Damn Virus!

General Forums Tech
#1

For the last couple days I’ve had the “Vundo.B” virus on my computer, and for the life of me I can’t get rid of it. I’ve downloaded the removal tool, but that doesn’t even find the virus. I’ve tried deleting the file using command prompt (norton gives me its exact location), and I’ve tried starting my computer in safe mode (with and without networking) and running a full norton scan but it still can’t be deleted.

What else is there I can do? I’m considering backing up all of my important files and reformatting my computer, but that’s a lot of work.

#2

What about downloading Bart. And then using that. ?

nu2.nu/pebuilder/

It does lots. File management.
Av software if you have a router or a dhcp network it will update and scan the machine. Hidden file’s tool’s Unlock tool’s It rock’s try it out.

#3

Here try this one. It’s pretty damn good at stomping trojans, the demo will work 14 days:
ewido.net/en/download/

had the same problem with nail.exe trojan

#4

^ Hey man, thanks for the link.

I’m running a scan in the WINDOWS folder, but so far it hasn’t reached the “web” folder, where the trojan I’m hunting for is, but it has found some 12 other trojans :S

This is great, I’ll do a full system scan overnight and hopefully get rid of everything on my comp, that’d be nice.

Wow… it hasn’t found the trojan :S
This Vundo is one trooper, that’s for sure.

#5

Does this program remove the nail.exe
I have a process running in my control alt delete thingy, and when ever i close it, it renames it self… Random letters… like slkdj.exe or eleiut.exe
its a pain in the as$, and it causes popups.

#6

Nail is an ugly one, Ad Aware didn’t even see it, but if you look in the registry it’s there as c:\windows\nail.exe and in the prefetch. removing it doens’t help, safe mode scanning doesn’t help.
It looks like it’s put in by system.ini but it’s a phoney one called SytemIni.

Used HijackTHis in safe to kill nail & the scrambled letter processes, rebooted and ran ewido. Seemed to do it. Also found PornPopCap, a keylogger and about ten others AdAware missed!
Don’t forget to shut down cold… the goddam thing seems to hide in memory if you reboot and reinstall itself yet again.

GO here for vundo.b removal tool and check out full page instructions:
securityresponse.symantec.com/av … .tool.html

#7

^ Perfect timing for symantec, I was frustrated to only get the original Vundo removal tool.

#8

:laughing: glad i stopped using windows.

#9