yeah, so I got this virus. I've downloaded the removal tool from symantec, but no luck. I've tried running in safe mode, and then running the removal tool, but the virus still comes back even when the removal tool says that it got rid of it. I've tried other adware removal tools like ccleaner too, but no luck. any suggestions?

11/1/2005 7:58:15 AM

search for winfixer removal instructions. i think its the same thing. i had it.

11/1/2005 8:03:45 AM

http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html

my parents, sister, and her friends all had this. they used this tool and got rid of it.

11/1/2005 11:12:17 AM

Quote :

"I've downloaded the removal tool from symantec"

i think that is the tool he was referring to when he said it didnt work.

11/1/2005 11:36:32 AM

indeed it was

I'll try to find winfixer removal tools later when I get back home

I'll let you all know how it works out

11/1/2005 1:16:36 PM

still no luck. I've tried everything I think

any suggestions will help

11/2/2005 3:04:15 PM

format

11/2/2005 3:52:31 PM

fuck

I was really hoping I didn't have to do that. I don't have the windows xp cd anymore

I guess I will have to pay someone to remove it for me

11/2/2005 5:11:24 PM

how much

11/2/2005 5:35:54 PM

if it found that one think of all it didnt find you should format

11/2/2005 6:17:46 PM

Here's the removal tool:

http://www.apple.com/macosx/

[/obligatory snobbery]

[Edited on November 2, 2005 at 6:24 PM. Reason : ]

11/2/2005 6:24:03 PM

yeah, thx TWW

you tech junkies ain't worth SHIT

if I find out how to get rid of it, I'll let you all know

11/2/2005 6:46:36 PM

>.<

11/2/2005 6:50:30 PM

did u clean the registry entries?


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[filename]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}

http://www.2-spyware.com/remove-vundo-b.html

11/2/2005 8:42:39 PM

yeah, did all of that good stuff

I went to safe mode and ran procexp

then suspended explorer, rundll32, and winlogon

then ran spysweeper, and symantecs removal tool for virtumonde, and it seems like the virus is gone *knock on wood*

hope it stays that way

11/2/2005 8:47:28 PM

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FVUNDO%2EH&VSect=Sn

We use Trend at work and it is very good. Try trend micro's free online scan as it may be able to remove what Symantec couldn't. Remember to disable system restore prior to scan to ensure full removal.

11/2/2005 8:53:00 PM

thanks

if it comes back, I'll try that

11/2/2005 8:58:58 PM

instead of wasting time posting threads for solutions to problems, use a cannon to kill a mosquito:

r3form4t

11/3/2005 11:05:06 AM

Quote :

"I was really hoping I didn't have to do that. I don't have the windows xp cd anymore"

I think I solved the problem. And I don't think this was a waste of a thread either. I learned a lot in this little experience, and anyone with this similar problem can see what I did to get rid of the virus

11/3/2005 11:19:47 AM

http://fedora.redhat.com/download/

11/3/2005 4:16:45 PM

have you tried running every online virus scan possible

like hijackthis, and all that other stuff

11/3/2005 4:19:21 PM