Vundo virus on laptop help!

geministar2008

New Member
Hi

My computer has been having issues accessing some internet sites: facebook, yahoo, thisiscornwall and so on.

I have Kaspersky internet security and thought everything was ok. Until i decided to download AVG. Whilst running this scan AVG discovered i have a Vundo. 0 trojan. AVG stated the trojan had been deleted. However i decided to manually remove the program the trojan was found in (a zip file for registry mechanic sent from a friend). I also uninstalled the program.

However the problem is still there and i cannot access certian sites.

Does anyone know what i can do to get rid of this problem? I have tried a vundo removal program and also vundobegone (in which you start the program in safe mode) these both returned a nothing found result.

Any advice would be great i have vista ultimate 32 bit service pack 1. My laptop is an advent and is only a year old.

Thanks:D
 

My Computer

You've got to remove all these.

Files associated with Vundo infection:

vtsqo.dll
agtcesdo.exe
aocreofm.dll
awtstqn.dll
awttrpo.dll
awturop.dll
bqtsmphi.dll
byxvvsp.dll
byxxwtq.dll
cbxvsrp.dll
cbxvvww.dll
ddcyvvw.dll
efcayvs.dll
efcbcyy.dll
efccbxv.dll
efcyvss.dll
fccaxyy.dll
gebbbby.dll
gebxxxx.dll
hggdbyw.dll
hggebxw.dll
hggeeff.dll
hggggfc.dll
hgghfda.dll
iifccbc.dll
iifddaw.dll
iifddec.dll
jkkhheb.dll
jkkkigf.dll
jkklmli.dll
khfdaab.dll
khfefed.dll
khffcdd.dll
ljjhhig.dll
ljjjhge.dll
ljjkigd.dll
mljgedd.dll
mljghfe.dll
mljkiji.dll
nnnklml.dll
nnnllji.dll
nnnmjig.dll
nnnonnk.dll
opnklif.dll
opnomll.dll
pmnkhgf.dll
pmnljgg.dll
qomkjkj.dll
qomlkjj.dll
qomlljh.dll
rqrolkk.dll
ssqnnmn.dll
ssqomkj.dll
ssqpppm.dll
ssqqrop.dll
ssqrpno.dll
ssqrrqr.dll
ssqrs.dll
tuvsspp.dll
tuvssss.dll
tuvtsqq.dll
tuvttsq.dll
urqnklj.dll
urqnoml.dll
urqopqn.dll
urqpoom.dll
urqqpom.dll
vtuutrq.dll
wvurrro.dll
wvusqqn.dll
wvusqqq.dll
wvusqrr.dll
wvuvvut.dll
xleshega.dll
xxyawvw.dll
xxyaywu.dll
xxyywxw.dll
yayvtsp.dll
yayxwxx.dll
yayyyxw.dll
srqss.bak1
srqss.bak2
srqss.ini
srqss.ini2
cbXqpoMF.dll
egesewvs.dll
jkkIyYSi.dll
ljJYRJDw.dll
ssqnmNhI.dll
1696513598.exe
scan[1].exe
iifgfCsP.dll
tuVPgdDW.dll
qoMfEusT.dll
dsnrhz.dll
sywagp.dll
geBtUoLd.dll
awtussPi.dll
ljJARjii.dll
file[1].exe
update.1.014[1].exe
mlJYOeby.dll
hgGaATJa.dll
cqaihphf.dll
wvUlkHaX.dll
rqRiGyvw.dll
iifecbYo.dll
jkkIBTNE.dll
xh-codec.v.1.189[1].exe
mqmnhhrd.dll
10002.exe
qvmzxdoc.dll
khfghhIA.dll
geBuUMef.dll
opnKecCv.dll
file[2].exe
efcCspPg.dll
khfFyVPj.dll
rlawcyxm.dll
uvwvjvgk.dll
xxyvuuro.dll
tuvSihIy.dll
hgGYoPGx.dll
yjrhhukn.dll
mws29854.dll
efcDVmLb.dll
cbXRHbab.dll
qqkdgkie.dll
wvUoppPh.dll
Vundo DLL's to remove:

