Trojan.Vundo Removal

[itrama]

hi can someone help me remove Trojan.Vundo unable to remove this virus

[Puneet_]

did you search google for an answer ?
http://securityresponse.symantec.com...oval.tool.html

[itrama]

hey already searched a lot but still not able to remove this trojan.vundoo
geez that fix is not working

[vikas.pal]

hi itrama
use the FixVundo.exe in the attachment below
symantec link above has an old version for file.

[vikas.pal]

follow this important steps:
Close all the running programs.

If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.

If you are running Windows Me or XP, turn off System Restore.

Run FixVundo.exe file to start the removal tool in safe mode, once you fiinish scan restart and run this tool again to ensure that the system is clean.

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:
Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries

What the tool does:
The Removal Tool does the following:
Terminates the associated processes
Deletes the associated files
Deletes the registry values added by the threat

[itrama]

thanks a billion vikas finally able to remove in safe mode now re-running the scan

here is the log report.

Symantec Trojan.Vundo Removal Tool 1.3.1
The process "IEXPLORE.EXE" might be affected by the threat. It has been suspended.
The process "winlogon.exe" contained a viral thread (00000494). The thread was terminated.
The process "winlogon.exe" contained a viral thread (00000564). The thread was terminated.
The process "winlogon.exe" contained a viral thread (00000568). The thread was terminated.
The process "explorer.exe" contained a viral thread (0000063C). The thread was terminated.
The process "explorer.exe" contained a viral thread (00000640). The thread was terminated.
The process "explorer.exe" contained a viral thread (00000644). The thread was terminated.
The process "explorer.exe" contained a viral thread (00000648). The thread was terminated.
The process "IEXPLORE.EXE" might be affected by the threat. It has been terminated.

Process: 704 'winlogon.exe'. Module: 'C:\WINDOWS\System32\awvtq.dll' is malicious. Module desactivated!
Process: 1532 'explorer.exe'. Module: 'C:\WINDOWS\System32\awvtq.dll' is malicious. Module desactivated!
Winlogon plugin 'awvtq' -> dll file: 'C:\WINDOWS\System32\awvtq.dll' - is infected!
Deleted the registry key
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvtq".
C:\System Volume Information: (not scanned)
C:\WINDOWS\system32\awvtq.dll: (will be deleted on next reboot)
D:\System Volume Information: (not scanned)
registry: HKEY_CLASSES_ROOT\MSEvents.MSEvents (key deleted)
registry: HKEY_CLASSES_ROOT\MSEvents.MSEvents.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{827DC836-DD9F-4A68-A602-5812EB50A834} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{827DC836-DD9F-4A68-A602-5812EB50A834} (key deleted)


The Trojan.Vundo removal was successful.
The system will delete 1 Trojan.Vundo files from your PC on next reboot.

Here is the report:

1 file(s) could not be deleted.
They will be deleted on next reboot.

The total number of the scanned files: 83395
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 7
The number of registry entries fixed: 4

The tool initiated a system reboot.

[unidentified]

search for tags next time

How to remove TROJAN.VUNDO -- pmkji.dll

[punkdude600]

hey, also try following instructions from this link

How to remove TROJAN.VUNDO -- pmkji.dll

good luck!!!

[unidentified]

Quote:

Originally Posted by punkdude600

hey, also try following instructions from this link

How to remove TROJAN.VUNDO -- pmkji.dll

good luck!!!

What are you trying to prove. I posted the same link long time back?