VIRUS ALERT???

[Guest]

I have purchased and installed Bit Defender a couple months ago and two days
ago it started popping up a Virus Alert informing me it has detected a
trojan/virus.
It will show the file path then the state what the virus is: i.e:

PATH: c:\windows\system32\nnnnkhe.dll

Infected with: Trojan.Vundo.DNE


Since this initial alert popped up, I have ran HJT and tried removing the
file (Trojan) through that program, as well as downloaded and installed
several so called Virus/Trojan removal tools from Microsoft, etc....
I have run scans through Stinger, VundoFix, SmitfraudFix, jv16 power tools,
etc and so on and none of these software scanners will remove the infected
file, nor do they actually state any virus was found in the end results of
said scan, but I keep getting different pop up alerts from Bit Defender and
have located MOST of the files it claims are infedcted, with a majority of
them being located in System32 under WINDOWS folder.

Here is a list of files the alert directs to my attention just today:

system32/nnnnkhe.dll --> infected with: VUNDO.A

system32/wmvds32.dll --> infected with: Downloader.VB.ASX

and a couple more that do not show a file path only showing a web like
address starting with http:// (and numbers following)....

Anyway...I'm at a loss as to know how to either remove (permanately) these
so called infected files, or stop my Bit Defender AVP from constantly popping
up these alerts.
Thank you..
Vicki

 

[Guest]

I have purchased and installed Bit Defender a couple months ago and two days
ago it started popping up a Virus Alert informing me it has detected a
trojan/virus.
It will show the file path then the state what the virus is: i.e:

PATH: c:\windows\system32\nnnnkhe.dll

Infected with: Trojan.Vundo.DNE


Since this initial alert popped up, I have ran HJT and tried removing the
file (Trojan) through that program, as well as downloaded and installed
several so called Virus/Trojan removal tools from Microsoft, etc....
I have run scans through Stinger, VundoFix, SmitfraudFix, jv16 power tools,
etc and so on and none of these software scanners will remove the infected
file, nor do they actually state any virus was found in the end results of
said scan, but I keep getting different pop up alerts from Bit Defender and
have located MOST of the files it claims are infedcted, with a majority of
them being located in System32 under WINDOWS folder.

Here is a list of files the alert directs to my attention just today:

system32/nnnnkhe.dll --> infected with: VUNDO.A

system32/wmvds32.dll --> infected with: Downloader.VB.ASX

and a couple more that do not show a file path only showing a web like
address starting with http:// (and numbers following)....

Anyway...I'm at a loss as to know how to either remove (permanately) these
so called infected files, or stop my Bit Defender AVP from constantly popping
up these alerts.
Thank you..
Vicki

http://forums.spybot.info/showthread.php?t=15583

Trojan-Downloader:W32/VB.AXS

http://uk.trendmicro-europe.com/con....php?LYstr=VMAINDATA&vNav=3&VName=TROJ_VB.DMF
http://www.f-secure.com/v-descs/trojan-downloader_w32_vb_axs.shtml

Download AutoRuns for Windows v8.73 and delete the pre-mentioned infected
files/folders.
By Mark Russinovich and Bryce Cogswell
http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx


= Click Start >> Control Panel>>Network and Internet Connections >> Double
click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced.
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
[ ] Disable script Debugging (internet Explorer) <= check this box
[ ] Disable Script Debugging (Other) <= check this box

Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Run Disk Cleanup and Defrag in Safe Mode.
HTH.
nass

 

[PA Bear]

You've got a Vundo infection, at least, and need the assistance of an
expert.

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Kayman]

I have purchased and installed Bit Defender a couple months ago and two days
ago it started popping up a Virus Alert informing me it has detected a
trojan/virus.
It will show the file path then the state what the virus is: i.e:

PATH: c:\windows\system32\nnnnkhe.dll

Infected with: Trojan.Vundo.DNE

http://www.google.com/search?q=vundo+infection+fix