Do I have a worm OR virus...computer going very slow and ...

[Guest]

Thanks in advance for you time...but my computer has all of a sudden gone
very slow in it operations. I have run my virus software (AVG free version)
as well as ad aware for spam and have found nothing. I checked the speed of
my cable signal and it is around 3000 which is very fast. I rebooted my
cable modem and got rid of all the internet files and it made no difference.
Interesting when I try to log out i get this message that i must close all
files otherwise I will lose the information. SO I have to click on something
to close down my computer. THis is wierd because I have no known files
running. IS all this a sign that there is a problem with a worm or virus? HOw
do I find out what is going on especially since my software for viruses does
not show anything. I Have had this problem before where the anti-virus
software does not show a worm.....any suggestions you have would be most
appreciated...
thanks...

 

[Malke]

Thanks in advance for you time...but my computer has all of a sudden
gone very slow in it operations. I have run my virus software (AVG
free version) as well as ad aware for spam and have found nothing. I
checked the speed of
my cable signal and it is around 3000 which is very fast. I rebooted
my cable modem and got rid of all the internet files and it made no
difference. Interesting when I try to log out i get this message that
i must close all files otherwise I will lose the information. SO I
have to click on something to close down my computer. THis is wierd
because I have no known files running. IS all this a sign that there
is a problem with a worm or virus? HOw do I find out what is going on
especially since my software for viruses does
not show anything. I Have had this problem before where the
anti-virus software does not show a worm.....any suggestions you have
would be most appreciated...
thanks...

Here are general malware removal steps:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

However, your problem might have nothing to do with malware. Check to
make sure your drives are using a DMA mode and not PIO. Here is a link
that explains that:

http://www.michna.com/kb/WxDMA.htm

And here are some general "slow computer" troubleshooting steps:

http://www3.telus.net/dandemar/slowcom.htm
http://aumha.org/a/health.htm - Take Out the Trash (section 4)

Malke

 

[David H. Lipman]

From: "writer" <[email protected]>

| Thanks in advance for you time...but my computer has all of a sudden gone
| very slow in it operations. I have run my virus software (AVG free version)
| as well as ad aware for spam and have found nothing. I checked the speed of
| my cable signal and it is around 3000 which is very fast. I rebooted my
| cable modem and got rid of all the internet files and it made no difference.
| Interesting when I try to log out i get this message that i must close all
| files otherwise I will lose the information. SO I have to click on something
| to close down my computer. THis is wierd because I have no known files
| running. IS all this a sign that there is a problem with a worm or virus? HOw
| do I find out what is going on especially since my software for viruses does
| not show anything. I Have had this problem before where the anti-virus
| software does not show a worm.....any suggestions you have would be most
| appreciated...
| thanks...
| --
| writer


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[Guest]

(Thanks for your help....but I was unable to run the diagnostics for PIO as
it does not seem to work in my computer. When I went to the click on the plus
sign to the left of IDE ATA/ATAPI Controller, double-click on the secondary
IDE channel, click on Extended Settings and check whether it is set to DMA
when available....I did not fiind anything that resembles that problem.

INstead I click on the IDE ATA/ATAPI I get two lines that say the same thing
and are identical.... NVIdia N force 3 250 parrallel ATA (V2.6)...when I
click on one of these and then click on the secondary CHannel...all it says
is that it lets BIOS select transfer mode...it says nothing about DMA OR
IDE....so this artilce does not help me very well.....what did I do wrong or
what can I do to check whether my computer is in IDE or DMA mode...

thanks.... I did run the Micorsoft program and it discovered nothing in spy
ware....

thanks for you time...

writer

 

[Guest]

thanks for your time....I already had run my ad aware software but realized
after you posted that my spy bot was version 1.3 so it took me a while to up
date to 1.4 (becuase my computer is so slow) .... And that one also did not
find any thing...in short my computer is completly void of spam...which is
wierd...usually it has some spam....I do not know how to do them in the safe
mode....so was unable to do this.

the next section was DHO demon and he is out of commission right now because
of a fire.

The next section is multi av exe and I was unable to unzip this file because
evidently I do not have win zip on my comuter. NOt sure if I have to buy this
program or what....but please advise whether this program is worth the
money..... I am sorry for my inexpertease in computer work.....(spelling
intentional)....lol....I will try what you suggest but capability is another
thing....

