Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

N

Nastassia

6 Posts

20869

December 1st, 2005 23:00

Trojan.vundo

Hi i downloaded fix vundo from systemantec and i ran it about 10 times and norton is still indicating that trojan.vundo is still on my computer can some one help me please?

dnee

3 Posts

December 2nd, 2005 00:00

I just found something that I think might have worked so if you can just standby and I will repost in a little bit.  Just running the fix again again another norton scan so it may be a few minutes...

dnee

3 Posts

December 2nd, 2005 00:00

You too huh???  I am having the same problem.  I have ran both the fix tools out there from Norton and I also followed the directions for safe mode and regedit.  I did not find any of the files they said to look for.  Norton 2005 does not allow you to delete this virus even during safe mode.  I am at a loss and if I can find out a way to restore the entire pc I am going to!!!

tiajah

4 Posts

December 2nd, 2005 00:00

Me, too. I tried the fix, I tried the manual fix, I had my college age son try to get rid of it, but no luck. Looks like he will have to reinstall everything when he's home for Christmas...unless someone here can solve this problem.

dnee

3 Posts

December 2nd, 2005 01:00

and what would that be?  the "mundobegone.exe"?

tiajah

4 Posts

December 2nd, 2005 01:00

It also looks like someone had the same question in an earlier thread. Directions for a fix were posted there, so I'll try that...

ky331

3 Apprentice

 • 

15.2K Posts

December 2nd, 2005 13:00

you also need virtumundobegone:   here are the complete instructions, including the symantec tool:
 

Download [but do *NOT* yet run] FixVundo from

http://securityresponse.symantec.com/avcenter/FixVundo.exe

 

[we'll have you run it later]

Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.

********************

Next, download VirtumundoBeGone from:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

 

* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated

please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.

 just reboot if your system "jams"

*********************

After rebooting, it's now time to run FixVundo (which you had downloaded earlier).

Make sure all other programs, including your Internet Browser, are closed.

Double-click the FixVundo.exe file to start the removal tool.

Click Start to begin the process, and then allow this tool to run.

Important: Do not launch any new applications while the tool is running!

Reboot your computer.

Run the FixVundo removal tool again to ensure that the system is clean.

*********************

It's now time to report back to us:

 VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here.

 

[ It would also be prudent to follow-up on this, by generating and posting a HiJackThis log, in the  HJT forum.]

