trojan.vundo.b

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have the above trojan according to Norton 2003. I have scanned several
times in normal and safe mode but am unable to remove the file. With Norton
it finds the file but cannot quarantine it or delete it. It is labelled
c:\windows\repair\infodb.dll I understand it is an adware and I am getting
the following advert comming up routinely
http://www.winantivirus.com/index-pro.php?aid=mdwavtop&lid=virus . I do not
want to contact them as I am unsure of what efect that might have.

The microsoft website has nothing on search this adware trojan.

Any clues?
--
Philogynist.
9 answers Last reply
More about trojan vundo
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "philogynist" <philogynist@discussions.microsoft.com>

    | I have the above trojan according to Norton 2003. I have scanned several
    | times in normal and safe mode but am unable to remove the file. With Norton
    | it finds the file but cannot quarantine it or delete it. It is labelled
    | c:\windows\repair\infodb.dll I understand it is an adware and I am getting
    | the following advert comming up routinely
    | http://www.winantivirus.com/index-pro.php?aid=mdwavtop&lid=virus . I do not
    | want to contact them as I am unsure of what efect that might have.
    |
    | The microsoft website has nothing on search this adware trojan.
    |
    | Any clues?
    | --
    | Philogynist.

    There are anti virus News Groups specifically for this type of discussion.

    microsoft.public.scripting.virus.discussion
    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache
    Tools --> Options --> Privacy --> Cache --> Clear

    1) Download TrendMicro Sysclean by one of the following 2 methods

    Trend Sysclean Method 1
    ---------------------------------------
    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend signature files.
    http://www.trendmicro.com/download/pattern.asp

    Create a directory.
    On drive "C:\"
    (e.g., "c:\sysclean")

    Download SYSCLEAN.COM and place it in that directory.
    Download the signature files (pattern files) by obtaining the ZIP file.
    For example; lpt604.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    SYSCLEAN.COM.

    Trend Sysclean Method 2
    ---------------------------------------
    Download the utility SYSCLEAN_FE at the following URL --
    http://www.ik-cs.com/got-a-virus.htm
    SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
    Direct URL --
    http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

    2) Download and install Ad-aware SE (free personal version v1.05)
    http://www.lavasoftusa.com/
    3) Update Adaware with the latest definitions then exit the software.
    4) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    5) Reboot your PC into Safe Mode and shutdown as many applications as possible
    6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your
    platform and clean/delete any infectors found
    7) Restart your PC and perform a "final" Full Scan of your platform using both Trend
    Sysclean and Ad-aware SE
    8) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    9) Reboot your PC.
    10) Create a new Restore point

    * * Please report back your results * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "philogynist" <philogynist@discussions.microsoft.com>

    | I have the above trojan according to Norton 2003. I have scanned several
    | times in normal and safe mode but am unable to remove the file. With Norton
    | it finds the file but cannot quarantine it or delete it. It is labelled
    | c:\windows\repair\infodb.dll I understand it is an adware and I am getting
    | the following advert comming up routinely
    | http://www.winantivirus.com/index-pro.php?aid=mdwavtop&lid=virus . I do not
    | want to contact them as I am unsure of what efect that might have.
    |
    | The microsoft website has nothing on search this adware trojan.
    |
    | Any clues?
    | --
    | Philogynist.

    Alternate directions....

    1) Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache
    Tools --> Options --> Privacy --> Cache --> Clear

    2) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

    3) Download Pocket KillBox
    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Extract killbox.exe from the ZIP file.
    Execute; KillBox.exe

    Click on Tools --> Select; Delete Temp Files.

    Choose; OK

    In the Full Path of File to Delete box, type the entire following line exactly

    C:\Windows\REGIST~\cabplay.dll

    Select; Replace on Reboot

    put a check in the box "Use Dummy"

    Click The Red circle and a white X

    When prompted to Replace on Reboot, click YES

    If prompted to Reboot Now, Click YES

    Allow the PC to shutdown

    4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
    5) Using your NAV software, perform a Full Scan of your platform and clean/delete any
    infectors found
    6) Restart your PC and perform a "final" Full Scan of your platform
    7) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) Create a new Restore point

    * * * Please report back your results * * *

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi,

    I also had this trogan and this fix did the job, so many thanks! For others
    with the same problem, I did have to disable the Windows firewall for
    GETFILES.BAT to work. The scan also took ages, but was worth it!

    Thanks again
    Chris

    "David H. Lipman" wrote:

    > From: "philogynist" <philogynist@discussions.microsoft.com>
    >
    > | I have the above trojan according to Norton 2003. I have scanned several
    > | times in normal and safe mode but am unable to remove the file. With Norton
    > | it finds the file but cannot quarantine it or delete it. It is labelled
    > | c:\windows\repair\infodb.dll I understand it is an adware and I am getting
    > | the following advert comming up routinely
    > | http://www.winantivirus.com/index-pro.php?aid=mdwavtop&lid=virus . I do not
    > | want to contact them as I am unsure of what efect that might have.
    > |
    > | The microsoft website has nothing on search this adware trojan.
    > |
    > | Any clues?
    > | --
    > | Philogynist.
    >
    > The following set of instructions have been reported WILL WORK !
    > Attached is a HTML Log file of that report.
    >
    > Download CLEAN.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/clean.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link (.lnk) files and a PDF instruction file.
    > GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner.
    >
    > CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan.
    >
    > DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from; http://www.bootdisk.com/bootdisk.htm
    >
    > I need you to perform the following...
    >
    > Execute; CLEAN.EXE
    > Choose; Unzip
    > Choose; Close
    >
    >
    > Execute; c:\mcafee\GetFiles.BAT
    > { or Double-click on 'GetFiles Link' in c:\mcafee }
    >
    > Reboot the PC into Safe Mode [F8 key during boot]
    >
    > Shutdown as many applications as possible !
    > It would also help for you to read - "How to perform a clean boot in Windows XP"
    > http://support.microsoft.com/kb/310353
    >
    > Execute; c:\mcafee\CLEAN.BAT
    > { or Double-click on 'Clean Link' in c:\mcafee }
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "chrisr63" <chrisr63@discussions.microsoft.com>

