 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Security and Administration / April 2005trojan.vundo.b
I have the above trojan according to Norton 2003. I have scanned several times in normal and safe mode but am unable to remove the file. With Norton it finds the file but cannot quarantine it or delete it. It is labelled c:\windows\repair\infodb.dll I understand it is an adware and I am getting the following advert comming up routinely http://www.winantivirus.com/index-pro.php?aid=mdwavtop&lid=virus . I do not want to contact them as I am unsure of what efect that might have. The microsoft website has nothing on search this adware trojan. Any clues?  SignaturePhilogynist. From: "philogynist" <philogynist@discussions.microsoft.com> | I have the above trojan according to Norton 2003. I have scanned several | times in normal and safe mode but am unable to remove the file. With Norton [quoted text clipped - 7 lines] | | Any clues? There are anti virus News Groups specifically for this type of discussion. microsoft.public.scripting.virus.discussion microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus Dump the contents of the IE Temporary Internet Folder cache (TIF) Start --> Settings --> Control Panel --> Internet Options --> Delete Files Dump the contents of the Mozilla FireFox Cache Tools --> Options --> Privacy --> Cache --> Clear 1) Download TrendMicro Sysclean by one of the following 2 methods Trend Sysclean Method 1 --------------------------------------- Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Latest Trend signature files. http://www.trendmicro.com/download/pattern.asp Create a directory. On drive "C:\" (e.g., "c:\sysclean") Download SYSCLEAN.COM and place it in that directory. Download the signature files (pattern files) by obtaining the ZIP file. For example; lpt604.zip Extract the contents of the ZIP file and place the contents in the same directory as SYSCLEAN.COM. Trend Sysclean Method 2 --------------------------------------- Download the utility SYSCLEAN_FE at the following URL -- http://www.ik-cs.com/got-a-virus.htm SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package. Direct URL -- http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe 2) Download and install Ad-aware SE (free personal version v1.05) http://www.lavasoftusa.com/ 3) Update Adaware with the latest definitions then exit the software. 4) Disable System Restore http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm 5) Reboot your PC into Safe Mode and shutdown as many applications as possible 6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your platform and clean/delete any infectors found 7) Restart your PC and perform a "final" Full Scan of your platform using both Trend Sysclean and Ad-aware SE 8) Re-enable System Restore and re-apply any System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB), 9) Reboot your PC. 10) Create a new Restore point * * Please report back your results * * SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm From: "philogynist" <philogynist@discussions.microsoft.com> | I have the above trojan according to Norton 2003. I have scanned several | times in normal and safe mode but am unable to remove the file. With Norton [quoted text clipped - 7 lines] | | Any clues? Alternate directions.... 1) Dump the contents of the IE Temporary Internet Folder cache (TIF) Start --> Settings --> Control Panel --> Internet Options --> Delete Files Dump the contents of the Mozilla FireFox Cache Tools --> Options --> Privacy --> Cache --> Clear 2) Disable System Restore http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm 3) Download Pocket KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip Extract killbox.exe from the ZIP file. Execute; KillBox.exe Click on Tools --> Select; Delete Temp Files. Choose; OK In the Full Path of File to Delete box, type the entire following line exactly C:\Windows\REGIST~\cabplay.dll Select; Replace on Reboot put a check in the box "Use Dummy" Click The Red circle and a white X When prompted to Replace on Reboot, click YES If prompted to Reboot Now, Click YES Allow the PC to shutdown 4) Reboot your PC into Safe Mode and shutdown as many applications as possible. 5) Using your NAV software, perform a Full Scan of your platform and clean/delete any infectors found 6) Restart your PC and perform a "final" Full Scan of your platform 7) Re-enable System Restore and re-apply any System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB), 8) Reboot your PC. 9) Create a new Restore point * * * Please report back your results * * * SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm From: "philogynist" <philogynist@discussions.microsoft.com> | I have the above trojan according to Norton 2003. I have scanned several | times in normal and safe mode but am unable to remove the file. With Norton [quoted text clipped - 7 lines] | | Any clues? The following set of instructions have been reported WILL WORK ! Attached is a HTML Log file of that report. Download CLEAN.EXE from the URL -- http://www.ik-cs.com/programs/virtools/clean.exe It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link (.lnk) files and a PDF instruction file. GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner. CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan. DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from; http://www.bootdisk.com/bootdisk.htm I need you to perform the following... Execute; CLEAN.EXE