From: "Stuart Reed" <
[email protected]>
| I have acquired Trojan.Vundo.B (Object Name:
| C:\Windows\REGIST~\cabplay.dll)
|
| I have followed the Symantec removal procedure in Safe Mode, including
| regedit, without success. I also tried reverting my hard drive with Norton
| GoBack but it would not revert to a time prior to the infection.
|
| Any help gratefully appreciated.
| Stuart Reed
|
Alternate set of instructions...
1) Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files
Dump the contents of the Mozilla FireFox Cache
Tools --> Options --> Privacy --> Cache --> Clear
2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Download Pocket KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Extract killbox.exe from the ZIP file.
Execute; KillBox.exe
Click on Tools --> Select; Delete Temp Files.
Choose; OK
In the Full Path of File to Delete box, type the entire following line exactly
C:\Windows\REGIST~\cabplay.dll
Select; Replace on Reboot
put a check in the box "Use Dummy"
Click The Red circle and a white X
When prompted to Replace on Reboot, click YES
If prompted to Reboot Now, Click YES
Allow the PC to shutdown
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using your NAV software, perform a Full Scan of your platform and clean/delete any
infectors found
6) Restart your PC and perform a "final" Full Scan of your platform
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point
* * * Please report back your results * * *
