Backdoor Win32/Vundo.G!dll

[Guest]

How do I get rid of this?

My message was this High Risk

Backdoor:Win32/Vundo.G!dll

c:/system volume
information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll

 

[Malke]

How do I get rid of this?

My message was this High Risk

Backdoor:Win32/Vundo.G!dll

c:/system volume
information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll

Go through the preparatory steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
(formerly Ewido - http://www.ewido.net/en/) and follow instructions to
do all scans in Safe Mode.

There are specific Vundo removal steps here:
http://www.elephantboycomputers.com/page2.html#Winfixer

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigStoreUSA). Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed
up before you take the machine into a shop.


Malke

 

[Guest]

This only fixed part of the problem. Am now able to use IE without ads.
Still getting the same scan message as previously stated. I ran Vundofix.exe
(6) but scan is still saying Vundo.G is still present along with ezula,
claria.Gain, newDotNet.
Seems to still be in C:\system volume information\restore. But now has even
more alike last posting.

 

[Guest]

How do I get rid of this?

My message was this High Risk

Backdoor:Win32/Vundo.G!dll

c:/system volume
information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll

Hi sandy,
= Turn OFF system restore and download the AVG and run a scan in both safe
Mode and Normal mode, you can download it on a CD from the machine you are
posting from and Disconnect the other machine from the Internet by unplugging
the cable and run the AVG.
The AVG will find the Trojans and remove them, also download the Lavasoft
and scan for malwares.

Download and install, then run a scan in both safe mode and normal:
http://free.grisoft.com/doc/5390/lng/us/tpl/v5

= Then Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
nass
===
www.nasstec.co.uk

 

[Curt Christianson]

Hi nass,

System Restore should be turned off *only after* all malware is removed.
The reasoning behind that, is it's better to have a "buggy" restore point,
then no restore point at all.

--
HTH,
Curt

Windows Support Center
http://aumha.org/

 

[Guest]

Hi Curt,
What you gona do with infected restore point, feed the Beast LOL.
nass
===
www.nasstec.co.uk

 

[Curt Christianson]

Hi nass,

I realize there are two schools of thought on this one, and one can find
just as many references to turning off SR, but I stand by my procedure, (as
I'm sure you do yours).

More info:

http://msmvps.com/blogs/spywaresucks/archive/2005/09/17/66724.aspx
http://bertk.mvps.org/html/tips.html#PurgeAndClean

--
HTH,
Curt

Windows Support Center
http://aumha.org/

 

[Guest]

Hi Curt,
I agree with in this point, my take on this if the system restore is ON it
will resurrect the beast and restart over again (if restored to that infected
point).
Thanks for the Info.
Regards,
nass
===
www.nasstec.co.uk

 

[Ken Blake, MVP]

Hi Curt,
I agree with in this point, my take on this if the system restore is
ON it will resurrect the beast and restart over again (if restored to
that infected point).

An infection in a restore point is completely innocuous *unless* you restore
to that restore point. If you turn off System restore, you lose *all*
restore points, not just the infected one, and it's possible that you may
want or need to restore to a restore point created before becoming infected.
I think it's far better to keep the restore points until the problem is
fixed.