Vundo Trojan Problems

[Philip Michener]

I was recently infected with the Vundo Trojan and have had problems
ridding myself of it.

Windows Malicious Software Removal finds the trojan, but gives the
message that it was only partially removed. Then tell me to run a
full scan with antivirus software to complete the removal.

I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
to find the remaining files.

Meanwhile, system gets reinfected, and popups start all over again.

Anyone have suggestions as to how I can finally kill this bastard!

 

[Malke]

Philip Michener <Byesville, Ohio> wrote:

> I was recently infected with the Vundo Trojan and have had problems
> ridding myself of it.
>
> Windows Malicious Software Removal finds the trojan, but gives the
> message that it was only partially removed. Then tell me to run a
> full scan with antivirus software to complete the removal.
>
> I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
> to find the remaining files.
>
> Meanwhile, system gets reinfected, and popups start all over again.
>
> Anyone have suggestions as to how I can finally kill this bastard!

Vundo infections can be, as you have discovered, extremely difficult to
remove. Please have your data backed up in case you need to reinstall
Windows. You may not need to but it is always wise to be prepared.

Since you've tried other methods, your next step is to get guided help at
one of the specialty forums listed below (in no particular order). Choose
one, register, read its posting FAQ, and then post according to its
guidelines. PLEASE DO NOT POST LOGS HERE IN THE MS NEWSGROUPS.

http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

 

[~BD~]

In the thread 'Spyware' on 7 June Malke said "Include scanning with David
Lipman's Multi_AV"

David Lipman *never* recommends the AumHa forums in his 'advice', yet on
this occasion Malke does so.

It's just an interesting (to me) observation. Mr Lipman will not explain why
he does not recommend AumHa.

Any thoughts about this from anyone?

BD
*************************************************
"Malke" <malke@invalid.invalid> wrote in message
news:eCAZuz8yIHA.4816@TK2MSFTNGP03.phx.gbl...
> Philip Michener <Byesville, Ohio> wrote:
>
>> I was recently infected with the Vundo Trojan and have had problems
>> ridding myself of it.
>>
>> Windows Malicious Software Removal finds the trojan, but gives the
>> message that it was only partially removed. Then tell me to run a
>> full scan with antivirus software to complete the removal.
>>
>> I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
>> to find the remaining files.
>>
>> Meanwhile, system gets reinfected, and popups start all over again.
>>
>> Anyone have suggestions as to how I can finally kill this bastard!
>
> Vundo infections can be, as you have discovered, extremely difficult to
> remove. Please have your data backed up in case you need to reinstall
> Windows. You may not need to but it is always wise to be prepared.
>
> Since you've tried other methods, your next step is to get guided help at
> one of the specialty forums listed below (in no particular order). Choose
> one, register, read its posting FAQ, and then post according to its
> guidelines. PLEASE DO NOT POST LOGS HERE IN THE MS NEWSGROUPS.
>
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
> and
> the stickies *first*.
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://castlecops.com/forum67.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
> http://gladiator-antivirus.com/forum/index.php?showforum=170
> http://spywarewarrior.com/viewforum.php?f=5
> http://forums.techguy.org/54-security/
> http://forums.tomcoyote.org/
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!
>

 

[David H. Lipman]

From: "Philip Michener" <Byesville, Ohio>

| I was recently infected with the Vundo Trojan and have had problems
| ridding myself of it.
|
| Windows Malicious Software Removal finds the trojan, but gives the
| message that it was only partially removed. Then tell me to run a
| full scan with antivirus software to complete the removal.
|
| I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
| to find the remaining files.
|
| Meanwhile, system gets reinfected, and popups start all over again.
|
| Anyone have suggestions as to how I can finally kill this bastard!

Perform the following...
If that does not work post in an Expert Forum as Malke suggested.



4 phase answer...

Perform Part 1, Part 2 and Part 3 and alternately part 4

It is suggested that you execute each tool in Normal Mode then in Safe Mode.


If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 6 (jre 6u6)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_06

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1




Part 1
------------
Download Adware-Virtumundo Removal Tool --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


Part 2
------------
Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4

Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.

