Vundo

[MartinM]

Somehow I acquired a bunch of trojans including Vundo.

I ran SuperAntispyware which found 45 items which it removed - yesterday it found no items. I then ran VundoFix which didn't find anything.

I now have the following symptoms:

1. I cannot update SuperAntispyware - the website appears to be blocked, as is the MS update site (but I am up to date with MS security updates).

2. If I run SuperAntispyware:

* Memory: It now finds nothing
* Registry:  my PC crashes with a stop error during this check,. This is repeatable.
* File items: it doesn't get this far.

3. I can run AdAware (but not update it either). It finds nothing.

4. SpyBot Search and Destroy will not launch at all.

5. I have copied the MalwareBytes installation .exe file to the Desktop but it will not launch.

6. I have a red shield in my system tray with a tooltip "Windows Security Alerts". I suspect this is malware - it offers two options: to go "Open Security Center" or "Go to Micrososoft Security Web Site". I have nto clicked on either of these.

7. The SpywareBeware Website is blocked - I am typing this on another PC.

8. I can get to other sites on the Internet from my bookmarks, but if I search with Google I am redirected when I click on a link to a malware forum or removal software provider eg MalwareBytes.

9. I have looked in IE for suspicious add-ons but have found nothing obvious.

10. I have Symantec Security Center installed. I have run a full scan and it has found nothing.

I am unsure what are the right next steps. I can download files to another PC and copy them across if needs be - and vice versa.

I have all my data backed up, but am very reluctant to reinstall XP.

Thanks for your help.

Martin

[nebon]

Maybe you should post a Hijackthis log in the appropriate forum.

[MartinM]

I cannot log in to that forum with the infected PC. I will try to get round that by copying files back and forth, but I don't want to infect my other (clean) PC in the process !

[nebon]

I cannot log in to that forum with the infected PC. I will try to get round that by copying files back and forth, but I don't want to infect my other (clean) PC in the process !

How do you mean you cannot log in? You cannot install Hijackthis?

[GR@PH;<'S]

MartinM,

I cannot log in to that forum with the infected PC. I will try to get round that by copying files back and forth, but I don't want to infect my other (clean) PC in the process !

Reboot your computer in "[span style=\'color:blue\']Safe Mode[/span][/b]" using the F8 method.
To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
 A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
•  Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
•  When completed, a log will open in Notepad. Please save it to a convenient location.

The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

• Please post contents of that file in your next reply and can you then  Doubleclick the HJT icon on your desktop, hit "Do a system scan and save logfile". Save the logfile and a txt-file will be produced..

Copy that one and paste it here
GR@PH;<‘S