Thread: Trojan.Vundo Virus
View Single Post
Old 10-18-2005, 01:11 AM   #2 (permalink)
POADB
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this
    Quote:
    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....
  • At this point press enter one time.
  • Next you will see:
    Quote:
    Please Type in the filepath as instructed by the forum staff
    and then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\repair\tcpdvd.dll
  • Press Enter to continue with the fix.
  • Next you will see:
    Quote:
    Please type in the second filepath as instructed by the forum
    staff then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\repair\dvdpct.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
    • O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\tcpdvd.dll
      O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - (no file)
      O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
      O20 - Winlogon Notify: tcpdvd - C:\WINDOWS\repair\tcpdvd.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Then, please run this online virus scan - outlined below.

Perform an online scan in Internet Explorer with Panda ActiveScan
  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
__________________


Last edited by POADB; 10-18-2005 at 01:14 AM.
POADB is offline