Can't get rid of Vundo virus. Update: fixxed it

[conlan]

Ok, so i get a virus warning from symantec, and follow the removal instructions:

Turn off system restore
open sysconfig and check "safe boot"
reboot into safe mode
run virus check

now, i'm in safe mode but all i have is a black screen with no desktop and "safe mode" in each corner. I reboot tapping the f8 key, but no matter which option i choose, i end up right back in the black safe mode screen. HELP!, Thanks

 

[cubby1223]

Many times you can still open up the task manager, select run, and type explorer.exe to open up the "desktop". If you can identify what virus you have, symantec probably has special removal utility for it.

 

[conlan]

That works, but the desktop disappears after about a sec. like something (the virus?) is closing it. I ran the virus removal tool before trying this and it didn't ditect anything, strange

 

[fjf314]

How recent are your virus definitions? I've also heard that updating the scanner itself, not just the definitions, is usually a good idea, too.

 

[conlan]

Thats the weird part, i updated the definitions about 2 hours ago, them got the virus about an hour ago. Anyway, i got into the desktop through taskmanager, browse, desktop and am running the removal tool now, we'll see what happens, Thanks for the advise folks 🙂

 

[conlan]

I ran the removal tool and again it states no virus found.

 

[fjf314]

Have you thus far gotten any indication of the name of the virus or what the name of the files it is using are? I myself have been having trouble with a worm lately (and I'm still not exactly sure if it's gone or not) but none of my anti-virus programs picked up on it, despite also having the latest definitions. If you have the name of the virus, I would suggest running searches for it to find specifics of removing just that particular virus. If you can't find anything on it, then maybe post the name here and see if someone else can find something.

 

[conlan]

Yup, it's in the title, Vundo virus. I folloerd symantecs instructions to remove it and thats how i got here.

 

[Nocturnal]

Vundo isn't going to be removed by Norton I can tell you that much. Check out the various spyware removal forums such as www.spywareinfo.com. They have good help that will guide you through removing the Vundo infection.

 

[John]

Are you typing your replies on the infected pc? 😛

1) Run the Vundo Fix
2) Run Panda Activescan
3) Run Spy Sweeper
4) Uninstall Norton and switch to Kaspersky FTW 🙂

 

[conlan]

Originally posted by: John
Are you typing your replies on the infected pc? 😛

1) Run the Vundo Fix
2) Run Panda Activescan
3) Run Spy Sweeper
4) Uninstall Norton and switch to Kaspersky FTW 🙂

Hey John, thanks i'll give those a shot. The Norton removal tool doesn't even find the virus, and Norton antivirus (which does) cant remove it once found, so i guess i'll give Kaspersky a try.
I also tried adawre and spydoctor with no success.

 

[John]

Do you still have a problem with Safe Mode?

 

[conlan]

No, i was able to get back into windows. I'm back on the infected machine (i was posting from my back-up) and am dowloading from your links 🙂

 

[John]

Be sure to reboot the 'infected' pc back into safe mode after you install and update the programs, or use safe mode w/ networking.

 

[conlan]

I tried running the "killvundo.bat" file and it just closes, this program need a net connection to work, but I cant connect to the net in safe mode (dial-up)

 

[conlan]

Well i finally killed the little ah heck (wish i could do the same for the author of said ah heck). For anyone else who may encounter the Vundo virus, heres what worked.

Download the VundoFix (link in above post) (the Norton fix didn't work for me, as well as many others i came to find out) do NOT open it yet.

If you're stuck with dial-up like me, restart windows, and use taskmgr to close all warning windows, and uneccessary apps.

Create a new folder "C:Vundo"

Unzip the Vundofix.zip to "C:Vundo"

Connect to net

Click the "Killvundo.BAT"

Press any key, let 'er run

When done, go to C:Vundo and run Highjackthis

Copy and paste results Here OR here (these guys are great!)

Reboot after making the neccessary Registry changes

 

[John]

I'm glad that you like the Vundo/Winfixer tool that I've been using. FWIW the instructions that you posted are in the readme. 🙂

 

[conlan]

Originally posted by: John
I'm glad that you like the Vundo/Winfixer tool that I've been using. FWIW the instructions that you posted are in the readme. 🙂

Thanks for the help John. 🙂

 

[xtknight]

Yeah, that thing is a pain in the ass. Vundo fixer did it for my dad's PC IIRC.

 

[John]

conlan, you're quite welcome. 🙂

The next step is working on prevention. Ditch NAV and go with Kaspersky Personal v5 or Nod32, install Spyware Blaster, and be careful about what you install on your computer. If you have other user accounts set them to limited. 😉