Part 3
------------
Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Part 4
------------
Norman Vundo removal tool.
http://download.norman.no/public/Norman_Vundo_Cleaner.exe
http://www.norman.com/Virus/Virus_removal_tools/52658/en

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[FromTheRafters]

Sure. He is under no obligation to explain, so why should he?

"~BD~" <~BD~@nospam.invalid> wrote in message
news:e2W4tW$yIHA.3968@TK2MSFTNGP04.phx.gbl...
> In the thread 'Spyware' on 7 June Malke said "Include scanning with David
> Lipman's Multi_AV"
>
> David Lipman *never* recommends the AumHa forums in his 'advice', yet on
> this occasion Malke does so.
>
> It's just an interesting (to me) observation. Mr Lipman will not explain
> why he does not recommend AumHa.
>
> Any thoughts about this from anyone?
>
> BD
> *************************************************
> "Malke" <malke@invalid.invalid> wrote in message
> news:eCAZuz8yIHA.4816@TK2MSFTNGP03.phx.gbl...
>> Philip Michener <Byesville, Ohio> wrote:
>>
>>> I was recently infected with the Vundo Trojan and have had problems
>>> ridding myself of it.
>>>
>>> Windows Malicious Software Removal finds the trojan, but gives the
>>> message that it was only partially removed. Then tell me to run a
>>> full scan with antivirus software to complete the removal.
>>>
>>> I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
>>> to find the remaining files.
>>>
>>> Meanwhile, system gets reinfected, and popups start all over again.
>>>
>>> Anyone have suggestions as to how I can finally kill this bastard!
>>
>> Vundo infections can be, as you have discovered, extremely difficult to
>> remove. Please have your data backed up in case you need to reinstall
>> Windows. You may not need to but it is always wise to be prepared.
>>
>> Since you've tried other methods, your next step is to get guided help at
>> one of the specialty forums listed below (in no particular order). Choose
>> one, register, read its posting FAQ, and then post according to its
>> guidelines. PLEASE DO NOT POST LOGS HERE IN THE MS NEWSGROUPS.
>>
>> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
>> and
>> the stickies *first*.
>> http://www.atribune.org/forums/index.php?showforum=9
>> http://aumha.net/viewforum.php?f=30
>> http://www.bleepingcomputer.com/forums/forum22.html
>> http://castlecops.com/forum67.html
>> http://www.dslreports.com/forum/cleanup
>> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
>> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
>> http://gladiator-antivirus.com/forum/index.php?showforum=170
>> http://spywarewarrior.com/viewforum.php?f=5
>> http://forums.techguy.org/54-security/
>> http://forums.tomcoyote.org/
>>
>> Malke
>> --
>> MS-MVP
>> Elephant Boy Computers
>> www.elephantboycomputers.com
>> Don't Panic!
>>
>
>

 

[David H. Lipman]

From: "FromTheRafters" <Erratic@ne.rr.com>

| Sure. He is under no obligation to explain, so why should he?
|



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[~BD~]

Thank you. I've assumed that was a rhetorical question.

Both Mr Lipman and Malke post regular replies in this group. That is a fact.
No-one is under any obligation to explain anything nor, indeed, to tell the
truth. In my opinion, witholding an explanation merely mudies the water, so
to speak.

