locked
a recurring trojan:win32/vundo.gen!A virus

    Pregunta

  • WINDOWS LIVE KEEPS DETECTING a recurring trojan:win32/vundo.gen!A virus. hOW DO I GET RID OF IT? THANKS

    lunes, 24 de diciembre de 2007 3:46

Respuestas

  •  fullerfalcon wrote:

    WINDOWS LIVE KEEPS DETECTING a recurring trojan:win32/vundo.gen!A virus. hOW DO I GET RID OF IT? THANKS

    I suspect that the infection is within your System Restore points as it comes back regularly. You may want to try turning off System Restore and then turning it back on again - this will delete all Restore Points. Note that this also means you will be unable to use System Restore to go back to a time before this reset.

    Before doing this, open OneCare, click on Change Settings, Logging Tab, and create a support log. Scroll down to the Virus and Spyware section to see where OneCare detected this infection.

    You can also contact support for help since OneCare is not completely removing the threat and preventing its return.

    How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    If it fails to validate your subscription, select the option that you are using a trial or beta copy and you can proceed to email support without validation once you've signed in.

     

    -steve

    lunes, 24 de diciembre de 2007 14:32
    Moderador

Todas las respuestas

  •  fullerfalcon wrote:

    WINDOWS LIVE KEEPS DETECTING a recurring trojan:win32/vundo.gen!A virus. hOW DO I GET RID OF IT? THANKS

    I suspect that the infection is within your System Restore points as it comes back regularly. You may want to try turning off System Restore and then turning it back on again - this will delete all Restore Points. Note that this also means you will be unable to use System Restore to go back to a time before this reset.

    Before doing this, open OneCare, click on Change Settings, Logging Tab, and create a support log. Scroll down to the Virus and Spyware section to see where OneCare detected this infection.

    You can also contact support for help since OneCare is not completely removing the threat and preventing its return.

    How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    If it fails to validate your subscription, select the option that you are using a trial or beta copy and you can proceed to email support without validation once you've signed in.

     

    -steve

    lunes, 24 de diciembre de 2007 14:32
    Moderador
  • Hi!

     

    Is there a way to have this problem solved more rapidly? Sorry, but I am going crazy and nothing I have tried works. It's christmas and instead of being in the living room and at my stupid computer trying to fix this. I can't let go! :-)

     

    I have the same exact problem that the original poste has (or had) and I tried the system restore point thing and the trojan is still there. Actually, I'm starting to be more annoyed at Live OneCare virus pup-ups than the actual virus. It clutters the desktop! :-)

     

    Seriously though, is someone at Microsoft working on a solution for OneCare to solve this problem? I suspect that it is doing something to my files as I have several programs now not working. They don't even start as if a file was missing for the program or game to lauch.

     

    This is bad. I have this Virus for 4 days now. I need help getting rid of it and going back to my gaming life!!! :-)

     

    Thanks,

    martes, 25 de diciembre de 2007 16:22
  • The problem with Vundo is that it constantly changes, making removal that much more difficult. All of the antivirus vendors are constantly battling these things to update their signatures and removal routines to deal with each new variation.

    Yes, I am certain that the antimalware team at Microsoft is working to deal with each new variant.

    Vundo doesn't alter programs to the best of my knowledge, but it does use resources, potentially causing problems as it does its job to present you with popups.

    -steve

     

    martes, 25 de diciembre de 2007 21:23
    Moderador
  • ive had the same one which i have no idea how i got it, i ran a windows xp repair and reloaded all the windows updates and even reloaded onecare and now i cant get my anti virus scan to work at all!!>!>!>>! what the F>!>!> its really irritating

    ive tried all the help to get the antivirus scan to work and nothing any help?

     

    miércoles, 26 de diciembre de 2007 10:09
  •  th3pun15h3r wrote:

    ive had the same one which i have no idea how i got it, i ran a windows xp repair and reloaded all the windows updates and even reloaded onecare and now i cant get my anti virus scan to work at all!!>!>!>>! what the F>!>!> its really irritating

    ive tried all the help to get the antivirus scan to work and nothing any help?

     

    If you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

     

    miércoles, 26 de diciembre de 2007 16:11
    Moderador
  • Hello Everyone,

    I am experiencing the same exact conditions with this Virus and the inability of the Microsoft software to either quit trying to fix something it can't handle or adaquately correct the condition.

     

    I should ask for a rebate or reimbursement for over 8 hours of my personal time following the software's instructions to reboot and try other steps.  Does anyone as of today know what can be done to get the product to work correctly, or even what tools will remove this virus?

     

    <<<Mathew>>>

    sábado, 29 de diciembre de 2007 3:17
  • Well that is a bust.  Did fix anything.  Oner care still comes up with scan report:

    software: trojan:win32/vundo.gen!A

    action: Failed to quarintine.  I did what you suggested and still there.  What can I do?
    sábado, 29 de diciembre de 2007 15:16
  • If OneCare is not removing the infection please contact support for help.

    How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    If it fails to validate your subscription, select the option that you are using a trial or beta copy and you can proceed to email support without validation once you've signed in.

