MindPalette
asked on
How to remove recurring virus (farakive.dll)
Hello - I'm trying to help a client remove a virus (possibly Trojan Vundo?)... they're currently using the free version of AVG for virus protection, and it's finding an infected file named "farakive.dll". They're letting AVG remove the infected file, but after several minutes, it comes back, so obviously not the root of the problem.
When trying to restart the computer, Windows XP (media center edition) says it can't end the process rundll32.exe and they must end task.
Whatever it is, it's breaking Explorer (very slow, lots of random popups) and Outlook (launches with an error). I've tried disabling all the startup items using msconfig, but after restart, at least a couple are automagically re-enabled: kumabobu and sedutodo
Was hoping to avoid a fresh install of Windows XP, but if that's the best thing to recommend, please let me know. As far as utilities to run, they've already run ccleaner, malwarebyes and AVG. They always seem to find the same files, but they come back again later after removal.
Thanks in advance for any help/advice.
When trying to restart the computer, Windows XP (media center edition) says it can't end the process rundll32.exe and they must end task.
Whatever it is, it's breaking Explorer (very slow, lots of random popups) and Outlook (launches with an error). I've tried disabling all the startup items using msconfig, but after restart, at least a couple are automagically re-enabled: kumabobu and sedutodo
Was hoping to avoid a fresh install of Windows XP, but if that's the best thing to recommend, please let me know. As far as utilities to run, they've already run ccleaner, malwarebyes and AVG. They always seem to find the same files, but they come back again later after removal.
Thanks in advance for any help/advice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the quick response.
They've already run the (free trial version of) Malwarebytes on the machine after booting up in safe mode, and it found/deleted a lot of files, but the problem returned after a normal restart. I'll see what else I can find out... would one of the other/free utilities do something that Malwarebytes didn't?
They've already run the (free trial version of) Malwarebytes on the machine after booting up in safe mode, and it found/deleted a lot of files, but the problem returned after a normal restart. I'll see what else I can find out... would one of the other/free utilities do something that Malwarebytes didn't?
ASKER
I'm sorry - I now see the "if that didn't work" option at the bottom of the link you posted for VirtumundoBegone and will try that next.
If that fails, you might want to run Combofix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
There's another scanner that you might want to try, its called as SuperAntiSpyware - www.superantispyware.com , its also quite powerful and I suggest a scan in safe mode (without networking). Sometimes, it can find infections that MalwareBytes doesn't.
Combofix as already suggested is the best tool for vundo infection, you just need to attach the resulting log to make sure it's clean as sometimes bad entries still need to be removed using Combofix script function.
http://www.computing.net/answers/security/trojan-vundo-removal/17075.html