Yesterday I ran a full Norton scan of my son's laptop and found 15 copies of Vundo and VundoB plus an infostealer. Later another full scan found 2 copies of Vundo. Today I downloaded the Norton Vundo removal tool onto my own PC and copied it across to the laptop by CD. I ran the tool twice, the second time in safe mode, and got "The log could not be created. Trojan Vundo has not ben found on your computer". A full Norton scan also found nothing. Have I really cracked it, or is Vundo lurking in some dark corner ready to strike? I should add that the laptop has not ben connected to the internet since the first scan, and I was wondering whether Vundo is only activated by an internet action.
I had turned off system restore. On loading some of the users I'm now getting a message "Error loading C\Windows\System32\ddabc.dll ...could not be found. I've also had dueqshqf.dll which seems to have gone away, or masked by the other one. The affected users seem to run OK.
In the past I've had Blue Screen messages about file inconsistency.
By turning off SR you have removed only part of Virtumonde,there will be remanants left.
ddabc.dll is part of Virtumonde.
System Restore should only really be turned off once an expert has advised you that the system is clean,they will then ask you to flush any further restore points. I would recommend you download and run Hijackthis and post the scan log at a malware removal forum.
Mike_R - The best advice at the moment is from skidzy, that is download and run HijackThis and post the log over at malwareremoval, you may very well have vundo and we can have a look at your log and hopefully remove it for you !