Trojan vundo virus..............help !! [Archive]

bigtoe

Nov 18, 2005, 01:12 PM

i had a trojan /desktop hijacker a few months ago (W32.Sinnaka.A@mm virus/worm ) i also had an antivirus running which did not clear it

i followed this i got from another forum
and it cleared any virus my pc had it takes time
(just thought i would post it as it may help)

There is much to be done ... you might find it helpful to print these instructions so that you can refer to them.

Next, download CCleaner 1.24.180 from the link at the upper right of this page: http://www.filehippo.com/download_ccleaner.html

Install it, but don't run it yet.

Second, you'll need to download the Ewido security suite trial: http://download.ewido.net/ewido-setup.exe

After the download is complete, double click on the file to launch the installation. During installation (under Additonal Options), you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". UNCHECK both of these options.

[Ewido has a 14 day free trial period, so the realtime guard and automatic update will stop functioning after that period, although you can continue to use it as an on-demand scanner]

Once the installation is completed, double-click the big "E" icon on your desktop. The Ewido program will prompt you to update ... please click OK.

On the left hand side of the main screen, click on "Update" and then "Start Update". You will see "Update Successful" in the lower left corner when the process is completed.

Close Ewido at this point. DO NOT scan with it yet.

There is an automated tool created by noahdfear that can get rid of most variations of this infection.

Download smitRem.exe from here: http://noahdfear.geekstogo.com/click%20cou.../click.php?id=1

Save the file to your desktop ... it is a self extracting file.

Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.

Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

Enter the Windows Control Panel and double-click on Add/Remove Programs. When the installed programs list appears, double-click on any of the following entries that appear, and allow them to uninstall ... no worries if you don't see some/all of them:

Security IGuard
Virtual Maid
Search Maid
PSGuard

Then exit the Add/Remove Programs screen and the Control Panel.

Next, reboot your computer into safe mode: target="_blank" class="postlink">http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Run HJT at this point ... be certain there are no other open windows. Put a checkmark next to the following items, and press "Fix Checked":

O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp4B12.tmp

Perform the following steps while still in safe mode:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Your desktop and icons may disappear and then reappear again --- this is normal.

Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient. The tool will create a log named smitfiles.txt in the root of your drive.

* Now, launch CCleaner. Before "running" it, check under Options > Settings and uncheck "Only delete files in Windows Temp folder older than 48 hours".

You'll see a Windows tab on the left side under "Cleaner Settings". For this pest removal process, I would suggest you do this:

"Internet Explorer": select everything except Cookies.
"Windows Explorer": select everything
"System": select everything
"Advanced": select everything

Under the Applications tab:

Clean all except cookies in the Firefox/Mozilla section (if you use it).
Clean all in the Opera section (if you use it).
Clean Sun Java in the Internet Section.
Clean any others that you choose.

Now, click the "Run Cleaner" button in the lower right. You can check "Analyze" first if you wish to see what will be removed. The process may take a while, so be patient.

* Next, open Ewido as before.

Click on "Scanner" (at the top on the left) and then "Settings".

Confirm that "Scan Every File" is selected. Then press "OK".

On the main screen, click "Complete System Scan".

You will be prompted to clean the first infected file that Ewido finds. When this happens, select "Clean" but also check the "Perform action on all infections" ... that will keep you from going nuts with every pop-up alert. Click "OK".

When the scan is complete, click "Save Report". It will save as a .txt file that you can copy/paste in this thread.

Ewido may seem to "crash/hang" when examining badly infected computers ... if it does this, go back to the original Scanner > Settings menu and uncheck "Scan in NTFS Alternate Data Streams". Click "OK" and then follow the instructions once again.

Close Ewido.

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present. Click OK then Apply and OK.

Restart back into Windows normally now.