BD

"FromTheRafters" <Erratic@ne.rr.com> wrote in message
news:eNY8xCBzIHA.552@TK2MSFTNGP06.phx.gbl...
> Sure. He is under no obligation to explain, so why should he?
>
> "~BD~" <~BD~@nospam.invalid> wrote in message
> news:e2W4tW$yIHA.3968@TK2MSFTNGP04.phx.gbl...
>> In the thread 'Spyware' on 7 June Malke said "Include scanning with David
>> Lipman's Multi_AV"
>>
>> David Lipman *never* recommends the AumHa forums in his 'advice', yet on
>> this occasion Malke does so.
>>
>> It's just an interesting (to me) observation. Mr Lipman will not explain
>> why he does not recommend AumHa.
>>
>> Any thoughts about this from anyone?
>>
>> BD
>> *************************************************
>> "Malke" <malke@invalid.invalid> wrote in message
>> news:eCAZuz8yIHA.4816@TK2MSFTNGP03.phx.gbl...
>>> Philip Michener <Byesville, Ohio> wrote:
>>>
>>>> I was recently infected with the Vundo Trojan and have had problems
>>>> ridding myself of it.
>>>>
>>>> Windows Malicious Software Removal finds the trojan, but gives the
>>>> message that it was only partially removed. Then tell me to run a
>>>> full scan with antivirus software to complete the removal.
>>>>
>>>> I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
>>>> to find the remaining files.
>>>>
>>>> Meanwhile, system gets reinfected, and popups start all over again.
>>>>
>>>> Anyone have suggestions as to how I can finally kill this bastard!
>>>
>>> Vundo infections can be, as you have discovered, extremely difficult to
>>> remove. Please have your data backed up in case you need to reinstall
>>> Windows. You may not need to but it is always wise to be prepared.
>>>
>>> Since you've tried other methods, your next step is to get guided help
>>> at
>>> one of the specialty forums listed below (in no particular order).
>>> Choose
>>> one, register, read its posting FAQ, and then post according to its
>>> guidelines. PLEASE DO NOT POST LOGS HERE IN THE MS NEWSGROUPS.
>>>
>>> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
>>> and
>>> the stickies *first*.
>>> http://www.atribune.org/forums/index.php?showforum=9
>>> http://aumha.net/viewforum.php?f=30
>>> http://www.bleepingcomputer.com/forums/forum22.html
>>> http://castlecops.com/forum67.html
>>> http://www.dslreports.com/forum/cleanup
>>> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
>>> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
>>> http://gladiator-antivirus.com/forum/index.php?showforum=170
>>> http://spywarewarrior.com/viewforum.php?f=5
>>> http://forums.techguy.org/54-security/
>>> http://forums.tomcoyote.org/
>>>
>>> Malke
>>> --
>>> MS-MVP
>>> Elephant Boy Computers
>>> www.elephantboycomputers.com
>>> Don't Panic!
>>>
>>
>>
>
>

 

[Leythos]

In article <#7J1pWVzIHA.2208@TK2MSFTNGP04.phx.gbl>, ~BD~@nospam.invalid
says...
> In my opinion, witholding an explanation merely mudies the water, so
> to speak.

Withholding an explanation could also mean that there is nothing to add
to the request or that there is nothing the person is willing to state
about it for several reasons.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[~BD~]

"Leythos" <void@nowhere.lan> wrote in message
news:1213370206_60769@news.usenet.com...
> In article <#7J1pWVzIHA.2208@TK2MSFTNGP04.phx.gbl>, ~BD~@nospam.invalid
> says...
>> In my opinion, witholding an explanation merely mudies the water, so
>> to speak.
>
> Withholding an explanation could also mean that there is nothing to add
> to the request or that there is nothing the person is willing to state
> about it for several reasons.
>
> --
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
>
I'm sure you are right!

Maybe *you* will comment on whether or not you feel AumHa is a 'safe' place
to visit when one is seeking help and advice on computer related matters?

 

[FromTheRafters]

It was, but your answer seems to be that he should explain
because it bothers you that he doesn't explain.

Maybe his integrity precludes him from commenting.

Maybe his superiors have asked him not to comment.

Maybe it seems redundant to him - yet another helpdesk
among so many others (which really muddies the waters
for those seeking help)

If it turned out that he thinks that they are a bunch of clowns,
how would that help you?

That having been said, I think they and he are very helpful
netizens.

