Vista - Vundo virus on laptop help!

Hi

My computer has been having issues accessing some internet sites: facebook, yahoo, thisiscornwall and so on.

I have Kaspersky internet security and thought everything was ok. Until i decided to download AVG. Whilst running this scan AVG discovered i have a Vundo. 0 trojan. AVG stated the trojan had been deleted. However i decided to manually remove the program the trojan was found in (a zip file for registry mechanic sent from a friend). I also uninstalled the program.

However the problem is still there and i cannot access certian sites.

Does anyone know what i can do to get rid of this problem? I have tried a vundo removal program and also vundobegone (in which you start the program in safe mode) these both returned a nothing found result.

Any advice would be great i have vista ultimate 32 bit service pack 1. My laptop is an advent and is only a year old.

Thanks

You've got to remove all these.

Files associated with Vundo infection:

vtsqo.dll
agtcesdo.exe
aocreofm.dll
awtstqn.dll
awttrpo.dll
awturop.dll
bqtsmphi.dll
byxvvsp.dll
byxxwtq.dll
cbxvsrp.dll
cbxvvww.dll
ddcyvvw.dll
efcayvs.dll
efcbcyy.dll
efccbxv.dll
efcyvss.dll
fccaxyy.dll
gebbbby.dll
gebxxxx.dll
hggdbyw.dll
hggebxw.dll
hggeeff.dll
hggggfc.dll
hgghfda.dll
iifccbc.dll
iifddaw.dll
iifddec.dll
jkkhheb.dll
jkkkigf.dll
jkklmli.dll
khfdaab.dll
khfefed.dll
khffcdd.dll
ljjhhig.dll
ljjjhge.dll
ljjkigd.dll
mljgedd.dll
mljghfe.dll
mljkiji.dll
nnnklml.dll
nnnllji.dll
nnnmjig.dll
nnnonnk.dll
opnklif.dll
opnomll.dll
pmnkhgf.dll
pmnljgg.dll
qomkjkj.dll
qomlkjj.dll
qomlljh.dll
rqrolkk.dll
ssqnnmn.dll
ssqomkj.dll
ssqpppm.dll
ssqqrop.dll
ssqrpno.dll
ssqrrqr.dll
ssqrs.dll
tuvsspp.dll
tuvssss.dll
tuvtsqq.dll
tuvttsq.dll
urqnklj.dll
urqnoml.dll
urqopqn.dll
urqpoom.dll
urqqpom.dll
vtuutrq.dll
wvurrro.dll
wvusqqn.dll
wvusqqq.dll
wvusqrr.dll
wvuvvut.dll
xleshega.dll
xxyawvw.dll
xxyaywu.dll
xxyywxw.dll
yayvtsp.dll
yayxwxx.dll
yayyyxw.dll
srqss.bak1
srqss.bak2
srqss.ini
srqss.ini2
cbXqpoMF.dll
egesewvs.dll
jkkIyYSi.dll
ljJYRJDw.dll
ssqnmNhI.dll
1696513598.exe
scan[1].exe
iifgfCsP.dll
tuVPgdDW.dll
qoMfEusT.dll
dsnrhz.dll
sywagp.dll
geBtUoLd.dll
awtussPi.dll
ljJARjii.dll
file[1].exe
update.1.014[1].exe
mlJYOeby.dll
hgGaATJa.dll
cqaihphf.dll
wvUlkHaX.dll
rqRiGyvw.dll
iifecbYo.dll
jkkIBTNE.dll
xh-codec.v.1.189[1].exe
mqmnhhrd.dll
10002.exe
qvmzxdoc.dll
khfghhIA.dll
geBuUMef.dll
opnKecCv.dll
file[2].exe
efcCspPg.dll
khfFyVPj.dll
rlawcyxm.dll
uvwvjvgk.dll
xxyvuuro.dll
tuvSihIy.dll
hgGYoPGx.dll
yjrhhukn.dll
mws29854.dll
efcDVmLb.dll
cbXRHbab.dll
qqkdgkie.dll
wvUoppPh.dll
Vundo DLL's to remove:

