?
Solved

How to remove recurring virus (farakive.dll)

Posted on 2009-04-28
7
Medium Priority
?
583 Views
Last Modified: 2013-11-30
Hello - I'm trying to help a client remove a virus (possibly Trojan Vundo?)... they're currently using the free version of AVG for virus protection, and it's finding an infected file named "farakive.dll". They're letting AVG remove the infected file, but after several minutes, it comes back, so obviously not the root of the problem.

When trying to restart the computer, Windows XP (media center edition) says it can't end the process rundll32.exe and they must end task.

Whatever it is, it's breaking Explorer (very slow, lots of random popups) and Outlook (launches with an error). I've tried disabling all the startup items using msconfig, but after restart, at least a couple are automagically re-enabled: kumabobu and sedutodo

Was hoping to avoid a fresh install of Windows XP, but if that's the best thing to recommend, please let me know. As far as utilities to run, they've already run ccleaner, malwarebyes and AVG. They always seem to find the same files, but they come back again later after removal.

Thanks in advance for any help/advice.
0
Comment
Question by:MindPalette
7 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 2000 total points
ID: 24251176
This is a Vundo variant. You can remove it with the free utilities (and directions) listed here.
http://www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde
In short, you can remove it with Malwarebytes. It's free and available from this link.
www.malwarebytes.org
After you update Malwarebytes make sure to boot into Safe Mode and then run your scans.  
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 24251186
In case you run into the same removal issues as before you might look at this posting. It covers how to remove vundo when it re-occurs.
http://www.computing.net/answers/security/trojan-vundo-removal/17075.html
0
 

Author Comment

by:MindPalette
ID: 24251267
Thanks for the quick response.

They've already run the (free trial version of) Malwarebytes on the machine after booting up in safe mode, and it found/deleted a lot of files, but the problem returned after a normal restart. I'll see what else I can find out... would one of the other/free utilities do something that Malwarebytes didn't?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:MindPalette
ID: 24251290
I'm sorry - I now see the "if that didn't work" option at the bottom of the link you posted for VirtumundoBegone and will try that next.
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 24251314
If that fails, you might want to run Combofix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24256048
There's another scanner that you might want to try, its called as SuperAntiSpyware - www.superantispyware.com , its also quite powerful and I suggest a scan in safe mode (without networking). Sometimes, it can find infections that MalwareBytes doesn't.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24258036
Combofix as already suggested is the best tool for vundo infection, you just need to attach the resulting log to make sure it's clean as sometimes bad entries still need to be removed using Combofix script function.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question