vtsqo.dll
aocreofm.dll
awtstqn.dll
awttrpo.dll
awturop.dll
bqtsmphi.dll
byxvvsp.dll
byxxwtq.dll
cbxvsrp.dll
cbxvvww.dll
ddcyvvw.dll
efcayvs.dll
efcbcyy.dll
efccbxv.dll
efcyvss.dll
fccaxyy.dll
gebbbby.dll
gebxxxx.dll
hggdbyw.dll
hggebxw.dll
hggeeff.dll
hggggfc.dll
hgghfda.dll
iifccbc.dll
iifddaw.dll
iifddec.dll
jkkhheb.dll
jkkkigf.dll
jkklmli.dll
khfdaab.dll
khfefed.dll
khffcdd.dll
ljjhhig.dll
ljjjhge.dll
ljjkigd.dll
mljgedd.dll
mljghfe.dll
mljkiji.dll
nnnklml.dll
nnnllji.dll
nnnmjig.dll
nnnonnk.dll
opnklif.dll
opnomll.dll
pmnkhgf.dll
pmnljgg.dll
qomkjkj.dll
qomlkjj.dll
qomlljh.dll
rqrolkk.dll
ssqnnmn.dll
ssqomkj.dll
ssqpppm.dll
ssqqrop.dll
ssqrpno.dll
ssqrrqr.dll
ssqrs.dll
tuvsspp.dll
tuvssss.dll
tuvtsqq.dll
tuvttsq.dll
urqnklj.dll
urqnoml.dll
urqopqn.dll
urqpoom.dll
urqqpom.dll
vtuutrq.dll
wvurrro.dll
wvusqqn.dll
wvusqqq.dll
wvusqrr.dll
wvuvvut.dll
xleshega.dll
xxyawvw.dll
xxyaywu.dll
xxyywxw.dll
yayvtsp.dll
yayxwxx.dll
yayyyxw.dll
cbXqpoMF.dll
egesewvs.dll
jkkIyYSi.dll
ljJYRJDw.dll
ssqnmNhI.dll
dsnrhz.dll
sywagp.dll
geBtUoLd.dll
awtussPi.dll
ljJARjii.dll
mlJYOeby.dll
hgGaATJa.dll
cqaihphf.dll
wvUlkHaX.dll
rqRiGyvw.dll
iifecbYo.dll
jkkIBTNE.dll
mqmnhhrd.dll
qvmzxdoc.dll
qoMfEusT.dll
tuVPgdDW.dll
iifgfCsP.dll
khfghhIA.dll
geBuUMef.dll
opnKecCv.dll
efcCspPg.dll
khfFyVPj.dll
rlawcyxm.dll
uvwvjvgk.dll
xxyvuuro.dll
tuvSihIy.dll
hgGYoPGx.dll
yjrhhukn.dll
mws29854.dll
efcDVmLb.dll
cbXRHbab.dll
qqkdgkie.dll
wvUoppPh.dll
Vundo processes to kill:

agtcesdo.exe
1696513598.exe
scan[1].exe
file[2].exe
file[1].exe
update.1.014[1].exe
xh-codec.v.1.189[1].exe
10002.exe
Remove Vundo registry entries:

HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows NT CurrentVersionWinlogonNotify[filename]
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWinlogonNotify[filename]
44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {869B20A6-AADA-477D-BE23-68A966B1183D}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32A75D52-5C2C-4D52-8107-1239F8F791E0}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5F015D8-AC73-4AB8-A99F-503479159097}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD91194F-AB20-432C-9508-E8BA30DB5427}
{32A75D52-5C2C-4D52-8107-1239F8F791E0}
{AD91194F-AB20-432C-9508-E8BA30DB5427}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYRJDw
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYRJDwObjects\{32A75D52-5C2C-4D52-8107-1239F8F791E0}
S
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E068E05-74AE-42D5-AA9D-694A709750AB}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76CFB752-E1B5-45E5-871F-E696B997FFB1}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B5FEF9D-92A7-42DF-A6A1-3BC7EF9904A5}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvSihIy
{A14FB995-D8AC-494B-A6D3-ADC04028F281}
{40B725ED-5416-45C8-93CF-3139FF5B7BCE}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A14FB995-D8AC-494B-A6D3-ADC04028F281}
Microsoft\Windows\CurrentVersion\Run\BM9376ab5b
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91B0A470-7C46-3176-933C-A2CBDE1AA86A}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9B5B133-7A48-4E14-A432-0E725005E6D3}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A14FB995-D8AC-494B-A6D3-ADC04028F281}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40B725ED-5416-45C8-93CF-3139FF5B7BCE}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBuUMef
{A177C1C1-EF04-4FCC-8A4B-FE956DC0A099}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A177C1C1-EF04-4FCC-8A4B-FE956DC0A099}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09390640-45B8-4A78-A294-8887AA1BFB79}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A177C1C1-EF04-4FCC-8A4B-FE956DC0A099}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F2F91F2-6B8F-42F0-8A0C-11F19978EF52}
{9BEA3041-ED41-47D9-80C1-6656905B956C}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifgfCsP
{48F2A76C-BCC4-4D15-97AC-2C78BC84CB45}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{48F2A76C-BCC4-4D15-97AC-2C78BC84CB45}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17D81C1E-8AB5-488D-8076-F1B68A4F46BF}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48F2A76C-BCC4-4D15-97AC-2C78BC84CB45}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BEA3041-ED41-47D9-80C1-6656905B956C}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B566B65-9908-455A-BD18-E0A95232C1D3}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C5B241-BFBE-4CFC-99A4-76823ADF23F6}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76427AE7-326F-46D9-BFEF-82A7B4EA0F04}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{F1C5B241-BFBE-4CFC-99A4-76823ADF23F6}
{6B566B65-9908-455A-BD18-E0A95232C1D3}
{F1C5B241-BFBE-4CFC-99A4-76823ADF23F6}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtussPi
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CF662BF-4AFD-4778-8306-1F0EB8284EBB}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F90619-EDBB-4C1A-A7D6-924D3C1BFD19}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1AD2294-FA98-4F5D-BB37-3D6358E3654E}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1CF662BF-4AFD-4778-8306-1F0EB8284EBB}
{1CF662BF-4AFD-4778-8306-1F0EB8284EBB}
{68F90619-EDBB-4C1A-A7D6-924D3C1BFD19}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJYOeby
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9DBBE9E-E937-4A1D-94CC-20C8CE0135D5}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9188A6B-81ED-4BD8-8A80-1C798B1ED7D0}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F293D4EB-7EF6-4991-BFA1-C7E3CE125D8E}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A9DBBE9E-E937-4A1D-94CC-20C8CE0135D5}
{A9DBBE9E-E937-4A1D-94CC-20C8CE0135D5}
{C9188A6B-81ED-4BD8-8A80-1C798B1ED7D0}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ifadlz
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifecbYo


