jezzie

Hi,

I'm having problems with Vundo. I keep getting a message from McAfee. The main symptom is loads of popups when I'm using the Internet for antispyware sites.

I've tried a number of different things but have failed to remove it.

I have attached the log from Panda and the 'extra' one from DSS. The main log from DSS is included below.

Thanks, in advance, for your help.

JEZ

Attached Files

	extra.txt (19.2 KB, 1 views)
	ActiveScan.txt (27.0 KB, 1 views)

alba

Hi jezzie

Please don't wrap your posts in quote boxes

Please read this post completely before beginning the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

=================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

=================


Please download HijackThis to your desktop - this program will help us determine if there are any spyware/malware on your computer.

Alternate link

Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.

Double-click on the file you just downloaded.
Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

• If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
• If not, run a scan and save the log file.
• Copy the text file (Ctrl+A then Ctrl+C) and paste it here.
• Do not fix any entries in HijackThis since they may be harmless.
• Make sure to include the System information at the top of the log as well.

=================

In your next post, please include fresh logs from:

• ComboFix.txt
• HiJackThis

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat

jezzie

Hi,

When I dragged the downloaded file from Microsoft onto ComboFix.exe I got a stack of virus and spyware alerts. McAfee found RemAdm-ProcLaunch!171 and Spyware Doctor found Trojan-PWS.Bancos and Backdoor.VB.AYS.

Obviously I didn't continue - what should I do?

Thanks

alba

Hi jezzie

That is because the were probably brought down the viruses that is already on your PC it was only a coincidence that they popped up when you were dragging the file. I have reposted the instructions please follow them

===============================

We will begin with ComboFix.exe.

Please ensure you install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Disabling AntiSpyware Programs
   
   WINDOWS DEFENDER
   • Click Start > Programs > Windows Defender or launch from the system tray icon.
   • Click on Tools & Settings > Options.
   • Under Real-time protection options, uncheck the "Real-time protection" check box.
   • Click Save.
   • Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
   • (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)
   
   SPY SWEEPER
   • Open Spy Sweeper and click on Options > Program Options and uncheck "load at windows startup".
   • On the left click "shields" and then uncheck everything there.
   • Uncheck "home page shield".
   • Uncheck "automatically restore default without notification".
   • Exit the program.
   • (When we are done, you can re-enable it using the same steps but this time reverse them.)
   
   MCAFEE ANTIVIRUS
   Please navigate to the system tray on the bottom right hand corner and look for a sign.
   • right-click it -> chose "Exit."
   • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
   • (When we are done, you can re-enable it using the same steps but this time reverse them.)
   You succesfully disabled the McAfee Guard.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

=================

Please download HijackThis to your desktop - this program will help us determine if there are any spyware/malware on your computer.

Alternate link

Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.

Double-click on the file you just downloaded.
Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

• If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
• If not, run a scan and save the log file.
• Copy the text file (Ctrl+A then Ctrl+C) and paste it here.
• Do not fix any entries in HijackThis since they may be harmless.
• Make sure to include the System information at the top of the log as well.

=================

In your next post, please include fresh logs from:

• ComboFix.txt
• HiJackThis

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat