Trojan.Vundo?

Question

I ran the Symantec virus scanner as suggested in the FAQ and got the following: C:\WINDOWS\SYSTEM32\yabaa.dll is infected with Trojan.Vundo C:\WINDOWS\ServicePackFiles\i386	cpacc.dll is infected with Trojan.Vundo C:\WINDOWS\Downloaded Program Files\bridge.inf is infected with Adware.WinFavorites C:\Documents and Settings\Kate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b42299-18bf6259.zip is infected with Adware.Winpup I downloaded FixVundo from Symantec, ran it, and it said that Trojan.Vundo was not found on my computer. Being a rather technologically inept person, I'm confused. Did I do something wrong, and if so, what? Suggestions? Thanks. :)

ky331 · Answer

Rather than FixVundo from Symantec, try running VundoFix from Atribune:

Download VundoFix.exe from http://www.atribune.org/public-beta/VundoFix.exe and save it to your desktop. Make sure it's version 4.2.21 [or later].

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

See if your Symantec scanner still picks on the two trojan vundo items, or if they're "gone" now...

Inonuffink · Answer

Being new to the forum I have been looking thru answers to other posts about winfix . Now I am really depressed. I downloaded Spydoctor and ran a scan it detected 163 infections including Trojan.download.Conthook, Virtumondo, and Dialer.BT.d. I did not purchase the official spydoctor as prompted. Glad I didn't as in another post it turns out not to be the solution. I tried to download vundofix but was warned by security that it didn't have a valid signature from publisher and not to download it. I don't know who to trust anymore! I really don't know what I am doing,only getting more upset.

TheArrowPen · Answer

Thanks for the suggestion, Ky. I think I've got everything cleaned out, but If have more trouble, I will be sure to try it. :)

ky331 · Answer

Inonuffink   concerning WinFixer, be advised that there are several different variations of it, each of which has a separate fix of its own.   the most common version of WinFixer is based on a vundo/virtumundo trojan, and in this case, either the Atribune VundoFix, or Secured2k's VirtumundoBeGone, should be successful in fixing the problem.   [and since TheArrowPen clearly had two Vundo trojans being detected by Symantec, these seemed the appropriate tools in this case].   I just tried re-downloading the Atribune VundoFix from the above link, and, at least on my system, did not receive any security warning messages... not sure what's generating it on your system.  [p.s. i see that the current version of VundoFix is now up to 4.2. 26 ]   If you have the vundo-based version of WinFixer, and are having 'problems' downloading VundoFix, you might consider the VirtumundoBeGone alternative:   download VirtumundoBeGone from: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe * Save it to your Desktop* Close all running programs (including your Internet Browser)* Double-click VirtumundoBeGone.exe on the desktop* Follow the directions as indicated please be advised that this program will generate a 'BLUE SCREEN OF DEATH'... this is an expected/necessary part of the process, so don't be surprised when it happens. just reboot if your system 'jams' ********************* I have to reiterate that VBG only fixes the VUNDO-based version of WinFixer.   If that's what you had, then you should notice an immediate difference after you reboot your system:  you should no longer be receiving WinFixer popups, nor any warning messages about trojan vundo/virtumundo.   And if so, you've fixed the WinFixer problem. But if WinFixer is still present after running VBG (or VundoFix), that means you have a different version of WinFixer (such as SurfAccuracy, an installer, or a rootkit), in which case, further analysis [starting with HiJackThis] is required.  I also want to stress that VBG will not solve your other problems (Trojan.download.Conhook,  and Dialer.BT.d), but that again, HiJackThis is the prudent way to proceed.  If you wish to try this: Download a self-extracting copy of the latest version of HJT (HiJackThis) (version 1.99.1) from http://downloads.malwareremoval.com/hijackthis_sfx.exe     Save it to your Desktop. Double-click on the file    hijackthis_sfx.exe    file, and allow it to self-extract [by clicking on UnZip] into the suggested/default folder, C:\Program Files\HijackThis   Use Windows Explorer to navigate your way into this folder, and then double click on HiJackThis. exe Click on  Do a System Scan and Save a LogFile This will automatically open NotePad Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there: http://forums.us.dell.com/supportforums/board?board.id=si_hijack Be sure to include a detailed description of any problems/errors/warnings you are encountering. Hopefully, one of the HJT experts will get to it as quickly as possible.   WARNING:  HiJack This is a VERY POWERFUL tool.  While it's  completely safe  for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!!   Improper use of this tool can severely damage your system.             Message Edited by ky331 on 02-19-2006 10:50 AM

Virus & Spyware

Was this post helpful?