vtsqo.dll
aocreofm.dll
awtstqn.dll
awttrpo.dll
awturop.dll
bqtsmphi.dll
byxvvsp.dll
byxxwtq.dll
cbxvsrp.dll
cbxvvww.dll
ddcyvvw.dll
efcayvs.dll
efcbcyy.dll
efccbxv.dll
efcyvss.dll
fccaxyy.dll
gebbbby.dll
gebxxxx.dll
hggdbyw.dll
hggebxw.dll
hggeeff.dll
hggggfc.dll
hgghfda.dll
iifccbc.dll
iifddaw.dll
iifddec.dll
jkkhheb.dll
jkkkigf.dll
jkklmli.dll
khfdaab.dll
khfefed.dll
khffcdd.dll
ljjhhig.dll
ljjjhge.dll
ljjkigd.dll
mljgedd.dll
mljghfe.dll
mljkiji.dll
nnnklml.dll
nnnllji.dll
nnnmjig.dll
nnnonnk.dll
opnklif.dll
opnomll.dll
pmnkhgf.dll
pmnljgg.dll
qomkjkj.dll
qomlkjj.dll
qomlljh.dll
rqrolkk.dll
ssqnnmn.dll
ssqomkj.dll
ssqpppm.dll
ssqqrop.dll
ssqrpno.dll
ssqrrqr.dll
ssqrs.dll
tuvsspp.dll
tuvssss.dll
tuvtsqq.dll
tuvttsq.dll
urqnklj.dll
urqnoml.dll
urqopqn.dll
urqpoom.dll
urqqpom.dll
vtuutrq.dll
wvurrro.dll
wvusqqn.dll
wvusqqq.dll
wvusqrr.dll
wvuvvut.dll
xleshega.dll
xxyawvw.dll
xxyaywu.dll
xxyywxw.dll
yayvtsp.dll
yayxwxx.dll
yayyyxw.dll
cbXqpoMF.dll
egesewvs.dll
jkkIyYSi.dll
ljJYRJDw.dll
ssqnmNhI.dll
dsnrhz.dll
sywagp.dll
geBtUoLd.dll
awtussPi.dll
ljJARjii.dll
mlJYOeby.dll
hgGaATJa.dll
cqaihphf.dll
wvUlkHaX.dll
rqRiGyvw.dll
iifecbYo.dll
jkkIBTNE.dll
mqmnhhrd.dll
qvmzxdoc.dll
qoMfEusT.dll
tuVPgdDW.dll
iifgfCsP.dll
khfghhIA.dll
geBuUMef.dll
opnKecCv.dll
efcCspPg.dll
khfFyVPj.dll
rlawcyxm.dll
uvwvjvgk.dll
xxyvuuro.dll
tuvSihIy.dll
hgGYoPGx.dll
yjrhhukn.dll
mws29854.dll
efcDVmLb.dll
cbXRHbab.dll
qqkdgkie.dll
wvUoppPh.dll
Vundo processes to kill:

agtcesdo.exe
1696513598.exe
scan[1].exe
file[2].exe
file[1].exe
update.1.014[1].exe
xh-codec.v.1.189[1].exe
10002.exe
Remove Vundo registry entries:

HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows NT CurrentVersionWinlogonNotify[filename]
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWinlogonNotify[filename]
44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {869B20A6-AADA-477D-BE23-68A966B1183D}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32A75D52-5C2C-4D52-8107-1239F8F791E0}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5F015D8-AC73-4AB8-A99F-503479159097}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD91194F-AB20-432C-9508-E8BA30DB5427}
{32A75D52-5C2C-4D52-8107-1239F8F791E0}
{AD91194F-AB20-432C-9508-E8BA30DB5427}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYRJDw
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYRJDwObjects\{32A75D52-5C2C-4D52-8107-1239F8F791E0}
S
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E068E05-74AE-42D5-AA9D-694A709750AB}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76CFB752-E1B5-45E5-871F-E696B997FFB1}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B5FEF9D-92A7-42DF-A6A1-3BC7EF9904A5}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvSihIy
{A14FB995-D8AC-494B-A6D3-ADC04028F281}
{40B725ED-5416-45C8-93CF-3139FF5B7BCE}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A14FB995-D8AC-494B-A6D3-ADC04028F281}
Microsoft\Windows\CurrentVersion\Run\BM9376ab5b
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91B0A470-7C46-3176-933C-A2CBDE1AA86A}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9B5B133-7A48-4E14-A432-0E725005E6D3}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A14FB995-D8AC-494B-A6D3-ADC04028F281}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40B725ED-5416-45C8-93CF-3139FF5B7BCE}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBuUMef
{A177C1C1-EF04-4FCC-8A4B-FE956DC0A099}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A177C1C1-EF04-4FCC-8A4B-FE956DC0A099}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09390640-45B8-4A78-A294-8887AA1BFB79}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A177C1C1-EF04-4FCC-8A4B-FE956DC0A099}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F2F91F2-6B8F-42F0-8A0C-11F19978EF52}
{9BEA3041-ED41-47D9-80C1-6656905B956C}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifgfCsP
{48F2A76C-BCC4-4D15-97AC-2C78BC84CB45}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{48F2A76C-BCC4-4D15-97AC-2C78BC84CB45}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17D81C1E-8AB5-488D-8076-F1B68A4F46BF}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48F2A76C-BCC4-4D15-97AC-2C78BC84CB45}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BEA3041-ED41-47D9-80C1-6656905B956C}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B566B65-9908-455A-BD18-E0A95232C1D3}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C5B241-BFBE-4CFC-99A4-76823ADF23F6}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76427AE7-326F-46D9-BFEF-82A7B4EA0F04}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{F1C5B241-BFBE-4CFC-99A4-76823ADF23F6}
{6B566B65-9908-455A-BD18-E0A95232C1D3}
{F1C5B241-BFBE-4CFC-99A4-76823ADF23F6}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtussPi
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CF662BF-4AFD-4778-8306-1F0EB8284EBB}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F90619-EDBB-4C1A-A7D6-924D3C1BFD19}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1AD2294-FA98-4F5D-BB37-3D6358E3654E}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1CF662BF-4AFD-4778-8306-1F0EB8284EBB}
{1CF662BF-4AFD-4778-8306-1F0EB8284EBB}
{68F90619-EDBB-4C1A-A7D6-924D3C1BFD19}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJYOeby
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9DBBE9E-E937-4A1D-94CC-20C8CE0135D5}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9188A6B-81ED-4BD8-8A80-1C798B1ED7D0}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F293D4EB-7EF6-4991-BFA1-C7E3CE125D8E}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A9DBBE9E-E937-4A1D-94CC-20C8CE0135D5}
{A9DBBE9E-E937-4A1D-94CC-20C8CE0135D5}
{C9188A6B-81ED-4BD8-8A80-1C798B1ED7D0}
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ifadlz
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifecbYo


