The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Unable To Remove The Vundo Virus

Posted 7/2/2008 10:51 AM
#63138
User avatar

Sidz Member

Date Joined Nov 2016
Total Posts: 3
Hello, I have recently picked up a few Virus's. The first was one called Antivirus XP 2008, and the other Vundo something. I am not sure, but I think I removed the first one, because I scanned, saw it and Vundo, clicked "Fix" and then I scanned again, the first one was gone but vundo was still there. However, I also see that the first one(Antivirus XP 2008) still looks to be installed on my start menu. I did try and unstall it as well, but the icon stays.


Symptoms

----------



- Slower Computer

- Can't open certain sites(IE: Bitdefender for one)

- Links in google send me to unknown directories(I have to copy and paste URL in the Address bar)

- Firefox does not work(I click on it, see the hour glass, but it doesn't open), I now have to use IE

- Spybot does not work(I click on it, see the hour glass, but it doesn't open), but the rest of my anti-spyware does



I came here because I saw a similiar problem talked about by someone else. He couldn't access certain sites either. His problem was solved by Touch, so I hope my problem is the same.



FYI: Just thought I'd mention I have combofix already as the guy in the old thread I saw had it as well... I just don't know how to use it again, as I had to use it for a different problem quite some time ago... I remember just clicking on it and it running, but it doesn't seem to want to do that anymore. I also have Killbox, Superantispyware, Adaware, Spywareblaster, AVG, CCleaner, and LSPfix(which I got during my search for a fix).



Thanks to all that can help. I have attached my hijackthis log



I guess I should add my OS as well... XP SP3.
Post attachments:
Posted 7/2/2008 12:19 PM
#63140
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :cool:





Please download Combofix:

https://download.bleepingcomputer.com/sUBs/ComboFix.exe





And save to the desktop.


Close all other browser windows.



Please connect all your external hard drive/flash drive before running Combofix







Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".





Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.


When finished, it will produce a logfile located at C:\combofix.txt.




Post the contents of that log in your next reply with a new hijackthis log.



Please copy and paste your log files. DO NOT add it as an attachment

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/2/2008 7:54 PM
#63154
User avatar

Sidz Member

Date Joined Nov 2016
Total Posts: 3
Thanks, but I can't access that link for some reason. If i copy URL to Address bar, still can't access it. Tried downloading combofix from other sites, same thing. It just brings me to the "Page cannot be displayed" page.


Like I said, I already have it, so is there any way that I can re-run it?



I got my copy to run, but then it said it was expired and it deleted itself from the computer.
Posted 7/3/2008 4:38 AM
#63158
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. Tried a systemrestore ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/3/2008 10:53 AM
#63171
User avatar

Sidz Member

Date Joined Nov 2016
Total Posts: 3
No. One thing I have learned from experience is to NEVER use system restore when I get a virus like this. Why? Because a copy of the virus is saved in restore points.

No offense, but I went to a different tech support forum, as I saw this one isn't very active. I'm pretty sure I have solved my problems. It was an in-depth guide, maybe a lil more then I needed to do, but one step almost solved my problem all on itself.

Ok, so my problem(Other then the virus) was that I couldn't access certain sites--usually the ones I needed--and I could't get combofix. Well, I solved that by using malwarebytes anti-malware program. It made it so that pretty much everything worked(FF, Spybot, links etc.). However, it did not kill all the virus's. Combofix and other prgrams did the rest. What this one did, was allow me to use combofix. I HIGHLY recommend it. It saved my day.

So if that is it, I thank you for your time and for trying nevertheless, Touch.

Take care.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 9:48 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
18 Guest(s), 0 Registered Member(s) are currently online.