

 

"Disable System Restore ..." - bad advice

"..Run Superantispyware" - good advice, may need to run it in Safe

Mode.

 

On Fri, 06 Jun 2008 15:54:46 -0500, Hetch <hgk@example.net> wrote:

>richiegodsmack wrote:

>> i got a virus may28 and it messed my laptop all up

>> and i cannot restore to a date before then?? -- how can i restore my pc to a

>> date between may14 and may29?????

>> richard

>

>

>Disable System Restore since it won't help at the best of times.

>Download, install, update, and run SUPERAntiSpyware.

>

>http://downloads2.superantispyware.com/downloads/SUPERAntiSpywarePro.exe

[Guest David H. Lipman]

Re: vundo virus

 

From: "richiegodsmack" <richiegodsmack@discussions.microsoft.com>

 

| i already detected and then delete it using avg anti virus....but it disabled

| my cd drive and deleted and changed alot of my registry keys... i have a

| system recovery disc that i got from hp but when i insert them into my cd

| drive and restart my pc, the drive doesnt start the disc???? i cant get the

| recovery disc to open??? thanx ahead for ur time and any help that u

| may give to me...

 

 

 

1. Download and execute HiJack This! (HJT)

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

 

2. Disable Notepad's word wrap:

In Notepad.exe; Format --> uncheck; "Word wrap"

 

3. Download/run Deckard's System Scanner:

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

4. Save the scan results (Main.txt and Extra.txt)

 

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below

expert forums...

 

 

{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

 

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner

Logs.

 

NOTE: Registration is REQUIRED in any of the below before posting a log

 

Suggested primary:

http://www.thespykiller.co.uk/index.php?board=3.0

 

Suggested secondary:

http://www.bleepingcomputer.com/forums/forum22.html

http://castlecops.com/forum67.html

http://www.malwarebytes.org/forums/index.php?showforum=7

 

Suggested tertiary:

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.atribune.org/forums/index.php?showforum=9

http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://forum.networktechs.com/forumdisplay.php?f=130

http://forums.maddoktor2.com/index.php?showforum=17

http://www.spywarewarrior.com/viewforum.php?f=5

http://forums.spywareinfo.com/index.php?showforum=18

http://forums.techguy.org/f54-s.html

http://forums.tomcoyote.org/index.php?showforum=27

http://forums.subratam.org/index.php?showforum=7

http://www.5starsupport.com/ipboard/index.php?showforum=18

http://aumha.net/viewforum.php?f=30

http://makephpbb.com/phpbb/viewforum.php?f=2

http://forums.techguy.org/54-security/

http://forums.security-central.us/forumdisplay.php?f=13

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest Elmo]

Re: vundo virus

 

richiegodsmack wrote:

> I already detected and then deleted it using avg anti virus, but it disabled

> my cd drive and deleted and changed a lot of my registry keys. I have a

> system recovery disc that I got from HP but when I insert it into my cd

> drive and restart my pc, the drive doesn't start the disc. I can't get the

> recovery disc to open. Thanx ahead for your time and any help that you

> may give to me.

 

Enter the BIOS and set the boot order to CD-ROM, Floppy (if you have

one), then hard drive. Or, press F10 during the boot cycle and select

the CD-ROM to boot from. HP didn't give instructions with the CD?

 

--

Joe =o)

[Guest PD43]

Re: vundo virus

 

richiegodsmack <richiegodsmack@discussions.microsoft.com> wrote:

>i already detected and then delete it using avg anti virus....but it disabled

>my cd drive and deleted and changed alot of my registry keys... i have a

>system recovery disc that i got from hp but when i insert them into my cd

>drive and restart my pc, the drive doesnt start the disc???? i cant get the

>recovery disc to open???

 

That's the "restore disc" I told you to use and that you said you

didn't have ;-)

 

Do you know how to enter your computer BIOS when it's powering up?