The next
--
writer

From: "writer" <[email protected]>

| Thanks in advance for you time...but my computer has all of a sudden gone
| very slow in it operations. I have run my virus software (AVG free version)
| as well as ad aware for spam and have found nothing. I checked the speed of
| my cable signal and it is around 3000 which is very fast. I rebooted my
| cable modem and got rid of all the internet files and it made no difference.
| Interesting when I try to log out i get this message that i must close all
| files otherwise I will lose the information. SO I have to click on something
| to close down my computer. THis is wierd because I have no known files
| running. IS all this a sign that there is a problem with a worm or virus? HOw
| do I find out what is going on especially since my software for viruses does
| not show anything. I Have had this problem before where the anti-virus
| software does not show a worm.....any suggestions you have would be most
| appreciated...
| thanks...
| --
| writer


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[David H. Lipman]

From: "writer" <[email protected]>

| thanks for your time....I already had run my ad aware software but realized
| after you posted that my spy bot was version 1.3 so it took me a while to up
| date to 1.4 (becuase my computer is so slow) .... And that one also did not
| find any thing...in short my computer is completly void of spam...which is
| wierd...usually it has some spam....I do not know how to do them in the safe
| mode....so was unable to do this.
|
| the next section was DHO demon and he is out of commission right now because
| of a fire.
|
| The next section is multi av exe and I was unable to unzip this file because
| evidently I do not have win zip on my comuter. NOt sure if I have to buy this
| program or what....but please advise whether this program is worth the
| money..... I am sorry for my inexpertease in computer work.....(spelling
| intentional)....lol....I will try what you suggest but capability is another
| thing....
|
| The next

BHODemon's author is out-of-commission. NOT the software. It still can be downloaded and
used, there just won't be new updates.

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

The Multi AV Scanning Tool Multi_AV.exe does NOT need WinZIP. It is a self-extracting ZIP
file.

Just perform the following directions....

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[Guest]

Dear David...

wow...I ran McAfee and it took over 3 hours and it found over 21 things that
it got rid of...that makes no sense since I have AVG (the free variety) and
AD aware...and spy bot. I have the log of what it got rid of....but it also
included a trojan. I am now scanning with Trend Micro but not sure I can stay
up another 3 hours...

I do not know how to scan in safe mode can you please tell me how to do that
because how do you access files in safe mode?

....but it looks like I have cleared out alot of stuff...how many of these
should I do? This is very tedius...and also I am wondering why there is a
trojan with the firewall I have from windows xp running....?

You have been a very big help so far...should I copy down what you sent to
me to try incase this happens again? I was never able to figure out how to
run the execute file that you wanted me to run? How does one run such a file?
I had to find the file on my hard drive and then click on start...that seemed
to work. Do I need to reboot after each run I have with group...so should I
have run McAfee and then rebooted and then run Trend micro?

hopefully you have some time to answer these questions...and still not
sure how to do safe mode... here is my log...
--
writer
Scanning C: []
Scanning C:\*.*
C:\Program Files\Common
Files\Real\WeatherBug\MiniBugTransporter.dll\00017b68.EXE ... Found
potentially unwanted program Downloader-AGT.
The file or process has been deleted.
The archive has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl ... Found
potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\WINDOWS\cpbrkpie.ocx ... Found potentially unwanted program CouponBar.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf ... Found potentially
unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\WUInst.inf ... Found potentially
unwanted program Adware-SaveNow.
The file or process has been deleted.
C:\WINDOWS\system32\NDrv.dll ... Found potentially unwanted program
Adware-PurityScan.
The file or process has been deleted.
C:\WINDOWS\system32\service\services.exe\services.exe ... Found the
PWS-Banker.gen.p trojan !!!
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 381262
Clean: ................. 380452
Possibly Infected: ..... 1
Cleaned: ............... 0
Deleted: ............... 21
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 03:43.44

From: "writer" <[email protected]>

| thanks for your time....I already had run my ad aware software but realized
| after you posted that my spy bot was version 1.3 so it took me a while to up
| date to 1.4 (becuase my computer is so slow) .... And that one also did not
| find any thing...in short my computer is completly void of spam...which is
| wierd...usually it has some spam....I do not know how to do them in the safe
| mode....so was unable to do this.
|
| the next section was DHO demon and he is out of commission right now because
| of a fire.
|
| The next section is multi av exe and I was unable to unzip this file because
| evidently I do not have win zip on my comuter. NOt sure if I have to buy this
| program or what....but please advise whether this program is worth the
| money..... I am sorry for my inexpertease in computer work.....(spelling
| intentional)....lol....I will try what you suggest but capability is another
| thing....
|
| The next

BHODemon's author is out-of-commission. NOT the software. It still can be downloaded and
used, there just won't be new updates.

