PDA

View Full Version : Trogen removal



philsmove
30th-September-2009, 11:44 AM
O Dear

I seem to have picked up a nasty Trojan

McAfee is detecting :


C:\WINDOWS\system32\duzirasa.dll - Vundo.gen.bm
but is unable to clean or delete it

I am running Widows XP SP3

It is stopping windows updates

and bringing up unwanted web pages

pmjd
30th-September-2009, 11:57 AM
Came across this advice (http://forums.mcafeehelp.com/showthread.php?t=219007) on the McAfee forum, so probably no easy tool to remove it. Came across other online guides which were quite lengthy.

Oh and before you start disable system restore, incase the virus has managed to safely ensconce itself there.

Phil_dB
30th-September-2009, 02:01 PM
I've seen a lot of success from this, - no need to buy it, the free version can fix problems

http://www.malwarebytes.org/mbam.php

knightengale
30th-September-2009, 02:02 PM
O Dear

I seem to have picked up a nasty Trojan

McAfee is detecting :


but is unable to clean or delete it

I am running Widows XP SP3

It is stopping windows updates

and bringing up unwanted web pages

Try and get hold of Avast, CCleaner, Spybot, Adware etc.

Then shutdown teh machine and restart in SAFE Mode.
Install the above / run your antivius on full scan in safe mode.
Wait till it finds (and hopefully deletes it). :whistle:
Then run the next one on the list, hopefully this will work.
Although some are really B@stards to get rid of.:tears:

philsmove
30th-September-2009, 07:45 PM
Try and get hold of Avast, CCleaner, Spybot, Adware etc.

:

unfortunately Avast had a similar success rate as McAfee, some deleted but 3 still there

Dreadful Scathe
1st-October-2009, 04:42 PM
nuke your entire computer from orbit

its the only way to be sure :)

philsmove
1st-October-2009, 07:12 PM
nuke your entire computer from orbit

its the only way to be sure :)

Looking forward to it
but got to wait for the new one first

Missy D
8th-October-2009, 08:38 PM
O Dear

I seem to have picked up a nasty Trojan

McAfee is detecting :


but is unable to clean or delete it

I am running Widows XP SP3

It is stopping windows updates

and bringing up unwanted web pages

I have this too and have McAfee. How come this trojan got in. Actually I have 2 and cant access my control panel to add or remove programmes. :confused:

Sheepman
9th-October-2009, 11:43 AM
It seems like MalWareByte (but not MalwareRemovalBot - that is malware!) is the way to go to attack this, if the infection stops you installing or running it, there's loads of advice here, including information on how you got infected:-

http://hubpages.com/hub/Trojan-Vundo-Removal

This includes the advice -
"Free Malwarebyte's should be enough to clean out the infection. It just works in on-demand scan mode, not in the background.

Make sure you repeat the MB scan at least twice, hard-resetting PC aftre each scan. Also do a scan in Safe Mode (when computer boots, hold F8 key until Windows Boot Menu appears, and select safe mode either VGA or with Networking)."

This looks a bit old (updated Nov 2005) but might be worth a try, it has had some favourable mentions -
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99

And if all else fails, and you're brave/foolish enough to delve into your registry, here are details for doing it manually -
http://segmentnext.com/index.php/2009/02/08/how-to-manually-remove-the-vundo-trojan/

I'm now feeling a bit paranoid about Vundo and other nasties!
HTH
Greg

philsmove
9th-October-2009, 01:45 PM
In the end I I took to a Orchard Computers in Yate
they used

Malwaewbytes
Trsteer Rapport
HiJack This
Spybot
C Cleaner

They recommended I keep McAfee
But run Spybot from time to time
Also do a manual McAfee update and scan from time to time

Agente Secreto
9th-October-2009, 03:11 PM
I'm now feeling a bit paranoid about Vundo and other nasties!

I work in information security, and use up to date packages for protecting the endpoint with MalwareBytes (free version), Ad-Aware and Spybot. Even with my browser security settings cranked up I've been hit twice in the last 18 months because the kids have clicked on web-pages and ended up downloading malcious payloads. I've actually printed off a page like the one in your first link to show them the kinds of web pop-ups to ignore.

philsmove
10th-October-2009, 11:10 AM
Make sure you repeat the MB scan at least twice, hard-resetting PC aftre each scan. Also do a scan in Safe Mode (when computer boots, hold F8 key until Windows Boot Menu appears, and select safe mode either VGA or with Networking)."


:yeah:
I seems to need AT LEAST TWO scans (one in Safe mode) to complete get rid of it


It you pick up a second infection, remember to run an update

bigdjiver
10th-October-2009, 02:03 PM
www.ternd.com (http://www.ternd.com) do a free online scan called housecall which removed a worm that somehow got on my PC.