Virus with vturq.dll and qrutv.ini, Vundo?

S

Summercool

these two virus files

vturq.dll and qrutv.ini

are there in the c:\windows\system32 folder

the vturq.dll is an IE add-on... and if i use IE or file folder, it
keep on popping up Ad windows.

removing gives "cannot remove. It is being used by another process".

it seems to keep on generating files in the c:\windows\system32
folder
such as jdskfjsdlfkj.ini make it run during window start up to
create vturq.dll again

i am surprised that Micorosft's knowledge base doesn't have any entry.

it seems to be related to Vundo... a virus that was 2 years ago...
 
S

sdlomi2

Summercool said:
these two virus files

vturq.dll and qrutv.ini

are there in the c:\windows\system32 folder

the vturq.dll is an IE add-on... and if i use IE or file folder, it
keep on popping up Ad windows.

removing gives "cannot remove. It is being used by another process".

it seems to keep on generating files in the c:\windows\system32
folder
such as jdskfjsdlfkj.ini make it run during window start up to
create vturq.dll again

i am surprised that Micorosft's knowledge base doesn't have any entry.

it seems to be related to Vundo... a virus that was 2 years ago...
Click to expand...
You tried VundoFix? s
 
P

Patrick Keenan

Summercool said:
these two virus files

vturq.dll and qrutv.ini

are there in the c:\windows\system32 folder

the vturq.dll is an IE add-on... and if i use IE or file folder, it
keep on popping up Ad windows.
Click to expand...

Disable the add-ons.
removing gives "cannot remove. It is being used by another process".

it seems to keep on generating files in the c:\windows\system32
folder
such as jdskfjsdlfkj.ini make it run during window start up to
create vturq.dll again
Click to expand...

This indicates that there are other processes creating this that you haven't
detected.

These are sometimes marked as hidden or system, so you need to run a command
prompt and the "dir /ah" command to find them. Then use the attrib command
to change the attributes and rename or delete the file.
i am surprised that Micorosft's knowledge base doesn't have any entry.

it seems to be related to Vundo... a virus that was 2 years ago...
Click to expand...

You can often rename the file, and after reboot deltee it. Also go into
msconfig and disable or locate and delete the registry or startup entry and
the file it references.

Or, boot with another OS CD, such as the XP recovery console (you will
probably need to extend the scope) or a live linux disk, and do what you
need.

HTH
-pk
 
S

Summercool

You tried VundoFix? s
Click to expand...

I tried http://www.atribune.org/content/view/24/2/
VundoFix as well as Symantec's FixVundo

none of them worked.

vturq.dll keep on leeching onto IE when I boot the computer up.

after VundoFix, it seems like no more Ad window pop up... but the
file vturq.dll is still in c:\windows\system32

and it cannot be deleted. it says "the file is being used. cannot be
deleted."

I cannot boot the floppy as my computer has no floppy drive.

Once I boot Command Prompt from a Win XP Install CD-ROM, but then C
drive is not visible.
 
E

Elmo

Summercool said:
I tried http://www.atribune.org/content/view/24/2/
VundoFix as well as Symantec's FixVundo

none of them worked.

vturq.dll keep on leeching onto IE when I boot the computer up.

after VundoFix, it seems like no more Ad window pop up... but the
file vturq.dll is still in c:\windows\system32

and it cannot be deleted. it says "the file is being used. cannot be
deleted."

I cannot boot the floppy as my computer has no floppy drive.

Once I boot Command Prompt from a Win XP Install CD-ROM, but then C
drive is not visible.
Click to expand...

Run regedit, press the Home key, press Ctrl/F, type vturq.dll and click
Find Now. When found, delete the entry, press F3 to continue the search.

Close regedit, restart the machine, delete vturq.dll.
 
M

Malke

Elmo said:
Run regedit, press the Home key, press Ctrl/F, type vturq.dll and click
Find Now. When found, delete the entry, press F3 to continue the search.

Close regedit, restart the machine, delete vturq.dll.
Click to expand...

Hi, Elmo - That probably won't work for the OP. The most recent Vundo
infections install a rootkit and are almost impossible to remove. The OP
should register at one of the following HijackThis specialty forums for
guided help. The alternative is for him/her to back up all data and do a
clean install of Windows. S/he may wind up doing that anyway.

http://aumha.org/downloads/hijackthis.zip
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html


Malke
 
S

Summercool

Hi, Elmo - That probably won't work for the OP. The most recent Vundo
infections install a rootkit and are almost impossible to remove. The OP
should register at one of the following HijackThis specialty forums for
guided help. The alternative is for him/her to back up all data and do a
clean install of Windows. S/he may wind up doing that anyway.
Click to expand...

the virus seems to randomly create several files, and then maybe it
sets in the registry to load it when Win XP starts up next time.

if i delete any suspicious files, vturq.dll creates new ones within
seconds, and possibly set the registry to run them when Win XP starts
up.

the one that it always create is qrutv.ini (spelling vturq
backward).

I have absolute no idea how i got the virus. the only recent
installed software is Snag It, E Text editor, jEdit.

I never run any unknown .exe or .bat or .com file... no even
view .ppt Powerpoint files recently.

looks like a fix will be like this:

kill vturq the process first (it is hard as it is part of Win XP
Explorer, it seems)

so now vturq will not create new files.

scan the hard drive for any files that will generate vturq.dll when
Win XP starts up and delete those files.

I spent many hours trying to delete this virus. I needed to sleep
late and still be able to work early the next day. My job is
jeopardized.


To the virus creator, do you know you are affecting people's real
life? You can be destroying people's job. When people have no job,
how do they feed their family and children? You are essentially
destroying life.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows XP Virus with vturq.dll and qrutv.ini, Vundo 7
Vicious Vundo Infection 7
Please help with VUNDO removal 6
Windows WBEM (contents of \mof\good folder) 0
Vundo infection... nearly fixed. 3
Error Message is making me crash 1
xp home repair gone bad 9
Start Up - Aftermath of virus removal 9

Top