Trojan.Vundo Help!!

Question

I am having problems with a Trojan.Vundo that has attached itself to Windows/System32, file jkkjj.dll.  I have download the removal tool from the Norton site and tried running it in safemode as well as regular mode.  I am assuming since it is attached to Windows that I am going to have to do a wipe out.  If so can I do it myself or will I have to find a computer tech to do this for me.  Help please!!

ky331 · Answer

download VirtumundoBeGone from: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe * Save it to your Desktop *  REBOOT YOUR SYSTEM !! * Close all running programs (including your Internet Browser)* Double-click VirtumundoBeGone.exe on the desktop* Follow the directions as indicated please be advised that this program will generate a 'BLUE SCREEN OF DEATH'... this is an expected/necessary part of the process, so don't be surprised when it happens. just reboot if your system 'jams' ********************* It's now time to report back to us: VirtumundoBeGone generated a 'log' file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, and be sure to let us know if you've noticed any changes.   Message Edited by ky331 on 12-29-2005 04:09 PM

Romi1976 · Answer

Download spysweeper and run a scan ... it would find trojan horse virtuemonde .. restart system will get a blue screen so restart .... issue will be resolved

Finzwake · Answer

wat is a blue screen exactly... cause when i tried to clean virtumundo useing McAfee   i had to restrt.. then a blue screen with some files or soething pooped up and said had to shut down is that it... i know that was vauge im really sorry

ky331 · Answer

BLUE SCREEN is literally that... a blue background, usually with a message (in white) indicating some type of 'FATAL' error, that Windows cannot proceed any further....  and the only way to continue is to reboot your system.   generally, when this happens, it's a sign of a problem.   but in the case of VirtumundoBeGone, it's an expected/necessary part of the fix.   I don't know that McAfee, by itself, will clean your virtumundo file.   if it does, great... if not, try VirtumundoBeGone, from the link listed above.

ky331 · Answer

the VBG log shows that it successfully deactivated the vundo trojan.     and the fact that your system is now running faster... and presumably without WinFixer popups, and without any more warnings about trojan vundo.... is certainly a good sign.   a simple answer as to why this tool works when the norton one doesn't:   WinFixer (trojan vundo) places itself so 'deeply' into Windows that 'ordinary' tools, like those from Symantec, can't simply remove it.   VirtumundoBeGone (as well as an alternative procedure commonly used, known as the Atribune VundoFix) basically get around the problem by 'forcing' the 'deep' removal... which 'crashes' your system in the removal process... resulting in the BLUE SCREEN OF DEATH (and/or a 'dump' of your system memory, and/or a sudden reboot in the middle of running the program).   these 'endings' are not 'elegant', which is probably why Symantec is reluctant to offer such a tool.   But it works!

jul1001 · Answer

I followed your instruction on downloading the VirtumundoBeGone from the link and believed it worked!! I haven't run a Norton scan yet to check but my computer is already back to a faster process. Thank you so much for your assistances!! I have copied the information please read below. Thank you again!

P.S. Why does this work but the vundo removal tool that Norton told me to download didn't work??

12/31/2005, 11:19:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[12/31/2005, 11:19:38] - Detected System Information:
[12/31/2005, 11:19:38] - Windows Version: 5.1.2600, Service Pack 2
[12/31/2005, 11:19:38] - Current Username: Administrator (Admin)
[12/31/2005, 11:19:38] - Windows is in NORMAL mode.
[12/31/2005, 11:19:38] - Searching for Browser Helper Objects:
[12/31/2005, 11:19:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/31/2005, 11:19:38] - BHO 2: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[12/31/2005, 11:19:38] - BHO 3: {B313D637-F405-4052-AC37-E2119AB3C8F8} (MSEvents Object)
[12/31/2005, 11:19:38] - ALERT: Found MSEvents Object!
[12/31/2005, 11:19:38] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/31/2005, 11:19:38] - Finished Searching Browser Helper Objects
[12/31/2005, 11:19:38] - *** Detected MSEvents Object
[12/31/2005, 11:19:38] - Trying to remove MSEvents Object...
[12/31/2005, 11:19:41] -    Terminating Process: IEXPLORE.EXE
[12/31/2005, 11:19:41] -    Terminating Process: RUNDLL32.EXE
[12/31/2005, 11:19:41] -    Disabling Automatic Shell Restart
[12/31/2005, 11:19:41] -    Terminating Process: EXPLORER.EXE
[12/31/2005, 11:19:41] -    Suspending the NT Session Manager System Service
[12/31/2005, 11:19:43] -    Terminating Windows NT Logon/Logoff Manager
[12/31/2005, 11:19:44] -    Re-enabling Automatic Shell Restart
[12/31/2005, 11:19:44] -   File to disable: C:\WINDOWS\system32\jkkjj.dll
[12/31/2005, 11:19:44] - Renaming C:\WINDOWS\system32\jkkjj.dll -> C:\WINDOWS\system32\jkkjj.dll.vir
[12/31/2005, 11:19:44] - File successfully renamed!
[12/31/2005, 11:19:44] -   Removing HKLM\...\Browser Helper Objects\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/31/2005, 11:19:44] -   Removing HKCR\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/31/2005, 11:19:44] -   Adding Kill Bit for ActiveX for GUID: {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/31/2005, 11:19:44] -   Deleting ATLEvents/MSEvents Registry entries
[12/31/2005, 11:19:44] -   Removing HKLM\...\Winlogon\Notify\jkkjj
[12/31/2005, 11:19:44] - Searching for Browser Helper Objects:
[12/31/2005, 11:19:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/31/2005, 11:19:44] - BHO 2: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[12/31/2005, 11:19:44] - BHO 3: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/31/2005, 11:19:44] - Finished Searching Browser Helper Objects
[12/31/2005, 11:19:44] - Finishing up...
[12/31/2005, 11:19:44] - A restart is needed.
[12/31/2005, 11:19:44] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[12/31/2005, 11:19:59] - Attempting to Restart via STOP error (Blue Screen!)

jul1001 · Answer

Yes!! It definitely works, and again thank you for your help in solving this problem.  Have a Happy New Year!

blazer the 2nd · Answer

Trendmicro resolved my virtumondo problem with their fix tool and my virus was also attached to windows system32. This is the trendmicro site with variations of virtumondo virus' and information on how to go on removing them.

Good luck

Virus & Spyware

Was this post helpful?