Nastassia

6 Posts

December 2nd, 2005 15:00

[12/01/2005, 21:28:34] - Starting Process...
[12/01/2005, 21:28:34] - Looking for Browser Helper Object [MSEvents Object]
[12/01/2005, 21:28:34] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[12/01/2005, 21:28:34] - 2: {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - Drop Spam Toolbar
[12/01/2005, 21:28:34] - 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
[12/01/2005, 21:28:34] - WARNING: 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - BHO Name is blank.
[12/01/2005, 21:28:34] - Checking for WinLogon Notify reference. (File: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll)
[12/01/2005, 21:28:34] - Couldn't find deSrcAs in Winlogon Notify. Ignoring {4D25F921-B9FE-4682-BF72-8AB8210D6D75}.
[12/01/2005, 21:28:34] - 4: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[12/01/2005, 21:28:34] - 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[12/01/2005, 21:28:34] - 6: {B313D637-F405-4052-AC37-E2119AB3C8F8} - MSEvents Object
[12/01/2005, 21:28:34] - Found MSEvents Object!
[12/01/2005, 21:28:34] - File location: C:\WINDOWS\system32\jkhfc.dll
[12/01/2005, 21:28:34] - Attempting to kill C:\WINDOWS\system32\jkhfc.dll
[12/01/2005, 21:28:34] - Terminating Process: RUNDLL32.EXE
[12/01/2005, 21:28:35] - Terminating Process: IEXPLORE.EXE
[12/01/2005, 21:28:38] - Disabling Automatic Shell Restart
[12/01/2005, 21:28:39] - Terminating Process: EXPLORER.EXE
[12/01/2005, 21:28:41] - Suspending the NT Session Manager System Service
[12/01/2005, 21:28:41] - Terminating Windows NT Logon/Logoff Manager
[12/01/2005, 21:28:41] - Re-enabling Automatic Shell Restart
[12/01/2005, 21:28:42] - Renaming C:\WINDOWS\system32\jkhfc.dll -> C:\WINDOWS\system32\jkhfc.dll.vir
[12/01/2005, 21:28:42] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[12/01/2005, 21:28:42] - Removing Registry references to {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/01/2005, 21:28:42] - Adding Internet Explorer Protection (Kill ActiveX) for {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/01/2005, 21:28:42] - Removing Winlogon Notify Entry: jkhfc
[12/01/2005, 21:28:42] - BHO list has been changed! Starting over...
[12/01/2005, 21:28:42] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[12/01/2005, 21:28:42] - 2: {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - Drop Spam Toolbar
[12/01/2005, 21:28:42] - 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
[12/01/2005, 21:28:42] - WARNING: 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - BHO Name is blank.
[12/01/2005, 21:28:42] - Checking for WinLogon Notify reference. (File: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll)
[12/01/2005, 21:28:42] - Couldn't find deSrcAs in Winlogon Notify. Ignoring {4D25F921-B9FE-4682-BF72-8AB8210D6D75}.
[12/01/2005, 21:28:42] - 4: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[12/01/2005, 21:28:42] - 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[12/01/2005, 21:28:42] - 6: {BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class
[12/01/2005, 21:28:42] - Finished searching for [MSEvents Object]
[12/01/2005, 21:28:42] - Finishing up...
[12/01/2005, 21:28:42] - Enabling Automatic Reboot on STOP Error.
[12/01/2005, 21:28:42] - Attempting to Restart via STOP error (Blue Screen!)
[12/01/2005, 21:31:46] - Starting Process...
[12/01/2005, 21:31:46] - Looking for Browser Helper Object [MSEvents Object]
[12/01/2005, 21:31:46] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[12/01/2005, 21:31:46] - 2: {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - Drop Spam Toolbar
[12/01/2005, 21:31:46] - 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
[12/01/2005, 21:31:46] - WARNING: 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - BHO Name is blank.
[12/01/2005, 21:31:46] - Checking for WinLogon Notify reference. (File: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll)
[12/01/2005, 21:31:46] - Couldn't find deSrcAs in Winlogon Notify. Ignoring {4D25F921-B9FE-4682-BF72-8AB8210D6D75}.
[12/01/2005, 21:31:46] - 4: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[12/01/2005, 21:31:46] - 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[12/01/2005, 21:31:46] - 6: {BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class
[12/01/2005, 21:31:46] - Finished searching for [MSEvents Object]
[12/01/2005, 21:31:46] - Nothing found! Exiting.
 
am i ok now?

ky331

3 Apprentice

 • 

15.2K Posts

December 2nd, 2005 15:00

the VBG log did not give us enough information in your case.   is norton still detecting trojan vundo?--- or has that stopped??
 
if the warning has stopped, that's certainly a strong sign that the fix worked... but if you're still getting the warning, the fix has failed...
 
either way, in order to say more with any certainty (one way or the other) , we need to see your HiJackThis log;
 
Download the latest version of HJT(hijackthis) (version 1.99.1) from

http://majorgeeks.com/download3155.html

you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.

The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer.   If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )

After Unzipping, double click on HiJackThis.EXE

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.

Hopefully, one of the HJT experts will get to it as quickly as possible.

====================================================

WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.
 
 
Supplemental note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people.   Nevertheless, it seems that many individuals try to be "creative", and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process. 
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)  BAD:  using an older/outdated version of HiJackThis...
The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b) BADusing a TEMP directory or your DESKTOP for HJT....
Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative.
c) BAD:  posting your log in the wrong forum...
if you post your log back here, in the Virus/SpyWare forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.
 

POST SCRIPT:   It has come to my attention that many people are unfamiliar with how to create the recommended sub-directory/folder   C:\HJT   

while others are able to create this directory, but are unsure how to move HJT into it (from wherever it happened to get downloaded into, "by default")...  
If you have either of these "problems", then you should d ownload a self-extracting copy of HijackThis from
Save it to your Desktop.
Double-click on the file    hijackthis_sfx.exe    file, and it will self-extract into its own folder,
C:\Program Files\HijackThis

ky331

3 Apprentice

 • 

15.2K Posts

December 2nd, 2005 18:00

vundo can infect your computer, regardless of which antivirus (Norton, McAfee, or otherwise) that you're using.
 
