rajasekarramasamy
asked on
Virus removal tools for Vundo.gen.d
My laptop infected by Vundo.gen.d Trojan virus. I need removal tool for this virus.
I am using windows xp Professional.
I am using windows xp Professional.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thansk for the logs.
Still some bad files leftover.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
-------------------------- ---------- ---------- ---------- ---------- ------
File::
C:\WINDOWS\system32\bucchc qq.ini
C:\WINDOWS\system32\hhwadq du.ini
C:\WINDOWS\atfxqogp.dll_ol d
C:\WINDOWS\ekel.exe
-------------------------- ---------- ---------- ---------- ---------- ------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
You can fix this redundant entry below in Hijackthis:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - (no file)
You have so many programs starting at bootup which slows down the booting time, you can if you like fix any 04 entries that you don't want to start when pc startup. I basically only have my security programs running at bootup.
Still some bad files leftover.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
--------------------------
File::
C:\WINDOWS\system32\bucchc
C:\WINDOWS\system32\hhwadq
C:\WINDOWS\atfxqogp.dll_ol
C:\WINDOWS\ekel.exe
--------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
You can fix this redundant entry below in Hijackthis:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-9
You have so many programs starting at bootup which slows down the booting time, you can if you like fix any 04 entries that you don't want to start when pc startup. I basically only have my security programs running at bootup.
ASKER
Kindly see the attachment for log file these log files is generated after running CFScript using Combofix.exe.
Combofix-log-after-running-CFScr.txt
hijackthis-log-after-CFScript-ru.txt
Combofix-log-after-running-CFScr.txt
hijackthis-log-after-CFScript-ru.txt
It doesn't look like those files were deleted, the log should've showed files listed "other Deletions"
Maybe because your antivirus was still enabled during the run, not sure why.
Can you run an online scan with Kaspersky?
Using Internet Explorer, run Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner
* Click 'Accept' in the window that pops up.
* You will be prompted to install an ActiveX component from Kaspersky, Click on the information bar and select Install ActiveX Control if so. This may happen more than once. That is OK. You also may get a warning from your Windows Firewall. You can tell it to unblock.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save Report As...' button:
* Make sure it says Save as a text file - change it if not
* Save the file to your desktop.
Maybe because your antivirus was still enabled during the run, not sure why.
Can you run an online scan with Kaspersky?
Using Internet Explorer, run Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner
* Click 'Accept' in the window that pops up.
* You will be prompted to install an ActiveX component from Kaspersky, Click on the information bar and select Install ActiveX Control if so. This may happen more than once. That is OK. You also may get a warning from your Windows Firewall. You can tell it to unblock.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save Report As...' button:
* Make sure it says Save as a text file - change it if not
* Save the file to your desktop.
ASKER
I am using Macfee 8.5 Now it showing that my laptop inf infected by this virus "EICAR test file" there is any tool to remove this virus completely.
I believe this virus/malware or so called (Test File) was downloaded from this website
http://www.eicar.org/anti_virus_test_file.htm
Additional notes:
(1) This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO.
(2) The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.
(3) The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products. It was decided not to change the file itself for backward-compatibility reasons.
The file has a highly encrypted data and can't be removed on normal mode.. Only Dos mode can do it,,, You can either boot to recovery console and then goto Dos prompt or try to do when you restart your windows and then by holding the key F8 many times u will have access to dos mode.
You can manually delete the files, You have some other choices which is delete the files by using a bootable CD like Hiren or Ultimate boot CD ...
Knoppix too does work...
http://www.eicar.org/anti_virus_test_file.htm
Additional notes:
(1) This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO.
(2) The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.
(3) The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products. It was decided not to change the file itself for backward-compatibility reasons.
The file has a highly encrypted data and can't be removed on normal mode.. Only Dos mode can do it,,, You can either boot to recovery console and then goto Dos prompt or try to do when you restart your windows and then by holding the key F8 many times u will have access to dos mode.
You can manually delete the files, You have some other choices which is delete the files by using a bootable CD like Hiren or Ultimate boot CD ...
Knoppix too does work...
A lot of antivirus detect "EICAR_test_file" as a virus but it's not viral, it's a harmless file.
http://www.viruslist.com/en/viruses/encyclopedia?virusid=55843
"EICAR test file" also explained here.
http://en.wikipedia.org/wiki/EICAR_test_file
I assume evrything's okay now as the question has been closed?
If so, please uninstall combofix.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Thanks!
http://www.viruslist.com/en/viruses/encyclopedia?virusid=55843
"EICAR test file" also explained here.
http://en.wikipedia.org/wiki/EICAR_test_file
I assume evrything's okay now as the question has been closed?
If so, please uninstall combofix.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Thanks!
ASKER
Hi rpggamergirl,
I uninstalled the Combofix from my system.
Thanks.
I uninstalled the Combofix from my system.
Thanks.
rajasekarramasamy,
You're welcome.
Thank you.
You're welcome.
Thank you.
ASKER
hijackthis.log
Combofix-log.txt