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

The Multi AV Scanning Tool Multi_AV.exe does NOT need WinZIP. It is a self-extracting ZIP
file.

Just perform the following directions....

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[Fitz]

Go to this site and download BootSafe:
http://www.superadblocker.com/bootsafe.html Freeware and simple. Install
it and use it to boot to safe mode. When booted in safe mode, just run the
programs David suggested as you would normally run any program.

--
***
NEVER download files from anywhere unless it is from the website of the
developer, manufacturer or some entity that you trust. Developer websites
ALWAYS have the most up to date files that haven't been tampered with by
some third party who is "hosting" (read Leeching or Stealing) those files
without permission. Never open email attachments from people you don't
know. It's called Safe Hex.
***

Dear David...

wow...I ran McAfee and it took over 3 hours and it found over 21 things
that
it got rid of...that makes no sense since I have AVG (the free variety)
and
AD aware...and spy bot. I have the log of what it got rid of....but it
also
included a trojan. I am now scanning with Trend Micro but not sure I can
stay
up another 3 hours...

I do not know how to scan in safe mode can you please tell me how to do
that
because how do you access files in safe mode?

...but it looks like I have cleared out alot of stuff...how many of these
should I do? This is very tedius...and also I am wondering why there is a
trojan with the firewall I have from windows xp running....?

You have been a very big help so far...should I copy down what you sent to
me to try incase this happens again? I was never able to figure out how to
run the execute file that you wanted me to run? How does one run such a
file?
I had to find the file on my hard drive and then click on start...that
seemed
to work. Do I need to reboot after each run I have with group...so should
I
have run McAfee and then rebooted and then run Trend micro?

hopefully you have some time to answer these questions...and still not
sure how to do safe mode... here is my log...

<SNIP>

 

[David H. Lipman]

From: "writer" <[email protected]>

| Dear David...
|
| wow...I ran McAfee and it took over 3 hours and it found over 21 things that
| it got rid of...that makes no sense since I have AVG (the free variety) and
| AD aware...and spy bot. I have the log of what it got rid of....but it also
| included a trojan. I am now scanning with Trend Micro but not sure I can stay
| up another 3 hours...
|
| I do not know how to scan in safe mode can you please tell me how to do that
| because how do you access files in safe mode?
|
| ...but it looks like I have cleared out alot of stuff...how many of these
| should I do? This is very tedius...and also I am wondering why there is a
| trojan with the firewall I have from windows xp running....?
|
| You have been a very big help so far...should I copy down what you sent to
| me to try incase this happens again? I was never able to figure out how to
| run the execute file that you wanted me to run? How does one run such a file?
| I had to find the file on my hard drive and then click on start...that seemed
| to work. Do I need to reboot after each run I have with group...so should I
| have run McAfee and then rebooted and then run Trend micro?
|
| hopefully you have some time to answer these questions...and still not
| sure how to do safe mode... here is my log...

Fitz as given you good follow-up directions so I'll just answer the other parts.

Are you saying you already had Ad-aware SE v1.06 and SpyBot S&D v1.4 ?

Earlier versions such Ad0-aware 6 and SpyBot S&D v1.3 should be replaced and updated the the
latest versions.

I am sorry that it takes so long but these tools are agressive and highly effective as the
McAfee HTML Log file indicates. It is far better to prevent the to fix. And you are seeing
both the side effect consequences and time consequences of poor prevention.

No one software does everthing. Your *best* defense will always be Safe Hex practices. If
you don't you chance being infected will the malware thay you have. When you are, you have
to use a myriad of tools to remove it all.

http://www.claymania.com/safe-hex.html

What was found on your PC was not good. Gain software such as Gator are know adware/spyware
and Gain makes *many* more.

However, what was also found was "Downloader-AGT" and what's worse, "PWS-Banker.gen.p
trojan".

The first is a Dowbloader Trojan that goes out and automatically downloads other malware.

PWS-Banker.gen.p trojan -- http://vil.nai.com/vil/content/v_132640.htm

http://vil.nai.com/vil/content/v_103059.htm

"Password Stealers may steal data from the hard drive.