WinFixer is a more general problem than just vundo (although they are often closely related).  if you've "cured" your vundo, but still have a winfixer problem, you'll need to follow the directions above to post your hiJackthis log in the HJT forum

jvnut

2 Posts

December 2nd, 2005 18:00

Hello all. First time posting.  We have been having trouble with this vundo thing too.  We got the fix from nortons to work last week, but still had the winfixer add pop up, and now our computer is infected again.  We are going to try the fix noted here, but we had a questions.  Does anyone with McAffees have this problem? 
Thanks

vanessa-pok

7 Posts

December 3rd, 2005 04:00

I had the Trojan-vundo problem and ran the 2 programs  you recommend and the Fix-vundo scan did not find the virus and the virus window is gone. The Winfix window still pops  up, so I downloaded the HJT but it went to desktop inadvertently. How can I move it to a folder? Here is my VBG log

[12/02/2005, 23:59:46] - Starting Process...
[12/02/2005, 23:59:46] - Looking for Browser Helper Object [MSEvents Object]
[12/02/2005, 23:59:46] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[12/02/2005, 23:59:46] - 2: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[12/02/2005, 23:59:46] - 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[12/02/2005, 23:59:46] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[12/02/2005, 23:59:46] - 5: {B313D637-F405-4052-AC37-E2119AB3C8F8} - MSEvents Object
[12/02/2005, 23:59:46] - Found MSEvents Object!
[12/02/2005, 23:59:46] - File location: C:\WINDOWS\system32\gebyw.dll
[12/02/2005, 23:59:46] - Attempting to kill C:\WINDOWS\system32\gebyw.dll
[12/02/2005, 23:59:46] - Terminating Process: RUNDLL32.EXE
[12/02/2005, 23:59:46] - Terminating Process: IEXPLORE.EXE
[12/02/2005, 23:59:46] - Disabling Automatic Shell Restart
[12/02/2005, 23:59:46] - Terminating Process: EXPLORER.EXE
[12/02/2005, 23:59:47] - Suspending the NT Session Manager System Service
[12/02/2005, 23:59:47] - Terminating Windows NT Logon/Logoff Manager
[12/02/2005, 23:59:48] - Re-enabling Automatic Shell Restart
[12/02/2005, 23:59:48] - Renaming C:\WINDOWS\system32\gebyw.dll -> C:\WINDOWS\system32\gebyw.dll.vir
[12/02/2005, 23:59:48] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[12/02/2005, 23:59:48] - Removing Registry references to {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/02/2005, 23:59:48] - Adding Internet Explorer Protection (Kill ActiveX) for {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/02/2005, 23:59:48] - Removing Winlogon Notify Entry: gebyw
[12/02/2005, 23:59:48] - BHO list has been changed! Starting over...
[12/02/2005, 23:59:48] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[12/02/2005, 23:59:48] - 2: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[12/02/2005, 23:59:48] - 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[12/02/2005, 23:59:48] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[12/02/2005, 23:59:48] - 5: {BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class
[12/02/2005, 23:59:48] - Finished searching for [MSEvents Object]
[12/02/2005, 23:59:48] - Finishing up...
[12/02/2005, 23:59:48] - Enabling Automatic Reboot on STOP Error.
[12/02/2005, 23:59:48] - Attempting to Restart via STOP error (Blue Screen!)
Thanks for your help!

ky331

3 Apprentice

 • 

15.2K Posts

December 3rd, 2005 10:00

vanessa,
 
if i follow what you're saying, you had both a vundo-virus warning AND a winfixer window/popup... and that, after running VBG, it fixed only the virus warning.   that's entirely possible, because there are many different versions of WinFixer, and HiJackThis should reveal which (other) one you have.
 
the simplest way to place HJT in a good location is to Download a self-extracting copy of HijackThis from
and save it to your Desktop.
Double-click on the file hijackthis_sfx.exe file, and it will self-extract into its own folder,
C:\Program Files\HijackThis
 
please be sure to post your HJT log in the HJT forum (*NOT* back here)

ICEHAWK83

3 Posts

December 4th, 2005 02:00

I Too have tried to slay this Trojan and As I followed all the pages of advice on how to kill it and make it STAY  dead... I was instructed to disable the system restore... I guessed it was like a back door enterance.  Then in safe mode go in and delete  three files  ....  Only Problem
  NOW  I Trapped  In Safe Mode and I can't get out...  This is office computer
Can Someone Help me ECSAPE  from the Forbidden SAFE  MODE?????
I can not restore because  I was told to disable it first... I have no clue on this
spent 3 hours trying...   HELP!!!!!    Thanks

jvnut

2 Posts

December 5th, 2005 23:00

I ran the virtumundo, and the vundo fix, and the message is not coming up any more.  Here is a copy of the vbg file.  Is my computer ok now, or do I need to hijack the other thing.