"~BD~" <~BD~@nospam.invalid> wrote in message
news:%237J1pWVzIHA.2208@TK2MSFTNGP04.phx.gbl...
> Thank you. I've assumed that was a rhetorical question.
>
> Both Mr Lipman and Malke post regular replies in this group. That is a
> fact. No-one is under any obligation to explain anything nor, indeed, to
> tell the truth. In my opinion, witholding an explanation merely mudies the
> water, so to speak.
>
> BD
>
> "FromTheRafters" <Erratic@ne.rr.com> wrote in message
> news:eNY8xCBzIHA.552@TK2MSFTNGP06.phx.gbl...
>> Sure. He is under no obligation to explain, so why should he?
>>
>> "~BD~" <~BD~@nospam.invalid> wrote in message
>> news:e2W4tW$yIHA.3968@TK2MSFTNGP04.phx.gbl...
>>> In the thread 'Spyware' on 7 June Malke said "Include scanning with
>>> David Lipman's Multi_AV"
>>>
>>> David Lipman *never* recommends the AumHa forums in his 'advice', yet on
>>> this occasion Malke does so.
>>>
>>> It's just an interesting (to me) observation. Mr Lipman will not explain
>>> why he does not recommend AumHa.
>>>
>>> Any thoughts about this from anyone?
>>>
>>> BD
>>> *************************************************
>>> "Malke" <malke@invalid.invalid> wrote in message
>>> news:eCAZuz8yIHA.4816@TK2MSFTNGP03.phx.gbl...
>>>> Philip Michener <Byesville, Ohio> wrote:
>>>>
>>>>> I was recently infected with the Vundo Trojan and have had problems
>>>>> ridding myself of it.
>>>>>
>>>>> Windows Malicious Software Removal finds the trojan, but gives the
>>>>> message that it was only partially removed. Then tell me to run a
>>>>> full scan with antivirus software to complete the removal.
>>>>>
>>>>> I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
>>>>> to find the remaining files.
>>>>>
>>>>> Meanwhile, system gets reinfected, and popups start all over again.
>>>>>
>>>>> Anyone have suggestions as to how I can finally kill this bastard!
>>>>
>>>> Vundo infections can be, as you have discovered, extremely difficult to
>>>> remove. Please have your data backed up in case you need to reinstall
>>>> Windows. You may not need to but it is always wise to be prepared.
>>>>
>>>> Since you've tried other methods, your next step is to get guided help
>>>> at
>>>> one of the specialty forums listed below (in no particular order).
>>>> Choose
>>>> one, register, read its posting FAQ, and then post according to its
>>>> guidelines. PLEASE DO NOT POST LOGS HERE IN THE MS NEWSGROUPS.
>>>>
>>>> http://aumha.net/ - Click on the HijackThis forum. Read the
>>>> announcement and
>>>> the stickies *first*.
>>>> http://www.atribune.org/forums/index.php?showforum=9
>>>> http://aumha.net/viewforum.php?f=30
>>>> http://www.bleepingcomputer.com/forums/forum22.html
>>>> http://castlecops.com/forum67.html
>>>> http://www.dslreports.com/forum/cleanup
>>>> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
>>>> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
>>>> http://gladiator-antivirus.com/forum/index.php?showforum=170
>>>> http://spywarewarrior.com/viewforum.php?f=5
>>>> http://forums.techguy.org/54-security/
>>>> http://forums.tomcoyote.org/
>>>>
>>>> Malke
>>>> --
>>>> MS-MVP
>>>> Elephant Boy Computers
>>>> www.elephantboycomputers.com
>>>> Don't Panic!
>>>>
>>>
>>>
>>
>>
>
>

 

[Leythos]

In article <#dlROxVzIHA.1772@TK2MSFTNGP03.phx.gbl>, ~BD~@nospam.invalid
says...
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:1213370206_60769@news.usenet.com...
> > In article <#7J1pWVzIHA.2208@TK2MSFTNGP04.phx.gbl>, ~BD~@nospam.invalid
> > says...
> >> In my opinion, witholding an explanation merely mudies the water, so
> >> to speak.
> >
> > Withholding an explanation could also mean that there is nothing to add
> > to the request or that there is nothing the person is willing to state
> > about it for several reasons.
>
> I'm sure you are right!
>
> Maybe *you* will comment on whether or not you feel AumHa is a 'safe' place
> to visit when one is seeking help and advice on computer related matters?

I make no suggestion that any site is safe, and only state that sites
are unsafe if I've personally confirmed them to be unsafe or practice
bad ethics - like pc butts 1 . com (see sig).

I have never been to the site you ask about, so I can't comment.


--
Leythos - spam999free@rrohio.com (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://forums.speedguide.net/archive/index.php/t-223485.html
http://www.google.com/search?hl=en&q=pcbutts1+thief

 

[~BD~]

In line responses:

>> Maybe *you* will comment on whether or not you feel AumHa is a 'safe'
>> place
>> to visit when one is seeking help and advice on computer related matters?
>
> I make no suggestion that any site is safe, and only state that sites
> are unsafe if I've personally confirmed them to be unsafe or practice
> bad ethics - like pc butts 1 . com (see sig).