This data might include:

CD Keys for various games
credit card details
your local username/password

It may also log keystrokes for login details for banking applications, for example while
Internet Explorer is open and connected to specific websites"

 

[Jon Phipps]

once your system is clean, dont forget to run scandisk and then defrag your
drive. As the file structure fragements with files being written to and
deleted from the drive the systme performance gets abysmal. Open IE then go
to tools->internet options click on delete files(this will empty the
internet cache and clear up drive room(as windows gets low on space the
performance drops dramaticaly) you may also what to, on that same page,
click delete cookies.

Jon

 

[Guest]

I had Ad aware 1.3 but since the update i do everytime I use it said it was
updating to 1.6 I thought it had automatically done this operation
....evidently it had not as the base was still 1.3....so that is one problem
corrected..one has to go to the original web page for this to work.......
I ran today with the new ad ware 1.6 version and I found 8 different
problems including one in the regestry...so maybe McAfee and trend did not
find all the problems.....

It is quite obvious that i need to know more than I do if I am going to use
these tools correctly. I will try to use boot safe to see if I can
understand how to do the safe scan.... So I may need some more help....but
you have been very helpful.....

I will try to use the safe program tonight....how do I find the McAfee file
while in safe mode...?
-- thanks...
writer

 

[David H. Lipman]

From: "writer" <[email protected]>

| I had Ad aware 1.3 but since the update i do everytime I use it said it was
| updating to 1.6 I thought it had automatically done this operation
| ...evidently it had not as the base was still 1.3....so that is one problem
| corrected..one has to go to the original web page for this to work.......
| I ran today with the new ad ware 1.6 version and I found 8 different
| problems including one in the regestry...so maybe McAfee and trend did not
| find all the problems.....
|
| It is quite obvious that i need to know more than I do if I am going to use
| these tools correctly. I will try to use boot safe to see if I can
| understand how to do the safe scan.... So I may need some more help....but
| you have been very helpful.....
|
| I will try to use the safe program tonight....how do I find the McAfee file
| while in safe mode...?
| -- thanks...
| writer
|


Once you are in Safe Mode...

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

 

[Guest]

Do i do the safe mode in minimal, networking or directory? I am using the
program that was recommended to me...BOOTSAFE

 

[Fitz]

Safe Mode - Minimal

--
***
NEVER download files from anywhere unless it is from the website of the
developer, manufacturer or some entity that you trust. Developer websites
ALWAYS have the most up to date files that haven't been tampered with by
some third party who is "hosting" (read Leeching or Stealing) those files
without permission. Never open email attachments from people you don't
know. It's called Safe Hex.
***

 

[Guest]

I'm working on a friend's pc and they have the trojan.vundo virus. So far,
I've only found one software that's found the virus. The Norton fix didn't
work, Microsoft Anti-Spyware didn't find it and neither did another spy-ware
software that I've used in the past.

I'll probably have to pay for the fix now and hope that Microsoft comes up
with a solution in the future.

 

[David H. Lipman]

From: "need free trojan.vundo fix now" <need free trojan.vundo fix
(e-mail address removed)>

| I'm working on a friend's pc and they have the trojan.vundo virus. So far,
| I've only found one software that's found the virus. The Norton fix didn't
| work, Microsoft Anti-Spyware didn't find it and neither did another spy-ware
| software that I've used in the past.
|
| I'll probably have to pay for the fix now and hope that Microsoft comes up
| with a solution in the future.
|



Two phase answer...

Perform Part 1 then perform part 2

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0, then
you are are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp



Part 1
------------
Download Adware-Virtumundo Removal Tool v1.5 --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

Part 2
------------
Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.

Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

* * * Please report back your results * * *

 

[Guest]

Hello David, I only got a chance to run the two programs under "normal"
settings. Once I restarted the computer, the nofitication didn't come up
again. Also, I didn't see the html file you were referring to.

I don't know if your fix worked, or what I had done previously.

 

[David H. Lipman]

From: "need free trojan.vundo fix now" <[email protected]>

| Hello David, I only got a chance to run the two programs under "normal"
| settings. Once I restarted the computer, the nofitication didn't come up
| again. Also, I didn't see the html file you were referring to.
|
| I don't know if your fix worked, or what I had done previously.
|

The important thing is that you are problem free.

Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.