Have I got rid of Vundo?

  Mike_R 18:46 24 Jul 2008

Yesterday I ran a full Norton scan of my son's laptop and found 15 copies of Vundo and VundoB plus an infostealer. Later another full scan found 2 copies of Vundo. Today I downloaded the Norton Vundo removal tool onto my own PC and copied it across to the laptop by CD. I ran the tool twice, the second time in safe mode, and got "The log could not be created. Trojan Vundo has not ben found on your computer". A full Norton scan also found nothing.
Have I really cracked it, or is Vundo lurking in some dark corner ready to strike? I should add that the laptop has not ben connected to the internet since the first scan, and I was wondering whether Vundo is only activated by an internet action.

  sidecar sid 18:59 24 Jul 2008

You could try running
Vundo Fix
And see find anything.
click here

  mfletch 19:01 24 Jul 2008


Download this and do a quick scan in normal mode,

MBAM/ Malwarebytes/ Antimalware click here

This should give you a second opinion on if your computer is clean or not,


  rossgolf 19:08 24 Jul 2008

when you run the programs. run them with system restore off

  skidzy 19:58 24 Jul 2008

Turning off System Restore is not really recommended,an infected restore point is better than no restore points.

  mr gee 22:03 24 Jul 2008

if you dont turn off system restore you may never get rid of vundo because every time you re-start it will still be on the computer ..When you have completed your scans turn system restore back on.

  Mike_R 10:17 25 Jul 2008

Thanks. I ran Vundo Fix which found 7 copies of the virus. Fingers crossed that it is cleared.

  rossgolf 11:59 25 Jul 2008

im only saying that because when i got rid of mine, it kept coming back through the system restore.
when i turned it off, it went completely

  Mike_R 13:03 25 Jul 2008

I had turned off system restore. On loading some of the users I'm now getting a message "Error loading C\Windows\System32\ddabc.dll ...could not be found. I've also had dueqshqf.dll which seems to have gone away, or masked by the other one. The affected users seem to run OK.

In the past I've had Blue Screen messages about file inconsistency.

  skidzy 16:11 25 Jul 2008

By turning off SR you have removed only part of Virtumonde,there will be remanants left.

ddabc.dll is part of Virtumonde.

System Restore should only really be turned off once an expert has advised you that the system is clean,they will then ask you to flush any further restore points.
I would recommend you download and run Hijackthis and post the scan log at a malware removal forum.

HJT click here (direct download)

MWR click here

  curlylad 16:43 25 Jul 2008

Mike_R - The best advice at the moment is from skidzy, that is download and run HijackThis and post the log over at malwareremoval, you may very well have vundo and we can have a look at your log and hopefully remove it for you !

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

No need to scan sketches into your computer with Moleskine's new smart pen

WWDC history: Apple's product launches since 2005

Comment importer des contacts d’un iPhone à un autre iPhone ?