 

Normally, you just start tapping the DEL (sometimes F2) key when the

monitor first starts showing the POST results (black screen, white

text).

 

In there you should find a place where you can set the boot order.

 

Set it to try your CD first.

 

Save your changes and exit.

[Guest Hetch]

Re: vundo virus

 

John A wrote:

> "Disable System Restore ..." - bad advice

> "..Run Superantispyware" - good advice, may need to run it in Safe

> Mode.

 

 

Why is it bad advice?

 

http://support.microsoft.com/kb/831829

[Guest David H. Lipman]

Re: vundo virus

 

From: "Hetch" <hgk@example.net>

 

 

|

| Why is it bad advice?

|

| http://support.microsoft.com/kb/831829

 

Becuase if you are going to clean a PC you could do it out of sequence or make a mistake and

corrupt teh OS. You could then restore it, albeit infected. The PC wouldn't be corrupt and

you could have another go at it with a different motive operandi.

 

If you dump the System Restore cache prior to cleaning a PC, you have no fall back position.

 

Once the PC is considered clean, then you can dump the System Restore cache and manually

create a new restore point.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest richiegodsmack]

Re: vundo virus

 

no instructions came with the two discs...one is sp2 software and drivers

andthe other is "application and driver recovery dvd...the website said to

insert disc while the pc is on and then shotdown restart pc and follow

instructions ...but the pc doesnt register it and goes to windows...and all

acces keys to cd drive to manually start and cd are all gone because of this

vundo trojan

--

richard

 

 

"Elmo" wrote:

> richiegodsmack wrote:

> > I already detected and then deleted it using avg anti virus, but it disabled

> > my cd drive and deleted and changed a lot of my registry keys. I have a

> > system recovery disc that I got from HP but when I insert it into my cd

> > drive and restart my pc, the drive doesn't start the disc. I can't get the

> > recovery disc to open. Thanx ahead for your time and any help that you

> > may give to me.

>

> Enter the BIOS and set the boot order to CD-ROM, Floppy (if you have

> one), then hard drive. Or, press F10 during the boot cycle and select

> the CD-ROM to boot from. HP didn't give instructions with the CD?

>

> --

> Joe =o)

>

[Guest PA Bear [MS MVP]]

Re: vundo virus

 

HijackThis is a tool we use to diagnose infections. It doesn't remove

anything on its own. Make sure you posted your HijackThis log to an

appropriate forum for expert assistance.

 

richiegodsmack wrote:

> thanx......i am going to try the highjack removal software that u provided

> me..

>

>> Unexplained computer behavior may be caused by deceptive software

>> http://support.microsoft.com/kb/827315

>>

>> Run a /thorough/ check for hijackware, including posting your hijackthis

>> log to an appropriate forum.

>>

>> Checking for/Help with Hijackware

>> http://aumha.org/a/parasite.htm

>> http://aumha.org/a/quickfix.htm

>> http://aumha.net/viewtopic.php?t=5878

>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

>> http://mvps.org/winhelp2002/unwanted.htm

>> http://inetexplorer.mvps.org/data/prevention.htm

>> http://inetexplorer.mvps.org/tshoot.html

>> http://www.mvps.org/sramesh2k/Malware_Defence.htm

>> http://defendingyourmachine2.blogspot.com/

>> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>

>> When all else fails, HijackThis v2.0.2

>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.

>> It will help you to both identify and remove any hijackware/spyware with

>> assistance from an expert. **Post your log to

>> http://forums.spybot.info/forumdisplay.php?f=22,

>> http://castlecops.com/forum67.html,

>> http://forums.subratam.org/index.php?showforum=7,

>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for

>> review

>> by an expert in such matters, not here.**

>>

>> If the procedures look too complex - and there is no shame in admitting

>> this isn't your cup of tea - take the machine to a local, reputable and

>> independent (i.e., not BigBoxStoreUSA) computer repair shop.

