having a bit of trouble getting rid of this one.... symantec doesnt do a thing, and the symantec "FixVundo" executable doesnt as well... any suggestions?

11/17/2005 4:46:50 PM

did u turn off system restore before running the symantec tool?

11/17/2005 5:16:11 PM

no, do you mean disable system restore? and what should that do?

11/17/2005 6:37:51 PM

Quote :

"By using the System Restore feature, a computer system can be restored (rolled back) to a time before certain events occurred. For example, the computer may be restored to a time before specific software or hardware installations. System Restore monitors changes to the computer and to some program files, and automatically creates restore points. You can also create your own restore points whenever you want to. "

http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405



In a nutshell: System restore tracks changes to the registry and file structure and may roll back your settings. (I.E undelete registry values and/or files.)

11/17/2005 6:43:57 PM

understood

11/17/2005 6:44:43 PM

It's basically there to be a pain in the ass.



Try spending 3 hours scanning for spyware across several XP usernames just to restart and find them all back again.


If i want to make a goddamn restore point, I'LL USE THE FUCKING WIZARD.

11/17/2005 6:46:40 PM

11/17/2005 6:53:05 PM

cut off system restore, run fixer exec., said it was removed - but then when I turned my realtime protection back on, it immediately popped back up saying the trojan was still present....

11/17/2005 7:11:43 PM

wow.



you're totally fucked then.





sell the computer, it's a time bomb.

11/17/2005 7:47:18 PM

hehe, no - really

11/17/2005 7:47:45 PM

killbox.exe

11/17/2005 8:00:29 PM

so I assume this exec. permanently deletes the system file that is infected? and that is all?? do you know of negative consequences? (i did google it, btw)

11/17/2005 8:45:24 PM

If i'm not mistaken this is the same virsus I made a post about awhile back. If it is its a bitch to get rid of. Gotta run in safe mode, with system restore off, then run that program, then run that program again with a virsus scan as the computer boots up so that no programs are accessed and started. The after all thats done, hope for the best.

11/19/2005 11:33:12 AM

From my experience the past month or so we haven't been able to remove the Vundo virus from any of the machines that come in without formatting them and starting from scratch. One word describes the symantec removal tool: WORTHLESS!

I haven't tried killbox.exe though...might try it next week. It would save us a lot of time at work instead of formatting all these machines.

11/19/2005 11:57:16 AM