If you have backups of important file or can get them off your laptop, the BEST solution is a clean reinstall. This virus is very hard to completely eliminate.

thanks, that all seems a lot of work and i'm worried i may remove the wrong thing!!!! and bugger up my laptopn for good. I think my laptop came with vista on the system all ready i didn't have a disk??

When you say system reinstall how do i do this?

Thanks :-)

Your Laptop should have a Locked Partition on it. This is your recovery "disk". On most laptops when you start there is an F11 option to recover your system to factory specs. You can also do it through the control panel, although I can't give you the directions on how to get to it.

AVG is a master in generating false positives (stating malware where there is none). This doesn't necessarily mean that you're not infected, but it could be something to consider.

Vundo generates a huge lot of popup windows with ads... If you don't get them, you're likely not infected...

Hi,

You might try scanning with a couple of very good free tools and see if they can sort it out

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a-squared Anti-Malware (a2) Download - Free Downloads of the Trial- and Freeware-Versions

Otherwise a reinstall is likely the best way to go, as Norm says.

Hope it helps

SIW2

ok i have now done factory reset! and nothing coming up on scans! I was hoping this would rectify my facebook issue, but no.... the page still does not load properly! I am at a complete loss as to why this is happening.

Any ideas anyone?????

Hi geministar2008

from your earlier post it seemed you were right about Vundo,

A variant of the Vundo trojan is known to cause Firefox (and Explorer) to have problems loading certain web sites. Symptoms of this infection include:

• Problems loading certain high-traffic sites, including Google, Yahoo, MySpace, Facebook, and more.
• The affected pages never load - the Firefox activity indicator may spin for several minutes, or the status bar may show "Done" on a blank page.

"If you're having a problem loading sites other than the one described above, see the Error loading web sites article to see if it addresses your problem. You can also check your Internet security software - resetting permissions for Firefox can often fix similar problems.
There can be other causes of the symptoms described above. Before attempting these instructions, try the methods described in the Basic troubleshooting article to see if they will address your problem."
Firefox never finishes loading certain web sites

However, problems loading Facebook seem to be fairly common around the net, with no clear response as to the cause. As a suggestion, you could check your Java is up to date. You could try a different browser, ie Explorer, if you are running Firefox, or vica versa. Does your Antivirus or Firewall allow access to the site? or Will your browser allow Jave to run?

Norm

hi,

I am currently using internet explorer 7, i tried 8 still no good and have also tried opera, firefox, mozilla etc. I also upgraded google to google chrome and then changed back to the default google.

My java is also uptodate. I think? How would i know this, i run updates regularly.

My windows firewall is switched off, i use Kaspersky version 7 and all seems ok there (again never used to have a problem), i have even turned off secruity to see if that was the issue, but no, still no facebook.

I will have a look at your links and get back to you.

Many thanks :-)

also surely if i have now done factory reset, all viruses and errors would have been eliminated? scans are clear