P.C. Help - Trojan, Vundo.gen!H - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HotUKDeals, you accept our cookie and privacy policy.
Get the HotUKDeals app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

P.C. Help - Trojan, Vundo.gen!H

£0.00 @
Got a trojan on my comp, cant get rid of it!, used windows onecare and defender but it wont get rid of it. It also wont let me search via google or go on a few other sites. Anyone help? Read More
jaybizzle Avatar
8y, 11m agoPosted 8 years, 11 months ago
Got a trojan on my comp, cant get rid of it!, used windows onecare and defender but it wont get rid of it.

It also wont let me search via google or go on a few other sites.

Anyone help?
jaybizzle Avatar
8y, 11m agoPosted 8 years, 11 months ago
Options

All Comments

(11) Jump to unreadPost a comment
Comments/page:
#1
Trojan is : Vundo.gen!H
OS: Vista
#2
Directly quoting from another site forum:

"Thank You all for the help, I read all of the above and figured out how to fix my problem: Win32/Vundo.gen!H was infecting my computer (XP home). The solution for my problem: Downloaded MalwareBytes' Anti-Malware, installed it then started computer in safe mode & ran software. It removed the Trojan. Unfortunately OneCare did nothing to quarantine it. I will still continue to use OneCare as my main antivirus software."

I hope the OPs don't mind the direct quote, but it will help you get sorted.

A few sites are also saying run OneCare in safe mode with networking enabled and try again.

HTH,

xmal
#3
:oops:am also quoting If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

hope it helps
#4
karen21101
:oops:am also quoting If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

hope it helps


Tried all that malarky, no luck.
#5
:?what about disabling one care downloading the free avg and try to get rid of it that way
#6
You have the address for the direct download of avg?, the trojan wont let me search with google!
#7
jaybizzle
Tried all that malarky, no luck.



Try in safe mode
#8
jaybizzle
You have the address for the direct download of avg?, the trojan wont let me search with google!


http://free.avg.com/ww.download-avg-anti-virus-free-edition
#9
I had this problem last week and got an excellent solution from Bill on AumHa Forums (http://aumha.net/viewtopic.php?f=30&t=34973). It took a while to get through but the fix was very thorough and my computer working perfectly now. Hope that helps.

Michael
#10
Lol, the trojans even blocking me from visiting that site! Grrrrrrr

If anyone could copy and paste his advice in here that would be a great help!
#11
There are a variety of programs you need to d/l so you may have to use another computer anyway....These instructions were customised after I posted my Hijack this log but by looking at other posts seems quite generic. Good luck

First Steps

The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.

Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
Double-click FixPolicies.exe.
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box will briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.

Please download ATF Cleaner HERE by Atribune. (Mirror site: http://www.majorgeeks.com/ATF_Cleaner_d4949.html) It does not require any installation.. It is set up to clean Windows TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies.
Double-click ATF-Cleaner.exe to run the program.
First Step:
Under Main choose: Select All
Click the Empty Selected button.
.
Next, if you use Firefox (and some Mozilla-based browsers)
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
.
Next, if you use the Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

Malware Removal Steps

1. With all other applications closed (Taskbar empty), open HijackThis again, System Scan only. Checkmark these items (if found):

O2 - BHO: (no name) - {42BFABD3-B070-4053-9485-30D7E000D3D3} - C:\WINDOWS\system32\geBtQheD.dll
O2 - BHO: (no name) - {C8D782FD-C9D7-4B43-8BAB-540474E60AFB} - C:\WINDOWS\system32\nnnMdDtr.dll
O20 - Winlogon Notify: geBtQheD - C:\WINDOWS\SYSTEM32\geBtQheD.dll

Click "Fix checked" and when the log panel clears exit HijackThis.

2. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Once downloaded, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results.
Make sure all entries have a Checkmark at their far left, as shown in this image below. If you do not, the program will have done nothing:


.
Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then do a File, Save and then close the Notepad window. Remember where you saved the log file, as we will want to see it later. If MBAM suggests a reboot is necessary, be sure to do so. Otherwise there can be active infectors still on your system that would only be removed finally with the reboot sequence.

3. Download but do not yet run ComboFix©
If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download this file -- to your Desktop -- from either of these two sources:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Disconnect from the Internet.
Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
Double Click Combo-fix.exe to start the software.
A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combo-fix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when Combo-Fix appears to be doing nothing, look at your Drive light. If it is flashing, Combo-fix is still at work.

Re-enable your antivirus protection.

4. Run HijackThis again, System scan only, and save the log file.

Please post back to the Forum:
Your MBAM log results;
The contents of C:\Combofix.txt;
Your new HijackThis log.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!