I have tried many antivirus software but I am not able to get rid of this trojan. It will keep coming in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan? Can anyone tell me how to remove it once and for all. Thanks.
I have tried many antivirus software but I am not able to get rid of this trojan. It will keep coming in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan? Can anyone tell me how to remove it once and for all. Thanks.
Can you try to right click on the subfolder on that registry key and the choose permissions and assign yourself a full control on that same key and then try to delete it. If it is not working, then download Ccleaner and log into safe mode and then try to delete the same registry key. Check if it is working or not.
I am able to delete the Vundo/MS Juan trojan but it keeps coming back in my computer? Do you have any other ideas? Thanks for the reply
Win32/Vundo is a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files. To remove it, follow the steps given here - http://www.microsoft.com/security/po...=Win32%2fVundo
Can you try to login to Safe Mode and then run a good antivirus software and a spyware program as well, to remove whatever keeps re-applying that registry entry. You can also use the Spybot S&D that will alert you to registry changes done. After you set it to not allow that change, you wont see it added again.
Did you try to use any registry security applications like ccleaner? It will be able to stop anything editing the registry for sure.
You have to run a complete scan again and then delete all the restore points and then create a new one by right clicking on My Computer and the seleting Properties > System Restore Tab > and checking this check box - Turn OFF System Restore on all drivers. After that click apply and then ok and then repeat the steps again and this time uncheck the check box and click apply and ok. Now reboot the computer and see if you still the the trojan entry or not.
I fought this problem for a long time and finally figured out that Spybot's Tea Timer was the program that was stopping me from deleting the Vundo/Virtumonde entries in the registry. I temporarily disabled Spybot's Tea Timer, deleted the problem entries, rebooted and it got rid of the problem.
I also agree that Tea Time can be confusing, but you cannot tell at times if the change is what you have tried or its the malware trying to reinsert its registry entries.
Download a tool called HijackThis and run it on your pc. It will create all the system logs and from that some analysis can be made where the problem lies exactly.
Bookmarks