If you have backups of important file or can get them off your laptop, the BEST solution is a clean reinstall. This virus is very hard to completely eliminate.
 

My Computer

System One

  • Manufacturer/Model
    Scratch Built
    CPU
    Intel Quad Core 6600
    Motherboard
    Asus P5B
    Memory
    4096 MB Xtreme-Dark 800mhz
    Graphics Card(s)
    Zotac Amp Edition 8800GT - 512MB DDR3, O/C 700mhz
    Monitor(s) Displays
    Samsung 206BW
    Screen Resolution
    1680 X 1024
    Hard Drives
    4 X Samsung 500GB 7200rpm Serial ATA-II HDD w. 16MB Cache .
    PSU
    550 w
    Case
    Thermaltake
    Cooling
    3 x octua NF-S12-1200 - 120mm 1200RPM Sound Optimised Fans
    Keyboard
    Microsoft
    Mouse
    Targus
    Internet Speed
    1500kbs
    Other Info
    Self built.
thanks, that all seems a lot of work and i'm worried i may remove the wrong thing!!!! and bugger up my laptopn for good. I think my laptop came with vista on the system all ready i didn't have a disk??

When you say system reinstall how do i do this?

Thanks :-)
 

My Computer

Your Laptop should have a Locked Partition on it. This is your recovery "disk". On most laptops when you start there is an F11 option to recover your system to factory specs. You can also do it through the control panel, although I can't give you the directions on how to get to it.
 

My Computer

System One

  • Manufacturer/Model
    Scratch Built
    CPU
    Intel Quad Core 6600
    Motherboard
    Asus P5B
    Memory
    4096 MB Xtreme-Dark 800mhz
    Graphics Card(s)
    Zotac Amp Edition 8800GT - 512MB DDR3, O/C 700mhz
    Monitor(s) Displays
    Samsung 206BW
    Screen Resolution
    1680 X 1024
    Hard Drives
    4 X Samsung 500GB 7200rpm Serial ATA-II HDD w. 16MB Cache .
    PSU
    550 w
    Case
    Thermaltake
    Cooling
    3 x octua NF-S12-1200 - 120mm 1200RPM Sound Optimised Fans
    Keyboard
    Microsoft
    Mouse
    Targus
    Internet Speed
    1500kbs
    Other Info
    Self built.
AVG is a master in generating false positives (stating malware where there is none). This doesn't necessarily mean that you're not infected, but it could be something to consider.

