locked
Trojan:win32/vundo.gen!N RRS feed

  • Question

  •  

    I have ran a Windows live scan and found the following Trojan

     

    Trojan:win32/Vundo.gen!N

     

    It can not clean the file and it will not allow me to delete the file,

     

    how can i remove the trojan??

    Saturday, June 28, 2008 10:42 AM

Answers

  • If you have One Care installed please contact support for help with malware removal. How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2 If you used the Windows Live One Care Safety Scanner online please contact the Microsoft Security Hotline for help with removal - 866-727-2338

     

    Saturday, June 28, 2008 4:21 PM
    Moderator
  • Hey Taramono 

     

    Can you do the follwoing to get more information so that I can help you better

     

    1. Open OneCare

    2. Click on Change Settings

    3. It will open a window "Windows LiveOne Care Settings"

    4. Click on the Last tab labelled as "Logging"

    5. Click on "Create support Log" button

    6. It will create the support log file in form of HTML and display it in Web Browser like IE

    7. Click on the "Virus and spyware Protection" link

    7. It wll take you to the "Virus and spyware Protection" section where it will tell you about the viruses and the file locations of these viruses, One Care found.

    8. Can you send me that information through email at montyj@microsoft.com

     

    Also do the follwowing

    CaCan u you send me the following file c:\ProgramData\Microsoft\OneCare Protection\Support\MPLOG*(some file which starts with MPLOG) (This is if you have vista)

     

    Or  Or

     

    2.      c:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLOG*(some file which starts with MPLOG) (This is if you have win xp)

     

    Note : These are hidden so you have to make sure that you enable show hidden files and folders

     

    Please let me know if you face any problem with any of these steps.

     

    thanks

    Monty Jain[MSFT] montyj@microsoft.com

    Monday, June 30, 2008 9:18 PM

All replies

  • If you have One Care installed please contact support for help with malware removal. How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2 If you used the Windows Live One Care Safety Scanner online please contact the Microsoft Security Hotline for help with removal - 866-727-2338

     

    Saturday, June 28, 2008 4:21 PM
    Moderator
  • Hey Taramono 

     

    Can you do the follwoing to get more information so that I can help you better

     

    1. Open OneCare

    2. Click on Change Settings

    3. It will open a window "Windows LiveOne Care Settings"

    4. Click on the Last tab labelled as "Logging"

    5. Click on "Create support Log" button

    6. It will create the support log file in form of HTML and display it in Web Browser like IE

    7. Click on the "Virus and spyware Protection" link

    7. It wll take you to the "Virus and spyware Protection" section where it will tell you about the viruses and the file locations of these viruses, One Care found.

    8. Can you send me that information through email at montyj@microsoft.com

     

    Also do the follwowing

    CaCan u you send me the following file c:\ProgramData\Microsoft\OneCare Protection\Support\MPLOG*(some file which starts with MPLOG) (This is if you have vista)

     

    Or  Or

     

    2.      c:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLOG*(some file which starts with MPLOG) (This is if you have win xp)

     

    Note : These are hidden so you have to make sure that you enable show hidden files and folders

     

    Please let me know if you face any problem with any of these steps.

     

    thanks

    Monty Jain[MSFT] montyj@microsoft.com

    Monday, June 30, 2008 9:18 PM
  • hay i also had this virus in two different forms (two different letters after the !). i d/l a program called XoftSpySE and it removed it. i have uniblue spy eraser and Eset Smart Securiy business edition and neither could detect this letalone remove it. XoftSpySE did the trick.

     

    Wednesday, July 9, 2008 2:24 AM
  • I have the same problem but mine comes up at !R instead of N. Onecare safety scanner detects it but wont remove it, tried some other things but nothing can get it off my computer! Stick out tongue
    Friday, July 11, 2008 4:45 AM
  •  Taramono wrote:

     

    I have ran a Windows live scan and found the following Trojan

     

    Trojan:win32/Vundo.gen!N

     

    It can not clean the file and it will not allow me to delete the file,

     

    how can i remove the trojan??

     

    dude i had Vundo on my pc, this is what i did to get rid of it.

    first of all,copy and save this post, or best of all, print it, i recommend you to reset internet explorer settings and a disk cleanup as well.  

    go to this website

     

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

     

    and download the program "process explorer ", choose save and "CHECK WHERE IT'S GONNA BE STORED"  because you'll have to run it from that location since it doesn't have a shortcut (the file may be compressed and you will have to unzip it).

    you have to use this program, because Vundo installs itself in the files : explorer.exe, winlogon.exe and run32dll.exe,

    and when you power the pc on, this files  run at startup, and thats why the antivirus can't clean them.

    so this program is to stop them.

     

    restart your pc.

    open windows live onecare

            or

    go to this website: (recommended)

    http://onecare.live.com/site/en-us/scanner/safety_scan.htm

     let your pop-up blocker Run the active X controls

     

    please do not start your scan nor minimize the window, now go look for the folder where you saved process explorer and run the file "procexp",

     locate the  three programs mentioned above :winlogon.exe, explorer.exe. and run32dll.exe, and right-click on each one and choose "suspend".

    now go back to the scanner you want to use: if windows live one care, click on "scan for virus and spyware", if you use windows live safety scanner (the one i used) click "next", when the scan is complete, do not restart the three files you halted (because vundo could reconfigure itself again), instead, if your pc have a restart button, restart the pc from there, if not, please unplug the power cord or turn off the power supply button. then restart your pc. at this time your pc should be free of the virus. a second scan is recommended to make sure everything is ok (up to you).

     

     

    quick steps:

     

    -download process explorer

    - restart the pc

    - open the antivirus scanner of your choice (don't start the scan)

    - load Process Explorer

    -right-click and suspend the 3 programs (winlogon.exe, Explorer.exe, Run32dll.exe)

    -start the scan

    - when the scan is finished, force your pc to restart (hit the restart button, unplug it...) restart the pc

    Friday, July 11, 2008 5:00 AM