A very sensible stance to take! FYI, your link to the speedguide forum
article did not work for me (either from here of from the Techaarena thread
here: http://forums.techarena.in/showthread.php?t=978738

>
> I have never been to the site you ask about, so I can't comment.
>

It often appears - in Malke an PABear responses in particular. I'm surprised
that you haven't been sufficiently curious to take a look! )


>
> --
> Leythos - spam999free@rrohio.com (remove 999 to email me)
> Public Service Warning: Learn about PCButts before you trust:
> http://forums.speedguide.net/archive/index.php/t-223485.html
> http://www.google.com/search?hl=en&q=pcbutts1+thief
>

 

[~BD~]

Thank you for your further response.

No more to add right now.

BD

"FromTheRafters" <Erratic@ne.rr.com> wrote in message
news:e7paIgWzIHA.4848@TK2MSFTNGP05.phx.gbl...
> It was, but your answer seems to be that he should explain
> because it bothers you that he doesn't explain.
>
> Maybe his integrity precludes him from commenting.
>
> Maybe his superiors have asked him not to comment.
>
> Maybe it seems redundant to him - yet another helpdesk
> among so many others (which really muddies the waters
> for those seeking help)
>
> If it turned out that he thinks that they are a bunch of clowns,
> how would that help you?
>
> That having been said, I think they and he are very helpful
> netizens.

 

[Leythos]

In article <eJsSpGgzIHA.4476@TK2MSFTNGP06.phx.gbl>, ~BD~@nospam.invalid
says...
> In line responses:
>
> >> Maybe *you* will comment on whether or not you feel AumHa is a 'safe'
> >> place
> >> to visit when one is seeking help and advice on computer related matters?
> >
> > I make no suggestion that any site is safe, and only state that sites
> > are unsafe if I've personally confirmed them to be unsafe or practice
> > bad ethics - like pc butts 1 . com (see sig).
>
> A very sensible stance to take! FYI, your link to the speedguide forum
> article did not work for me (either from here of from the Techaarena thread
> here: http://forums.techarena.in/showthread.php?t=978738

It was bound to expire, happens, and I just don't check that often.

I updated it with another site that still has that post archived.

> > I have never been to the site you ask about, so I can't comment.
> >
>
> It often appears - in Malke an PABear responses in particular. I'm surprised
> that you haven't been sufficiently curious to take a look! )

With so many sites, with so many ways to fight malware, there just isn't
enough need for me to review every site.

My belief is that once a system is compromised, that the only 100%
certain way to remove that compromised, since it could spread in other
directions, could install as-yet unknown malware, is to wipe the system
and reinstall from scratch in a clean environment.


--
Leythos - spam999free@rrohio.com (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://www.velocityreviews.com/forums/t513604-author-of-removeit.html
http://www.google.com/search?hl=en&q=pcbutts1+thief

 

[Dell Techie]

1. Run Deckard's System Scanner (DSS)
http://securitynewsfromthenet.blogspot.com/2008/06/deckards-system-scanner-dss.html

2. Run the vundo and combo fix
http://securitynewsfromthenet.blogspot.com/2007/05/vundofix-and-combo-fix.html

3. Run Malwarebytes Anti-Malware
http://securitynewsfromthenet.blogspot.com/2008/03/malwarebytes-anti-malware-105.html

4. Run the anti spyware removal programs spybot
http://securitynewsfromthenet.blogspot.com/2007/03/spybot-search-and-destroy-spyware-and.html

5 Run Superantispyware
http://securitynewsfromthenet.blogspot.com/2007/04/superantispyware-home-edition-free.html

6. Run a complete scan with free curing utility Dr.Web CureIt!
http://securitynewsfromthenet.blogspot.com/2008/05/dr-web-cureit.html

"Philip Michener" wrote:

> I was recently infected with the Vundo Trojan and have had problems
> ridding myself of it.
>
> Windows Malicious Software Removal finds the trojan, but gives the
> message that it was only partially removed. Then tell me to run a
> full scan with antivirus software to complete the removal.
>
> I have tried McAfee, XSoft, Lavasoft, and Spydoctor, but they all fail
> to find the remaining files.
>
> Meanwhile, system gets reinfected, and popups start all over again.
>
> Anyone have suggestions as to how I can finally kill this bastard!
>
>