Vundo generates a huge lot of popup windows with ads... If you don't get them, you're likely not infected...
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Home made
    CPU
    AMD Athlon X2 6000+
    Motherboard
    ASRock ALiveXfire-eSATA2
    Memory
    2x2GiB DDR2 PC2-6400
    Graphics Card(s)
    GeCube ATI Radeon HD3870 512MiB GDDR4
    Sound Card
    Built in HD Audio, digital output
    Monitor(s) Displays
    Samsung SyncMaster 206BW, SyncMaster 940B
    Screen Resolution
    1680x1050 + 1280x1024
    Hard Drives
    WDC 250GB SATA + lots of externals. :)
    PSU
    Antec Earthwatts 500W
    Case
    Antec Sonata III
    Cooling
    Air
    Keyboard
    Logitech G15 (1st edition w blue lightning)
    Mouse
    Logitech G9
    Internet Speed
    DL/UL: 50/10Mbit

My Computers

System One System Two

  • Operating System
    Vista
    CPU
    Intel E8400
    Motherboard
    ASRock1333-GLAN R2.0
    Memory
    4gb DDR2 800
    Graphics Card(s)
    nvidia 9500GT 1gb
  • Operating System
    win7/vista
    CPU
    intel i5-8400
    Motherboard
    gigabyte b365m ds3h
    Memory
    ballistix 2x8gb 3200
ok i have now done factory reset! and nothing coming up on scans! I was hoping this would rectify my facebook issue, but no.... the page still does not load properly! I am at a complete loss as to why this is happening.

Any ideas anyone?????
 

My Computer

Hi geministar2008

from your earlier post it seemed you were right about Vundo,

A variant of the Vundo trojan is known to cause Firefox (and Explorer) to have problems loading certain web sites. Symptoms of this infection include:

  • Problems loading certain high-traffic sites, including Google, Yahoo, MySpace, Facebook, and more.
  • The affected pages never load - the Firefox activity indicator may spin for several minutes, or the status bar may show "Done" on a blank page.
"If you're having a problem loading sites other than the one described above, see the Error loading web sites article to see if it addresses your problem. You can also check your Internet security software - resetting permissions for Firefox can often fix similar problems.
There can be other causes of the symptoms described above. Before attempting these instructions, try the methods described in the Basic troubleshooting article to see if they will address your problem."
Firefox never finishes loading certain web sites

However, problems loading Facebook seem to be fairly common around the net, with no clear response as to the cause. As a suggestion, you could check your Java is up to date. You could try a different browser, ie Explorer, if you are running Firefox, or vica versa. Does your Antivirus or Firewall allow access to the site? or Will your browser allow Jave to run?

Norm
 

My Computer

System One

  • Manufacturer/Model
    Scratch Built
    CPU
    Intel Quad Core 6600
    Motherboard
    Asus P5B
    Memory
    4096 MB Xtreme-Dark 800mhz
    Graphics Card(s)
    Zotac Amp Edition 8800GT - 512MB DDR3, O/C 700mhz
    Monitor(s) Displays
    Samsung 206BW
    Screen Resolution
    1680 X 1024
    Hard Drives
    4 X Samsung 500GB 7200rpm Serial ATA-II HDD w. 16MB Cache .
    PSU
    550 w
    Case
    Thermaltake
    Cooling
    3 x octua NF-S12-1200 - 120mm 1200RPM Sound Optimised Fans
    Keyboard
    Microsoft
    Mouse
    Targus
    Internet Speed
    1500kbs
    Other Info
    Self built.
hi,

I am currently using internet explorer 7, i tried 8 still no good and have also tried opera, firefox, mozilla etc. I also upgraded google to google chrome and then changed back to the default google.

My java is also uptodate. I think? How would i know this, i run updates regularly.

My windows firewall is switched off, i use Kaspersky version 7 and all seems ok there (again never used to have a problem), i have even turned off secruity to see if that was the issue, but no, still no facebook.

I will have a look at your links and get back to you.

Many thanks :-)
 

My Computer

when facebook home page appears, with logo missing etc, appears just with basic text and the sign in box, the message in the bottom left states done but with errors if i click the error icon a box appears stating object does not support this property or method. Also the error number is 206. Any ideas on this type of error and how to fix?
 

My Computer

also surely if i have now done factory reset, all viruses and errors would have been eliminated? scans are clear

I would think so. As I said, this seems a common problem with no clear answer. If you google your problem, you will see what I mean. Nobody seems to have a clue about something everyone seems to be complaining about.
 

My Computer

System One

  • Manufacturer/Model
    Scratch Built
    CPU
    Intel Quad Core 6600
    Motherboard
    Asus P5B
    Memory
    4096 MB Xtreme-Dark 800mhz
    Graphics Card(s)
    Zotac Amp Edition 8800GT - 512MB DDR3, O/C 700mhz
    Monitor(s) Displays
    Samsung 206BW
    Screen Resolution
    1680 X 1024
    Hard Drives
    4 X Samsung 500GB 7200rpm Serial ATA-II HDD w. 16MB Cache .
    PSU
    550 w
    Case
    Thermaltake
    Cooling
    3 x octua NF-S12-1200 - 120mm 1200RPM Sound Optimised Fans
    Keyboard
    Microsoft
    Mouse
    Targus
    Internet Speed
    1500kbs
    Other Info
    Self built.
Back
Top