Trojan Horse Vundo.KA and .JW

Hi,

running Vista Homebasic on dell 1545 with 4gb ram, had Mcafee installed when
purchased and changed to avg 9 for trial, in between this running out and
deciding on using zonealarm extreme security, something has got in as
initially noted Google search redirects then attempts to lock out my
internet banking (their security measures worked!!) I now have AVG 9 and
Stopzilla running, AVG has listed the Trojan shown above on a daily basis in
csrss.exe and smss.exe, both running from %windir%\System32, nothing seems
to be able to remove this critter!! tried rkill but Stopzilla treats it as a
Trojan too...any thoughts/ help greatly appreciated?

also as a side note when running rootkit scan in AVG9, it reboots laptop
after 2/3 sec and today I now get DCOM service failures which boots the
machine...getting to be a bit of an issue as it is my percy work lap.

Am 22.01.2010 13:21, schrieb T-fit Admin:
> ...getting to be a bit of an issue as it is my percy work lap.
>
Hopefully you've got BackUps to restore your system after reformatting... .

T-fit Admin

First of all replace your User Profile which is corrupt most probably as per your
csrss.exe and smss.exe error indicates and next get rid of Stopzilla and Zone Alarm
which are nothing but useless and trouble makers and replace them with something
like the built in Windows Firewall . Also use the below tool to uninstall Mcafee
correctly which you probably did not and remnants of it are still at work
(Guaranteed)

Mcafee removal Tool
http://service.mcafee.com/FAQDocumen...33&id=TS100507

After run the following two free apps

SuperAntiSpyware
http://www.superantispyware.com/
MalwareBytes
http://www.malwarebytes.com/

When done reboot and post back on how your system stands after


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"T-fit Admin" <admin@tfitinc.co.uk> wrote in message
news:%23S0Ik11mKHA.1552@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> running Vista Homebasic on dell 1545 with 4gb ram, had Mcafee installed when
> purchased and changed to avg 9 for trial, in between this running out and deciding
> on using zonealarm extreme security, something has got in as initially noted
> Google search redirects then attempts to lock out my internet banking (their
> security measures worked!!) I now have AVG 9 and Stopzilla running, AVG has listed
> the Trojan shown above on a daily basis in and smscsrss.exe s.exe, both running
> from %windir%\System32, nothing seems to be able to remove this critter!! tried
> rkill but Stopzilla treats it as a Trojan too...any thoughts/ help greatly
> appreciated?
>
> also as a side note when running rootkit scan in AVG9, it reboots laptop after 2/3
> sec and today I now get DCOM service failures which boots the machine...getting to
> be a bit of an issue as it is my percy work lap.

From: "T-fit Admin" <admin@tfitinc.co.uk>

| Hi,

| running Vista Homebasic on dell 1545 with 4gb ram, had Mcafee installed when
| purchased and changed to avg 9 for trial, in between this running out and
| deciding on using zonealarm extreme security, something has got in as
| initially noted Google search redirects then attempts to lock out my
| internet banking (their security measures worked!!) I now have AVG 9 and
| Stopzilla running, AVG has listed the Trojan shown above on a daily basis in
| csrss.exe and smss.exe, both running from %windir%\System32, nothing seems
| to be able to remove this critter!! tried rkill but Stopzilla treats it as a
| Trojan too...any thoughts/ help greatly appreciated?

| also as a side note when running rootkit scan in AVG9, it reboots laptop
| after 2/3 sec and today I now get DCOM service failures which boots the
| machine...getting to be a bit of an issue as it is my percy work lap.



Go into Safe Mode.

Restore the PC to a restore point prior to the attempted fix or infection.

Hopefully upon reboot the PC will be functioning, albeit probably infected, without DCOM
errors/failures.

Make sure McAfee is FULLY uninstalled.

Uninstall StopZilla.

Download, install, update and then execute, Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp