Quake3World

A freind has XP Pro with SP2 and norton antivirus 2005. Everything is updated.

Today it shows a virus, a trojan called trojan.vundo. I downloaded the fixvundo.exe from the symantec security response site and ran it. At the end of the scan it said trojan.vundo was not found on your computer. Yet the norton pop-up showing there is a virus keeps coming on the screen showing this trojan. I did turn off system restore.

It shows this trojan is in C:\windows\system32\byvww.dll

I tried a program called trojan hunter that I was told is good, but it did not detect this trojan. Norton says it cannot delete this file or repair it. I am trying now in safe mode, but I fear it will be useless.

Can someone give me a suggestion.....a polite one.

check norton web site on how to manually delete the virus files and registry items of the virus.

Yes that is my next step. I was curious why Norton would detect it, but their fixvundo tool did not.

Have you guys used trojan hunter? If so what are the reviews?

The fourth step in manual removal is to run a full system scan in safe mode and delete all infected files. It detected 5 files, all dlls, but will not allow me to delete them....as the manual removal says to do.

It will not fix them, not quarantine them, not delete them.

What do I do next?

Reading up on it and most of what I read is this.

Clicke

Still reading up though.

Edit: If you run Hijack Paste the log file HERE. easer to read I think.

riddla wrote:boot from a linux liveCD that will read your NTFS filesystem and whack em that way.

I don't know how to do it that way.

corpse wrote: I don't know how to do it that way.

google for knoppix, d-load iso, burn to cd, boot from cd, r-click on hdd and select mount(r/w), rest is same as in windows

Hr.O wrote:

corpse wrote: I don't know how to do it that way.

google for knoppix, d-load iso, burn to cd, boot from cd, r-click on hdd and select mount(r/w), rest is same as in windows

You're kidding right? Anyone who has problems with XP navigation is going to be completely lost trying to run up a *nix distro.

Corpse: Have you tried running a Trend Micro online scanto see if it detects anything? Thats an easy step to take for starters.

I have not, but the Norton message keeps popping up saying there is the vundotrojan detected.

I have googled a bit and am going to try the "highjackthis" solution. I have read about other people with the same problem. The fixvundo.exe will not detect it, but the norton scan does.

corpse wrote:I have not, but the Norton message keeps popping up saying there is the vundotrojan detected.

I have googled a bit and am going to try the "highjackthis" solution. I have read about other people with the same problem. The fixvundo.exe will not detect it, but the norton scan does.

So if their trojan-specific utility won't detect it then trying another (reliable) vendor's product would make sense.

What do you suggest to get rid of it? The trend scan does show it


Using the information from the link provided above in this thread

corpse wrote:What do you suggest to get rid of it? The trend scan does show it


Using the information from the link provided above in this thread

Have you tried letting Trend Micro remove it? If it cannot then go to Symantec's site and print off the step by step instructions for manually removing this trojan. Then boot into safe mode and follow those instructions. After you've done that, reboot and run another Norton and Trend Micro scan to see if the worm is actually gone.

If the file is locked, you can use a method of unlocking it or using an app like Unlocker (google it).

Well, trend shows 5 viruses now and Norton shows only the one listed above. I used Trend to remove the 5 it showed, but the norton windows keeps popping up saying there is vundo.

The manual removal from Norton does not work. This windows from norton av keeps coming on.

I am going to try uninstalling Norton and then reinstalling it and see if that helps.

AVG and trend now show it is clean.