>>

>> --

>> ~Robear Dyer (PA Bear)

>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

>> AumHa VSOP & Admin http://aumha.net

>> DTS-L http://dts-l.net/

>>

>> richiegodsmack@hotmail.com wrote:

>>> i got a virus may28 and it messed my laptop all up

>>> and i cannot restore to a date before then?? -- how can i restore my pc

>>> to

>>> a

>>> date between may14 and may29?????

>>> richard

[Guest richiegodsmack]

Re: vundo virus

 

thanks for the help... i will try that

--

richard

 

 

"PD43" wrote:

> richiegodsmack <richiegodsmack@discussions.microsoft.com> wrote:

>

> >i already detected and then delete it using avg anti virus....but it disabled

> >my cd drive and deleted and changed alot of my registry keys... i have a

> >system recovery disc that i got from hp but when i insert them into my cd

> >drive and restart my pc, the drive doesnt start the disc???? i cant get the

> >recovery disc to open???

>

> That's the "restore disc" I told you to use and that you said you

> didn't have ;-)

>

> Do you know how to enter your computer BIOS when it's powering up?

>

> Normally, you just start tapping the DEL (sometimes F2) key when the

> monitor first starts showing the POST results (black screen, white

> text).

>

> In there you should find a place where you can set the boot order.

>

> Set it to try your CD first.

>

> Save your changes and exit.

>

[Guest sandy58]

Re: vundo virus

 

On Jun 6, 9:41 pm, PD43 <pauld1...@comcast.net> wrote:

> richiegodsm...@hotmail.com

>

> <richiegodsmackhotmail...@discussions.microsoft.com> wrote:

> >i got a virus may28 and it messed my laptop all up

> >and i cannot restore to a date before then?? -- how can i restore my pc to a

> >date between may14 and may29?????

>

> Doesn't look like that's possible.

>

> Better start looking for the restore disc.

 

http://download.yousendit.com/463F12AF017C7DDA

Download Vundofix, Fixklez, VirtumundoBeGone etc

This download link is good for 7 days. Good luck, richiegodsmack

[Guest David H. Lipman]

Re: vundo virus

 

From: "richiegodsmack" <richiegodsmack@discussions.microsoft.com>

 

| thanks for the help... i will try that

 

The thing you need to try is posting in an expert forum as I and PA Bear suggested.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest David H. Lipman]

Re: vundo virus

 

From: "sandy58" <aleckie68@googlemail.com>

 

 

|

| http://download.yousendit.com

| Download Vundofix, Fixklez, VirtumundoBeGone etc

| This download link is good for 7 days. Good luck, richiegodsmack

 

Why are you suggesting to run FixKlez when the OP has in noway suggested he is infected with

Win32/Klez ?

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest John A]

Re: vundo virus

 

I agree with Dave's answer to this. There are circumstances where it

is advisable to disable it, however disabling it would not have helped

in this case and would have eliminated one of the recovery tools.

 

I should have explained that in my post.

 

John

 

On Fri, 06 Jun 2008 17:01:37 -0500, Hetch <hgk@example.net> wrote:

>John A wrote:

>> "Disable System Restore ..." - bad advice

>> "..Run Superantispyware" - good advice, may need to run it in Safe

>> Mode.

>

>

>Why is it bad advice?

>

>http://support.microsoft.com/kb/831829

[Guest MowGreen [MVP]]

Re: vundo virus

 

David H. Lipman wrote:

> From: "sandy58" <aleckie68@googlemail.com>

>

>

> |

> | http://download.yousendit.com

> | Download Vundofix, Fixklez, VirtumundoBeGone etc

> | This download link is good for 7 days. Good luck, richiegodsmack

>

> Why are you suggesting to run FixKlez when the OP has in noway suggested he is infected with

> Win32/Klez ?

>

 

 

I recommend a shot of whiskey ... in fact, make that a fifth. <w>

 

MG