     

    -steve

    lunes, 31 de diciembre de 2007 3:53
    Moderador
  •  

    oh my gosh...my daughter and I have been fighting with our computer for days now, removing programs that we thought may have caused this...my one care has only completed a scan one time from the 2nd thru today and that was yesterday (Saturday) It is 7:00 p.m. right now and my virus scan started around 6:05. It will quarantine the trojan but then it is still there the next time we start the scan. I will try the suggestions you all have given and hope it works, this is nuts!!!  Thank you!!
    lunes, 07 de enero de 2008 0:01
  • THANK YOU!!! I did what you said about turning off the system restore.....and it worked!  My scans are going through now and we are virus free. Sure wish I would have checked here first...however, we did get a lot of downloads off our computer due to this thing.  Smile

     

    lunes, 07 de enero de 2008 2:46
  • I'm very happy to read that this helped your issue. :-)

    Take care,

    -steve

     

    martes, 08 de enero de 2008 1:21
    Moderador
  • i also have the same issues and tried to turn off restore points. That was inafective. I am curently running windowscare. Please help me stop these pop up windows.  Yours truley   Infected in Minnesota

    miércoles, 09 de enero de 2008 19:10
  • Please contact OneCare support for help in completely removing the malware - 

     

    How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    If it fails to validate your subscription, select the option that you are using a trial or beta copy and you can proceed to email support without validation once you've signed in.

     

    -steve

    jueves, 10 de enero de 2008 2:22
    Moderador
  • I had the same problem. I ran regedit and found it and deleted it from there touch wood it hasnt came back

     

    lunes, 04 de febrero de 2008 20:26
  • Stephen- sorry to bother you but you seem to know quite a bit about xp and may know who I can contact.

     

    I logged on today and suddenly am told that I have 25 viruses and need to download and pay $50 for XP Antivirus 2008.  I currently have Windows One Care, ran the virus scan, and it found nothing.  I did a quick search and it appears that this XP Antivirus 2008 is a scam.  I was able to remove part of the file but not all of it, as the bubble still pops up reminding me I have viruses.

     

    Any suggestions?

     

    Thanks

     

    rick

    domingo, 17 de febrero de 2008 3:58
  • No bother, Rick. Vundo is a particularly nasty infection of spyware/malware that is very hard to remove once it gets on the system. There are many variants of this junk. Please contact support for help with removal -

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    If you are in North America, you can also call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve

    domingo, 17 de febrero de 2008 19:03
    Moderador
  •  

    Good Morning Steven,

     

    I've been reading some of the advice you've given out about this virus.  I have just been infected with it two days ago.  I've tried scanning and cleaning it with my McAfee security system (Comcast), and it doesn't work.  I read the advice you gave out about system restore, and restoring points?  How do you click on system restore?  Where is it located?  Please help...school begins in a couple of days (online) and I don't know what else to do. 

     

    Thank you,

    Alena

    jueves, 17 de abril de 2008 14:28
  • See this article for how to access and use System Restore.

    http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

    Turning it off and then on again resets all restore points.

    You may want to contact McAfee (or Comcast, if they provided the software) support since it did not remove the malware.

    -steve

    viernes, 18 de abril de 2008 5:00
    Moderador
  • Yesterday April 20th OneCare detected the recurring trojan:win32/vundo.gen!d on both my computers. (XP & Vista)

    OneCare quarantined the virus but it turns up again at every restart.

    Remove Skype completely from your system and OneCare no longer detect any virus after a restart.

    Reinstall Skype and the virus reappears immediatly.

     

    lunes, 21 de abril de 2008 13:35
  • See this post for how to report both infections and possible false positives to Microsoft - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=662566&SiteID=2

     

    -steve

    lunes, 21 de abril de 2008 16:23
    Moderador
  •  

    The windows maliscious software removal tool can get rid of a vundo virus. I recently had a problem with vundo and vundo fix didnt detect it. i eventualy tried the maliscious software removal tool and it got rid of the virus.
    miércoles, 14 de mayo de 2008 17:55
  • Stephen, I created a support log, as you suggested, and here is where OneCare detected this infection:

     

    Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Trojan:Win32/Vundo.gen!A
    Detection Date and Time: 8/22/2008 11:21 AM
    File Name: C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{DCCDA6EB-10E8-4B0A-8081-9B466A714326}-ssqrp.dll
    Threat Severity: Severe
    Threat Category: Trojan
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS_INFECTED)
    Threat Status: Detected

     

    Doesn't look like it's in my System Restore points. Do you still suggest turning off System Restore and turning back on? Thanks for your help!

    viernes, 22 de agosto de 2008 15:26
  • Hi, Kaern.

    No, don't turn off System Restore. Is this virus coming back after OneCare detects and removes it? If so, please contact support.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    -steve

    viernes, 22 de agosto de 2008 15:33
    Moderador
  • I click Clean All and it just keeps popping back up, so I don't know if OneCare is not removing it, or it's actually coming back. I think I'll contact Support and see what they recommend now. Thanks for your help, Stephen! Smile

     

    viernes, 22 de agosto de 2008 15:36
  • What I didn't say in my last reply is that I don't know why the infected file is located where you show it in the log report. In fact, I don't know what that folder is for, but I think it may be used for cleaning. On my PC that folder is currently empty. It isn't the quarantine folder, though. So, I think that the malware is not coming back, but something is preventing OneCare from cleaning it properly, perhaps.

    -steve

    viernes, 22 de agosto de 2008 16:53
    Moderador
  • This Virus is detected by Microsoft Security Essentials anti malware software on my machine and it successfully removed the executable file before it got infected on my machine.

    Still I searched about this on bing and I got below link for manually removing this virus:

    http://www.ca.com/securityadvisor/virusinfo/virus.aspx?id=42097

    - Rohan

    domingo, 02 de mayo de 2010 21:39