[12/05/2005, 19:49:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Tom and Debbie\Desktop\VirtumundoBeGone.exe" )
[12/05/2005, 19:49:19] - Detected System Information:
[12/05/2005, 19:49:19] -  Windows Version: 5.1.2600, Service Pack 2
[12/05/2005, 19:49:19] -  Current Username: Tom and Debbie (Admin)
[12/05/2005, 19:49:19] -  Windows is in NORMAL mode.
[12/05/2005, 19:49:19] - Searching for Browser Helper Objects:
[12/05/2005, 19:49:19] -  BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/05/2005, 19:49:19] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/05/2005, 19:49:19] -  BHO 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[12/05/2005, 19:49:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/05/2005, 19:49:19] -  Checking for HKLM\...\Winlogon\Notify\deSrcAs
[12/05/2005, 19:49:19] -  Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[12/05/2005, 19:49:19] -  BHO 4: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (Comcast Toolbar)
[12/05/2005, 19:49:19] -  BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/05/2005, 19:49:19] -  BHO 6: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[12/05/2005, 19:49:19] -  BHO 7: {B313D637-F405-4052-AC37-E2119AB3C8F8} (MSEvents Object)
[12/05/2005, 19:49:19] - ALERT: Found MSEvents Object!
[12/05/2005, 19:49:19] -  BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/05/2005, 19:49:19] - Finished Searching Browser Helper Objects
[12/05/2005, 19:49:19] - *** Detected MSEvents Object
[12/05/2005, 19:49:19] - Trying to remove MSEvents Object...
[12/05/2005, 19:49:20] -    Terminating Process: IEXPLORE.EXE
[12/05/2005, 19:49:20] -    Terminating Process: RUNDLL32.EXE
[12/05/2005, 19:49:20] -    Disabling Automatic Shell Restart
[12/05/2005, 19:49:20] -    Terminating Process: EXPLORER.EXE
[12/05/2005, 19:49:21] -    Suspending the NT Session Manager System Service
[12/05/2005, 19:49:21] -    Terminating Windows NT Logon/Logoff Manager
[12/05/2005, 19:49:21] -    Re-enabling Automatic Shell Restart
[12/05/2005, 19:49:21] -   File to disable: C:\WINDOWS\system32\pmkhg.dll
[12/05/2005, 19:49:21] -  Renaming C:\WINDOWS\system32\pmkhg.dll -> C:\WINDOWS\system32\pmkhg.dll.vir
[12/05/2005, 19:49:21] -  File successfully renamed!
[12/05/2005, 19:49:21] -   Removing HKLM\...\Browser Helper Objects\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/05/2005, 19:49:21] -   Removing HKCR\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/05/2005, 19:49:21] -   Adding Kill Bit for ActiveX for GUID: {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/05/2005, 19:49:21] -   Deleting ATLEvents/MSEvents Registry entries
[12/05/2005, 19:49:21] -   Removing HKLM\...\Winlogon\Notify\pmkhg
[12/05/2005, 19:49:21] - Searching for Browser Helper Objects:
[12/05/2005, 19:49:21] -  BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/05/2005, 19:49:21] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/05/2005, 19:49:21] -  BHO 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[12/05/2005, 19:49:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/05/2005, 19:49:21] -  Checking for HKLM\...\Winlogon\Notify\deSrcAs
[12/05/2005, 19:49:21] -  Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[12/05/2005, 19:49:21] -  BHO 4: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (Comcast Toolbar)
[12/05/2005, 19:49:21] -  BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/05/2005, 19:49:21] -  BHO 6: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[12/05/2005, 19:49:21] -  BHO 7: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/05/2005, 19:49:21] - Finished Searching Browser Helper Objects
[12/05/2005, 19:49:21] - Finishing up...
[12/05/2005, 19:49:21] - A restart is needed.
[12/05/2005, 19:49:21] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[12/05/2005, 19:49:36] - Attempting to Restart via STOP error (Blue Screen!)
Thanks!!

ky331

3 Apprentice

 • 

15.2K Posts

December 6th, 2005 01:00

based on the information in your VBG log (as well as the fact that the warning message is no longer coming up any more), it looks like you've successfully tackled the vundo problem.  

HiJackThis would serve as an additional confirmation.... as well as allow the experts in the HJT forum to analyze your system, to see if there are any other problems (besides the vundo) residing on your system.   i'd recommend HJT, but the choice is yours.  if you decide to do so, please start a new thread of your own, in the HJT forum... do NOT place your log here.

View More

View All

No Events found!

Top