Software > Computer viruses and spyware
Trojan.Vundo.B warning won't go away
MarleneD:
O.k. gang,
So, I got into safemode by pressing F8. Black screen came up with no desktop. Brought up Task Manager (Ctl, Alt, Del) then navigated to my desk top (File, New Task, Browse button) and started the removal tool. After removal tool ran it reported that no trojan.Vundo.B had been detected. Then, I ran a full scan (Norton) in safemode, since I was already in that mode; again, through Task Manager. The scan revealed one virus - yes, that's right folks that Vundo.B bug! I deleted it, restarted and went back to normal mode but, I still got the same red flag virus alert message.
The Symantec website suggests that when persistent messages appear it could be that Windows may be using the file. Symantec also reccomended that if after using the scan in safemode and messages still appeared then the next step is to delete the value from the registry. Well, I still get the virus alert message so I guess that's my next step :-/
It gave some specific subkeys to delete:
HKEY_LOCAL_MACHINE\SOFTWATE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\[Trojan file name]
HKEY_LOCAL-MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\urrentVersion\Explorer\Browser Je;[er Pbkects\{_44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
"Is it safe?" to delete?
GX1_Man:
Nothing to lose. Just backup your data in case of catastrophe.
I guess that is something to lose, though, isn't it?
Fed:
Once it's fixed Marlene I'd be interested to know what real time protection you're using & if it's uptodate?
I thought you got your protection sorted out last time.
dl65:
MarleneD.....I would be inclined to check the following before making the registry alterations......
1 make sure system restore is turned off .
2 go to control panel ....folder options and click view ......then make sure .......Show hidden files and folders is marked. Now click apply and ok.
3 Run a scan with your anti virus (make sure its up to date)
If its still there .......click start /Run .......in the run box type regedit and enter. when the registry editor opens ...click Edit , then Find .......in the "find what" box type Vundo then click Find next............let it search and it will take you directly that entry ......hilite it and right click and select delete .......now go back to the find what box .....and Vundo will still be entered ........so click find next again it will search until it either finds another entry or you will see the message ......finished searching through the registry. At this point go out reboot and see if things are ok.
dl65 ::)
MarleneD:
Well, I finally got the alert window to disappear from everyone's log on except for mine (we each have our own log on windows in Windows XP). I'm very perplexed as to why it keeps popping up after I've run the removal tool , making sure I follow all instructions i.e. turn off system restore, run removal tool in safemode then scan in safemode etc. Then the result of the removal tool is always "trojan.vundo.b not found on computer". The result of the scan reveals 1 virus found (vundo) , I remove it and it always says that it was succesfully removed yet I still get that alert window!
BTW, it's curious to me that I still get a black screen in safemode with no desktop at all; only the word safemode on each corner and a sentence in the middle top screen (can't remember what it says). I click all around the screen and nothing happens. The only way to navigate to folders and files is through Task Manager which I just happen to try by Ctl-Alt-Del.
Running through the registry I found one key that said trojan.vundo.b and deleted it. The rest were anti-virus removal tool keys and still others did not say vundo at all even though the search was specific to vundo.
I have Norton Anti virus which came with my new computer (bought in May of 2005). I have a Dell 4700 Dimension.
Any other suggestions to remove this pesty alert window?
Thanks :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version