Trojan Vundo removal guide?

[anthony]

I posted a message re an 'auto update turned off' warning from
Microsoft which persists .... and was told it was possibly a Trojan
Vundo infection.
I'm going to follow the tips provided for removal -- but if all else
fails, will my problem be solved by a clean wipe of my hard-drive? I
do have all XP discs, and all software applications safely filed away
for re-use.

 

[Mick Murphy]

If you do a clean reinstall, deleting the existing XP partitiion, and
formatting: Yes

 

[nass]

I posted a message re an 'auto update turned off' warning from
Microsoft which persists .... and was told it was possibly a Trojan
Vundo infection.
I'm going to follow the tips provided for removal -- but if all else
fails, will my problem be solved by a clean wipe of my hard-drive? I
do have all XP discs, and all software applications safely filed away
for re-use.

T answer your Question, Yes a clean install will wipe out the infection. But
if you got a backup storage which may be infected you couldharbor the
infection back if you restored data from these backups, so if you do San the
backup before restoring Data!


Go through these cleaning steps:

1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com/download/builds/downloading-slim


Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk
( _ is underscore)

Step-By-Step Windows XP: Installation
http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx
Step-By-Step Windows Vista: Installation
http://www.w-tweaks.com/html/windows_vista_setup__step_by_s.html

HTH,
nass

 

[ju.c]

F-Secure's Virtumonde Repair Tool (F-Vmonde)

F-Vmonde tool detects and deactivates Virtumonde from
Windows XP/2003 systems. Virtumonde is adware that
serves pop-up advertisements. It uses special techniques
to avoid removal, which are circumvented with this tool.

F-Vmonde:
Main page: http://www.f-secure.com/security_center/malware_removal_tools.html
Download: http://www.f-secure.com/tools/f-vmonde.zip
Download: http://www.f-secure.com/tools/f-vmonde.exe
Readme: http://www.f-secure.com/tools/f-vmonde.txt


ju.c

 

[PA Bear [MS MVP]]

Always reply to your original thread, please.

Yes, a format & clean install will address the infections. A Repair Install
will *not*.

 

[anthony]

Always reply to your original thread, please.

Yes, a format & clean install will address the infections.  A Repair Install
will *not*.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Adminhttp://aumha.net
DTS-Lhttp://dts-l.net/

Thanks to all for the fantastic assistance -- with your help I now
have a fully-functional system again, which seems fast and clean-as-a-
whistle. The 'superantispyware.com' site seemed of most assistance and
I'll keep using it often!
So good to be able to use Firefox again -- whatever bug I had in the
system was preventing me from using Google Search, and some other
common functions. All seems great once more.