    | Hi,
    |
    | I also had this trogan and this fix did the job, so many thanks! For others
    | with the same problem, I did have to disable the Windows firewall for
    | GETFILES.BAT to work. The scan also took ages, but was worth it!
    |
    | Thanks again
    | Chris


    Thank you Chris for that feedback. I am receiving *many* reports of infection by the Vundo
    Trojan. It seems to be rampant in the last few days.

    I especially thank you for the feedback on the FireWall issue. I'll try to include that
    information in future responses.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dave,

    I have norton antivirus, will this work for me as I have downloaded
    'CLEAN.exe' from the URL and then I got to the bit after where you have to go
    to c:\mcafee\getfiles.BAT and realised that I probably didn't have this as I
    on Norton AntiVirus

    HELP!!!

    Thanks

    Claire
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Claire" <Claire@discussions.microsoft.com>

    | Dave,
    |
    | I have norton antivirus, will this work for me as I have downloaded
    | 'CLEAN.exe' from the URL and then I got to the bit after where you have to go
    | to c:\mcafee\getfiles.BAT and realised that I probably didn't have this as I
    | on Norton AntiVirus
    |
    | HELP!!!
    |
    | Thanks
    |
    | Claire

    Claire:

    This is a standalone utility that can be used in conjunction with *any* anti virus.

    After you execute CLEAN.EXE, a c:\mcafee folder will be created and the needed files will be
    in there.

    When you execute; c:\mcafee\getfiles.BAT it will FTP the nedeed scanner files and once
    that is complete you acvn then go to the next phase which is to reboot into Safe Mode.

    When you are in Safe Mode you will then execute; c:\mcafee\Clean.BAT which will actually
    perform the scan process. When the scan is completed it will display a HTML Log file in
    your browser.


    Here are the general instructions again (and note that there is a PDF help file placed in
    c:\mcafee)

    GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
    Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
    allow the FTP utility to download the needed files.

    CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
    to scan again at a future date, run this batch file. It will automatically check the date
    of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
    signature files and install them before performing the scan.

    DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
    you have booted from an Emergency Boot Disk or DOS disk and have already executed;
    c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
    http://www.bootdisk.com/bootdisk.htm

    I need you to perform the following...

    Execute; CLEAN.EXE
    Choose; Unzip
    Choose; Close

    Execute; c:\mcafee\GetFiles.BAT
    { or Double-click on 'GetFiles Link' in c:\mcafee }

    Reboot the PC into Safe Mode [F8 key during boot]

    Shutdown as many applications as possible !
    It would also help for you to read - "How to perform a clean boot in Windows XP"
    http://support.microsoft.com/kb/310353

    Execute; c:\mcafee\CLEAN.BAT
    { or Double-click on 'Clean Link' in c:\mcafee }


    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (FireFox or Internet Explorer). It is
    suggested that you move the report out of c:\mcafee before performing another scan. It
    would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session. I would very much like a copy of the report(s) and your findings.


    I guess that should do it for now Claire...Good Luck !

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dave,

    Thanks - am a bit of a novice at computers and didn't realise that the
    McAfee files would be downloaded. Have spent the afternoon running the Clean
    and it has worked. Thanks for your help.

    Claire
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Claire" <Claire@discussions.microsoft.com>

    | Dave,
    |
    | Thanks - am a bit of a novice at computers and didn't realise that the
    | McAfee files would be downloaded. Have spent the afternoon running the Clean
    | and it has worked. Thanks for your help.
    |
    | Claire

    Fantastic Claire !

    Thnx for updating the thread.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Could I please ask for some help?
    When I started up my PC, Norton 2002 told me it had detected the above
    virus. I scanned but it's unable to delete a file crvga.dll which is located
    in C:\windows\system. I've tried Norton, Tweak XP Pro and a shareware product
    GIP and none can remove the offending file. I've also tried scanning with
    Norton in Sage mode. AVG anti - virus says my machine is ok - can anyone help
    please?
    Bill

    "David H. Lipman" wrote:

    > From: "Claire" <Claire@discussions.microsoft.com>
    >
    > | Dave,
    > |
    > | Thanks - am a bit of a novice at computers and didn't realise that the
    > | McAfee files would be downloaded. Have spent the afternoon running the Clean
    > | and it has worked. Thanks for your help.
    > |
    > | Claire
    >
    > Fantastic Claire !
    >
    > Thnx for updating the thread.
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
Ask a new question

Read More

Trojan Microsoft Norton Windows XP