Message Edited by ZoeyL on 09-18-2006 11:40 AM

• Double-click VundoFix.exe to run it.
• 
  
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files,
• click YES
  
• Once you click yes, your desktop will go blank as it starts removing
• Vundo.
  
• When completed, it will prompt that it will shutdown your computer,
• click OK.
  
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new
• HiJackThis log.
  

• Enter your username from this forum
• Copy and paste the link to this thread
• Browse for this filename: C:\WINNT\SYSTEM32\att549.dll
• In the comments, please mention that I asked you to upload this file
• Click on Send File

• * Double-click VundoFix.exe to run it.
  Click Scan for Vundo button.
  * Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  
  * Copy&Paste the 2 entries below into the top 2 boxes
  
  C:\WINNT\system32\att549.dll
  
  C:\WINNT\system32\945tta.*
  
  * Click Add Files and Click Close Window
  * Click the Remove Vundo button.
  * You will receive a prompt asking if you want to remove the files, click YES
  * Once you click yes, your desktop will go blank as it starts removing Vundo.
  * When completed, it will prompt that it will shutdown your computer, click OK.
  * Turn your computer back on.
  
  
  * Please post the ENTIRE contents of C:\vundofix.txt and a new HiJackThis log.

1. 
   
2. Once you have downloaded Ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
3. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right click on ewido in the system tray and uncheck "Start with Windows".
4. >
5. Go to Start > Run and type: services.msc
6. Press "OK".
7. In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
8. When you find the guard service, double-click on it.
9. In the Properties Window > General Tab that opens, click the "Stop" button.
10. From the drop-down menu next to "Startup Type", click on "Manual".
11. Now click "Apply", then "OK" and close the Services window
12. Once the setup is complete you will need run ewido and update the definition files.
13. On the main screen select the icon "Update". Tthen select the "Update now" link.
14. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
15. If you are having problems with the updater, manually update with the Ewido Full database installer from here.
    
16. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
17. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
18. Under "Reports"
19. Select "Automatically generate report after every scan"
20. Un-Select "Only if threats were found"
21. Close Ewido anti-spyware, Do Not run a scan just yet.
    
    
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    2. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
       
    3. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
    4. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    5. ewido will now begin the scanning process, be patient this may take a little time.
    6. Once the scan is complete do the following:
       
    7. If you have any infections you will prompted, then select "Apply all actions"
    8. IMPORTANT! Don't save the report before you have clicked the Apply all actions button. If you do it will make it more difficult for the helper to interpret the report.
       
    9. Next select the "Reports" icon at the top.
    10. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    11. Close ewido and reboot your system back into Normal Mode. Please post the results of the ewido report scan.
    12. 
        
        Run Disk Cleanup in each user's profile:
        Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
        Please make sure the following are checked:
        -- Downloaded Program Files
        -- Temporary Internet Files
        -- Recycle Bin
        -- Temporary Files
        Click "OK" and Disk Cleanup will delete those files for you.
        
        Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
        
        Updating Java:
        
        • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
        • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
        • Click the "Download" button to the right.
        • Check the box that says: "Accept License Agreement".
        • The page will refresh.
        • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
        • Close any programs you may have running - especially your web browser.
        • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
        • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
        • Click the Remove or Change/Remove button.
        • Repeat as many times as necessary to remove each Java versions.
        • Reboot your computer once all Java components are removed.
        • Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.
        
        Official JAVA Installation Instructions if needed.
        
        
        After all that, please post a fresh HijackThis log for final review and let me know if your problem has been resolved. Thanks:)

• Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.