Choose; Unzip Choose; Close Execute; c:\mcafee\GetFiles.BAT { or Double-click on 'GetFiles Link' in c:\mcafee } Reboot the PC into Safe Mode [F8 key during boot] Shutdown as many applications as possible ! It would also help for you to read - "How to perform a clean boot in Windows XP" http://support.microsoft.com/kb/310353 Execute; c:\mcafee\CLEAN.BAT { or Double-click on 'Clean Link' in c:\mcafee } SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm Hi, I also had this trogan and this fix did the job, so many thanks! For others with the same problem, I did have to disable the Windows firewall for GETFILES.BAT to work. The scan also took ages, but was worth it! Thanks again Chris > From: "philogynist" <philogynist@discussions.microsoft.com> > [quoted text clipped - 40 lines] > Execute; c:\mcafee\CLEAN.BAT > { or Double-click on 'Clean Link' in c:\mcafee } From: "chrisr63" <chrisr63@discussions.microsoft.com> | Hi, | [quoted text clipped - 4 lines] | Thanks again | Chris Thank you Chris for that feedback. I am receiving *many* reports of infection by the Vundo Trojan. It seems to be rampant in the last few days. I especially thank you for the feedback on the FireWall issue. I'll try to include that information in future responses. SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm Dave, I have norton antivirus, will this work for me as I have downloaded 'CLEAN.exe' from the URL and then I got to the bit after where you have to go to c:\mcafee\getfiles.BAT and realised that I probably didn't have this as I on Norton AntiVirus HELP!!! Thanks Claire From: "Claire" <Claire@discussions.microsoft.com> | Dave, | [quoted text clipped - 8 lines] | | Claire Claire: This is a standalone utility that can be used in conjunction with *any* anti virus. After you execute CLEAN.EXE, a c:\mcafee folder will be created and the needed files will be in there. When you execute; c:\mcafee\getfiles.BAT it will FTP the nedeed scanner files and once that is complete you acvn then go to the next phase which is to reboot into Safe Mode. When you are in Safe Mode you will then execute; c:\mcafee\Clean.BAT which will actually perform the scan process. When the scan is completed it will display a HTML Log file in your browser. Here are the general instructions again (and note that there is a PDF help file placed in c:\mcafee) GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to allow the FTP utility to download the needed files. CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan. DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from; http://www.bootdisk.com/bootdisk.htm I need you to perform the following... Execute; CLEAN.EXE Choose; Unzip Choose; Close Execute; c:\mcafee\GetFiles.BAT { or Double-click on 'GetFiles Link' in c:\mcafee } Reboot the PC into Safe Mode [F8 key during boot] Shutdown as many applications as possible ! It would also help for you to read - "How to perform a clean boot in Windows XP" http://support.microsoft.com/kb/310353 Execute; c:\mcafee\CLEAN.BAT { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. I would very much like a copy of the report(s) and your findings. I guess that should do it for now Claire...Good Luck ! SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm Dave, Thanks - am a bit of a novice at computers and didn't realise that the McAfee files would be downloaded. Have spent the afternoon running the Clean and it has worked. Thanks for your help. Claire From: "Claire" <Claire@discussions.microsoft.com> | Dave, | [quoted text clipped - 3 lines] | | Claire Fantastic Claire ! Thnx for updating the thread. SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm Could I please ask for some help? When I started up my PC, Norton 2002 told me it had detected the above virus. I scanned but it's unable to delete a file crvga.dll which is located in C:\windows\system. I've tried Norton, Tweak XP Pro and a shareware product GIP and none can remove the offending file. I've also tried scanning with Norton in Sage mode. AVG anti - virus says my machine is ok - can anyone help please? Bill > From: "Claire" <Claire@discussions.microsoft.com> > [quoted text clipped - 9 lines] > > Thnx for updating the thread. From: "Bill" <Bill@discussions.microsoft.com> | Could I please ask for some help? | When I started up my PC, Norton 2002 told me it had detected the above [quoted text clipped - 4 lines] | please? | Bill The instructions are in the thread but, I'll post them again. Download CLEAN.EXE from the URL -- http://www.ik-cs.com/programs/virtools/clean.exe It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link (.lnk) files and a PDF instruction file. GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to allow the FTP utility to download the needed files. CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan. DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from; http://www.bootdisk.com/bootdisk.htm I need you to perform the following... Execute; CLEAN.EXE Choose; Unzip Choose; Close Execute; c:\mcafee\GetFiles.BAT { or Double-click on 'GetFiles Link' in c:\mcafee } Reboot the PC into Safe Mode [F8 key during boot] Shutdown as many applications as possible ! It would also help for you to read - "How to perform a clean boot in Windows XP" http://support.microsoft.com/kb/310353 Execute; c:\mcafee\CLEAN.BAT { or Double-click on 'Clean Link' in c:\mcafee } SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.